package org.apache.archiva.redback.common.ldap.role;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Named;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Rdn;
import org.apache.archiva.redback.common.ldap.MappingException;
import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory;
import org.apache.archiva.redback.common.ldap.connection.LdapException;
import org.apache.archiva.redback.common.ldap.user.LdapUser;
import org.apache.archiva.redback.configuration.UserConfiguration;
import org.apache.archiva.redback.configuration.UserConfigurationKeys;
import org.apache.archiva.redback.users.User;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("ldapRoleMapper#default")
/* loaded from: input_file:WEB-INF/lib/redback-common-ldap-2.6.jar:org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.class */
public class DefaultLdapRoleMapper implements LdapRoleMapper {

    @Inject
    @Named("ldapConnectionFactory#configurable")
    private LdapConnectionFactory ldapConnectionFactory;

    @Inject
    @Named("userConfiguration#default")
    private UserConfiguration userConf;

    @Inject
    @Named("ldapRoleMapperConfiguration#default")
    private LdapRoleMapperConfiguration ldapRoleMapperConfiguration;

    @Inject
    @Named("userManager#default")
    private UserManager userManager;
    private String groupsDn;
    private String groupFilter;
    private String baseDn;
    private Logger log = LoggerFactory.getLogger(getClass());
    private String ldapGroupClass = "groupOfUniqueNames";
    private String ldapGroupMember = "uniqueMember";
    private boolean useDefaultRoleName = false;
    private String dnAttr = "dn";
    private String userIdAttribute = "uid";

    @PostConstruct
    public void initialize() {
        this.ldapGroupClass = this.userConf.getString(UserConfigurationKeys.LDAP_GROUPS_CLASS, this.ldapGroupClass);
        this.baseDn = this.userConf.getConcatenatedList(UserConfigurationKeys.LDAP_BASEDN, this.baseDn);
        this.groupsDn = this.userConf.getConcatenatedList(UserConfigurationKeys.LDAP_GROUPS_BASEDN, this.groupsDn);
        if (StringUtils.isEmpty(this.groupsDn)) {
            this.groupsDn = this.baseDn;
        }
        this.groupFilter = this.userConf.getString(UserConfigurationKeys.LDAP_GROUPS_FILTER, this.groupFilter);
        this.useDefaultRoleName = this.userConf.getBoolean(UserConfigurationKeys.LDAP_GROUPS_USE_ROLENAME, this.useDefaultRoleName);
        this.userIdAttribute = this.userConf.getString(UserConfigurationKeys.LDAP_USER_ID_ATTRIBUTE, this.userIdAttribute);
        this.ldapGroupMember = this.userConf.getString(UserConfigurationKeys.LDAP_GROUPS_MEMBER, this.ldapGroupMember);
        this.dnAttr = this.userConf.getString(UserConfigurationKeys.LDAP_DN_ATTRIBUTE, this.dnAttr);
    }

    /* JADX WARN: Type inference failed for: r8v1, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public List<String> getAllGroups(DirContext dirContext) throws MappingException {
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setDerefLinkFlag(true);
                searchControls.setSearchScope(2);
                String str = "objectClass=" + getLdapGroupClass();
                if (!StringUtils.isEmpty(this.groupFilter)) {
                    str = "(&(" + str + ")(" + this.groupFilter + "))";
                }
                namingEnumeration = dirContext.search(getGroupsDn(), str, searchControls);
                ArrayList arrayList = new ArrayList();
                while (namingEnumeration.hasMore()) {
                    String substringAfter = StringUtils.substringAfter(((SearchResult) namingEnumeration.next()).getName(), "=");
                    this.log.debug("found groupName: '{}", substringAfter);
                    arrayList.add(substringAfter);
                }
                close(namingEnumeration);
                return arrayList;
            } catch (LdapException e) {
                throw new MappingException(e.getMessage(), e);
            } catch (NamingException e2) {
                throw new MappingException(e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            close(namingEnumeration);
            throw th;
        }
    }

    protected void closeNamingEnumeration(NamingEnumeration namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
                this.log.warn("failed to close NamingEnumeration", e);
            }
        }
    }

    /* JADX WARN: Type inference failed for: r10v2, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public boolean hasRole(DirContext dirContext, String str) throws MappingException {
        String findGroupName = findGroupName(str);
        if (findGroupName == null) {
            if (!this.useDefaultRoleName) {
                this.log.warn("skip group creation as no mapping for roleName:'{}'", str);
                return false;
            }
            findGroupName = str;
        }
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setDerefLinkFlag(true);
                searchControls.setSearchScope(2);
                namingEnumeration = dirContext.search("cn=" + findGroupName + "," + getGroupsDn(), "objectClass=" + getLdapGroupClass(), searchControls);
                boolean hasMore = namingEnumeration.hasMore();
                close(namingEnumeration);
                return hasMore;
            } catch (LdapException e) {
                throw new MappingException(e.getMessage(), e);
            } catch (NamingException e2) {
                throw new MappingException(e2.getMessage(), e2);
            } catch (NameNotFoundException e3) {
                this.log.debug("group {} for role {} not found", findGroupName, str);
                close(namingEnumeration);
                return false;
            }
        } catch (Throwable th) {
            close(namingEnumeration);
            throw th;
        }
    }

    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public List<String> getAllRoles(DirContext dirContext) throws MappingException {
        List<String> allGroups = getAllGroups(dirContext);
        if (allGroups.isEmpty()) {
            return Collections.emptyList();
        }
        HashSet hashSet = new HashSet(allGroups.size());
        Map<String, Collection<String>> ldapGroupMappings = this.ldapRoleMapperConfiguration.getLdapGroupMappings();
        Iterator<String> it = allGroups.iterator();
        while (it.hasNext()) {
            Collection<String> collection = ldapGroupMappings.get(it.next());
            if (collection != null) {
                Iterator<String> it2 = collection.iterator();
                while (it2.hasNext()) {
                    hashSet.add(it2.next());
                }
            }
        }
        return new ArrayList(hashSet);
    }

    /* JADX WARN: Type inference failed for: r9v1, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public List<String> getGroupsMember(String str, DirContext dirContext) throws MappingException {
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setDerefLinkFlag(true);
                searchControls.setSearchScope(2);
                namingEnumeration = dirContext.search("cn=" + str + "," + getGroupsDn(), "objectClass=" + getLdapGroupClass(), searchControls);
                ArrayList arrayList = new ArrayList();
                while (namingEnumeration.hasMore()) {
                    Attribute attribute = ((SearchResult) namingEnumeration.next()).getAttributes().get(getLdapGroupMember());
                    if (attribute != null) {
                        NamingEnumeration all = attribute.getAll();
                        while (all.hasMore()) {
                            String substringBefore = StringUtils.substringBefore(StringUtils.substringAfter((String) all.next(), "="), ",");
                            this.log.debug("found userName for group {}: '{}", str, substringBefore);
                            arrayList.add(substringBefore);
                        }
                        close(all);
                    }
                }
                close(namingEnumeration);
                return arrayList;
            } catch (LdapException e) {
                throw new MappingException(e.getMessage(), e);
            } catch (NamingException e2) {
                throw new MappingException(e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            close(namingEnumeration);
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r10v1, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public List<String> getGroups(String str, DirContext dirContext) throws MappingException {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setDerefLinkFlag(true);
                searchControls.setSearchScope(2);
                String str2 = null;
                try {
                    User findUser = this.userManager.findUser(str);
                    if ((findUser instanceof LdapUser) && (attribute = ((LdapUser) LdapUser.class.cast(findUser)).getOriginalAttributes().get(getLdapDnAttribute())) != null) {
                        str2 = (String) String.class.cast(attribute.get());
                    }
                } catch (UserNotFoundException e) {
                    this.log.warn("Failed to look up user {}. Computing distinguished name manually", str, e);
                } catch (UserManagerException e2) {
                    this.log.warn("Failed to look up user {}. Computing distinguished name manually", str, e2);
                }
                if (str2 == null) {
                    StringBuilder sb = new StringBuilder();
                    if ("posixGroup".equals(getLdapGroupClass())) {
                        sb.append(str);
                    } else {
                        sb.append(this.userIdAttribute).append("=").append(str).append(",").append(getBaseDn());
                    }
                    str2 = sb.toString();
                }
                String str3 = "(&" + ("(objectClass=" + getLdapGroupClass() + ")") + "(" + getLdapGroupMember() + "=" + Rdn.escapeValue(str2) + "))";
                this.log.debug("filter: {}", str3);
                namingEnumeration = dirContext.search(getGroupsDn(), str3, searchControls);
                while (namingEnumeration.hasMore()) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    ArrayList arrayList2 = new ArrayList();
                    Attribute attribute2 = searchResult.getAttributes().get(getLdapGroupMember());
                    if (attribute2 != null) {
                        NamingEnumeration all = attribute2.getAll();
                        while (all.hasMore()) {
                            String str4 = (String) all.next();
                            arrayList2.add(str4);
                            arrayList2.add(StringUtils.substringBefore(StringUtils.substringAfter(str4, "="), ","));
                        }
                        close(all);
                    }
                    if (arrayList2.contains(str)) {
                        arrayList.add(StringUtils.substringAfter(searchResult.getName(), "="));
                    } else if (arrayList2.contains(str2)) {
                        arrayList.add(StringUtils.substringAfter(searchResult.getName(), "="));
                    }
                }
                close(namingEnumeration);
                return arrayList;
            } catch (Throwable th) {
                close(namingEnumeration);
                throw th;
            }
        } catch (LdapException e3) {
            throw new MappingException(e3.getMessage(), e3);
        } catch (NamingException e4) {
            throw new MappingException(e4.getMessage(), e4);
        }
    }

    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public List<String> getRoles(String str, DirContext dirContext, Collection<String> collection) throws MappingException {
        List<String> groups = getGroups(str, dirContext);
        Map<String, Collection<String>> ldapGroupMappings = this.ldapRoleMapperConfiguration.getLdapGroupMappings();
        HashSet hashSet = new HashSet(groups.size());
        for (String str2 : groups) {
            Collection<String> collection2 = ldapGroupMappings.get(str2);
            if (collection2 != null) {
                hashSet.addAll(collection2);
            } else if (this.useDefaultRoleName && collection != null && collection.contains(str2)) {
                hashSet.add(str2);
            }
        }
        return new ArrayList(hashSet);
    }

    private void close(NamingEnumeration namingEnumeration) {
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e) {
                this.log.warn("fail to close namingEnumeration: {}", e.getMessage());
            }
        }
    }

    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public String getGroupsDn() {
        return this.groupsDn;
    }

    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public String getLdapGroupClass() {
        return this.ldapGroupClass;
    }

    public String getLdapDnAttribute() {
        return this.dnAttr;
    }

    /* JADX WARN: Type inference failed for: r13v1, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public boolean saveRole(String str, DirContext dirContext) throws MappingException {
        if (hasRole(dirContext, str)) {
            return true;
        }
        String findGroupName = findGroupName(str);
        if (findGroupName == null) {
            if (!this.useDefaultRoleName) {
                this.log.warn("skip group creation as no mapping for roleName:'{}'", str);
                return false;
            }
            findGroupName = str;
        }
        if (getAllGroups(dirContext).contains(findGroupName)) {
            this.log.info("group {} already exists for role.", findGroupName, str);
            return false;
        }
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add("top");
        basicAttribute.add("groupOfUniqueNames");
        basicAttributes.put(basicAttribute);
        basicAttributes.put("cn", findGroupName);
        BasicAttribute basicAttribute2 = new BasicAttribute(getLdapGroupMember());
        basicAttribute2.add(this.userIdAttribute + "=admin," + getBaseDn());
        basicAttributes.put(basicAttribute2);
        try {
            String str2 = "cn=" + findGroupName + "," + this.groupsDn;
            dirContext.createSubcontext(str2, basicAttributes);
            this.log.info("created group with dn:'{}", str2);
            return true;
        } catch (NameAlreadyBoundException e) {
            this.log.info("skip group '{}' creation as already exists", findGroupName);
            return true;
        } catch (LdapException e2) {
            throw new MappingException(e2.getMessage(), e2);
        } catch (NamingException e3) {
            throw new MappingException(e3.getMessage(), e3);
        }
    }

    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public boolean saveUserRole(String str, String str2, DirContext dirContext) throws MappingException {
        String findGroupName = findGroupName(str);
        if (findGroupName == null) {
            this.log.warn("no group found for role '{}", str);
            findGroupName = str;
        }
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                try {
                    SearchControls searchControls = new SearchControls();
                    searchControls.setDerefLinkFlag(true);
                    searchControls.setSearchScope(2);
                    NamingEnumeration search = dirContext.search("cn=" + findGroupName + "," + getGroupsDn(), "objectClass=" + getLdapGroupClass(), searchControls);
                    if (!search.hasMore()) {
                        if (search != null) {
                            try {
                                search.close();
                            } catch (NamingException e) {
                                this.log.warn("failed to close search results", e);
                            }
                        }
                        return false;
                    }
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(getLdapGroupMember());
                    if (attribute == null) {
                        BasicAttribute basicAttribute = new BasicAttribute(getLdapGroupMember());
                        basicAttribute.add(this.userIdAttribute + "=" + str2 + "," + getBaseDn());
                        dirContext.modifyAttributes("cn=" + findGroupName + "," + getGroupsDn(), new ModificationItem[]{new ModificationItem(1, basicAttribute)});
                    } else {
                        attribute.add(this.userIdAttribute + "=" + str2 + "," + getBaseDn());
                        dirContext.modifyAttributes("cn=" + findGroupName + "," + getGroupsDn(), new ModificationItem[]{new ModificationItem(2, attribute)});
                    }
                    if (search != null) {
                        try {
                            search.close();
                        } catch (NamingException e2) {
                            this.log.warn("failed to close search results", e2);
                        }
                    }
                    return true;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e3) {
                            this.log.warn("failed to close search results", e3);
                        }
                    }
                    throw th;
                }
            } catch (NamingException e4) {
                throw new MappingException(e4.getMessage(), e4);
            }
        } catch (LdapException e5) {
            throw new MappingException(e5.getMessage(), e5);
        }
    }

    /* JADX WARN: Type inference failed for: r16v1, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public boolean removeUserRole(String str, String str2, DirContext dirContext) throws MappingException {
        String findGroupName = findGroupName(str);
        if (findGroupName == null) {
            this.log.warn("no group found for role '{}", str);
            return false;
        }
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setDerefLinkFlag(true);
                searchControls.setSearchScope(2);
                namingEnumeration = dirContext.search("cn=" + findGroupName + "," + getGroupsDn(), "objectClass=" + getLdapGroupClass(), searchControls);
                if (!namingEnumeration.hasMore()) {
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e) {
                            this.log.warn("failed to close search results", e);
                        }
                    }
                    return false;
                }
                if (((SearchResult) namingEnumeration.next()).getAttributes().get(getLdapGroupMember()) != null) {
                    BasicAttribute basicAttribute = new BasicAttribute(getLdapGroupMember());
                    basicAttribute.add(this.userIdAttribute + "=" + str2 + "," + getGroupsDn());
                    dirContext.modifyAttributes("cn=" + findGroupName + "," + getGroupsDn(), new ModificationItem[]{new ModificationItem(3, basicAttribute)});
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e2) {
                        this.log.warn("failed to close search results", e2);
                    }
                }
                return true;
            } catch (Throwable th) {
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e3) {
                        this.log.warn("failed to close search results", e3);
                    }
                }
                throw th;
            }
        } catch (LdapException e4) {
            throw new MappingException(e4.getMessage(), e4);
        } catch (NamingException e5) {
            throw new MappingException(e5.getMessage(), e5);
        }
    }

    /* JADX WARN: Type inference failed for: r8v1, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public void removeAllRoles(DirContext dirContext) throws MappingException {
        try {
            Iterator<String> it = this.ldapRoleMapperConfiguration.getLdapGroupMappings().keySet().iterator();
            while (it.hasNext()) {
                String str = "cn=" + it.next() + "," + this.groupsDn;
                dirContext.unbind(str);
                this.log.debug("deleted group with dn:'{}", str);
            }
        } catch (LdapException e) {
            throw new MappingException(e.getMessage(), e);
        } catch (NamingException e2) {
            throw new MappingException(e2.getMessage(), e2);
        }
    }

    /* JADX WARN: Type inference failed for: r9v1, types: [java.lang.Throwable, org.apache.archiva.redback.common.ldap.connection.LdapException] */
    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public void removeRole(String str, DirContext dirContext) throws MappingException {
        try {
            String str2 = "cn=" + findGroupName(str) + "," + this.groupsDn;
            dirContext.unbind(str2);
            this.log.info("deleted group with dn:'{}", str2);
        } catch (LdapException e) {
            throw new MappingException(e.getMessage(), e);
        } catch (NamingException e2) {
            throw new MappingException(e2.getMessage(), e2);
        }
    }

    public void setGroupsDn(String str) {
        this.groupsDn = str;
    }

    public void setLdapGroupClass(String str) {
        this.ldapGroupClass = str;
    }

    public void setUserConf(UserConfiguration userConfiguration) {
        this.userConf = userConfiguration;
    }

    public void setLdapConnectionFactory(LdapConnectionFactory ldapConnectionFactory) {
        this.ldapConnectionFactory = ldapConnectionFactory;
    }

    public String getBaseDn() {
        return this.baseDn;
    }

    public void setBaseDn(String str) {
        this.baseDn = str;
    }

    public String getLdapGroupMember() {
        return this.ldapGroupMember;
    }

    public void setLdapGroupMember(String str) {
        this.ldapGroupMember = str;
    }

    protected String findGroupName(String str) throws MappingException {
        for (Map.Entry<String, Collection<String>> entry : this.ldapRoleMapperConfiguration.getLdapGroupMappings().entrySet()) {
            if (entry.getValue().contains(str)) {
                return entry.getKey();
            }
        }
        return null;
    }

    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public String getUserIdAttribute() {
        return this.userIdAttribute;
    }

    public void setUserIdAttribute(String str) {
        this.userIdAttribute = str;
    }

    @Override // org.apache.archiva.redback.common.ldap.role.LdapRoleMapper
    public boolean isUseDefaultRoleName() {
        return this.useDefaultRoleName;
    }

    public void setUseDefaultRoleName(boolean z) {
        this.useDefaultRoleName = z;
    }
}
