package systems.dmx.ldap;

import java.io.IOException;
import java.util.Collections;
import java.util.Hashtable;
import java.util.List;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import systems.dmx.ldap.Configuration;
import systems.dmx.ldap.LDAP;

/* loaded from: input_file:systems/dmx/ldap/JndiLDAP.class */
public class JndiLDAP implements LDAP {
    private final Configuration configuration;
    private final PluginLog pluginLog;
    private static final String ADMIN_USER = "admin";

    public JndiLDAP(Configuration configuration, PluginLog pluginLog) {
        this.configuration = configuration;
        this.pluginLog = pluginLog;
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean createUser(String str, String str2, LDAP.CompletableAction completableAction) {
        boolean z;
        LdapContext ldapContext = null;
        try {
            ldapContext = connect();
            if (createUserImpl(ldapContext, str, new LdapShaPasswordEncoder().encode(str2))) {
                if (completableAction.run(str)) {
                    z = true;
                    boolean z2 = z;
                    closeQuietly(ldapContext);
                    return z2;
                }
            }
            z = false;
            boolean z22 = z;
            closeQuietly(ldapContext);
            return z22;
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    private boolean createUserImpl(LdapContext ldapContext, String str, String str2) {
        String format = String.format("%s=%s,%s", this.configuration.userAttribute, str, this.configuration.userBase);
        BasicAttribute basicAttribute = new BasicAttribute("cn", str);
        BasicAttribute basicAttribute2 = new BasicAttribute("sn", "deepamehta-ldap");
        BasicAttribute basicAttribute3 = new BasicAttribute("userPassword", str2);
        BasicAttribute basicAttribute4 = new BasicAttribute("objectClass");
        basicAttribute4.add("top");
        basicAttribute4.add("person");
        basicAttribute4.add("organizationalPerson");
        basicAttribute4.add("inetOrgPerson");
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put(basicAttribute4);
        basicAttributes.put(basicAttribute);
        basicAttributes.put(basicAttribute2);
        basicAttributes.put(basicAttribute3);
        try {
            ldapContext.createSubcontext(format, basicAttributes);
            if (!StringUtils.isNotEmpty(this.configuration.userMemberGroup)) {
                return true;
            }
            try {
                ldapContext.modifyAttributes(this.configuration.userMemberGroup, new ModificationItem[]{new ModificationItem(1, new BasicAttribute("member", format))});
                return true;
            } catch (NamingException e) {
                this.pluginLog.actionError("Membership attribute addition failed - rollback!", e);
                try {
                    ldapContext.destroySubcontext(format);
                    return false;
                } catch (NamingException e2) {
                    this.pluginLog.actionError("Unable to rollback context creation!", e2);
                    return false;
                }
            }
        } catch (NamingException e3) {
            this.pluginLog.actionError("Unable to create user subcontext", e3);
            return false;
        }
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean checkCredentials(String str, String str2) {
        this.pluginLog.actionHint("Checking credentials for user %s", str);
        try {
            try {
                String connectionUrl = this.configuration.getConnectionUrl();
                LdapContext connect = connect(connectionUrl, this.configuration.manager, this.configuration.password, false);
                String lookupUserCn = lookupUserCn(connect, str);
                if (lookupUserCn == null) {
                    this.pluginLog.actionHint("User %s not found in LDAP", str);
                    closeQuietly(connect);
                    closeQuietly(null);
                    return false;
                }
                LdapContext connect2 = connect(connectionUrl, lookupUserCn, str2, true);
                if (connect == null) {
                    this.pluginLog.actionHint("Provided credentials for user %s were wrong", str);
                }
                boolean z = connect2 != null;
                closeQuietly(connect);
                closeQuietly(connect2);
                return z;
            } catch (NamingException e) {
                throw new RuntimeException("Checking LDAP credentials lead to exception", e);
            }
        } catch (Throwable th) {
            closeQuietly(null);
            closeQuietly(null);
            throw th;
        }
    }

    private String lookupUserCn(LdapContext ldapContext, String str) throws NamingException {
        String format = StringUtils.isEmpty(this.configuration.userFilter) ? String.format("(%s=%s)", this.configuration.userAttribute, str) : String.format("(&(%s)(%s=%s))", this.configuration.userFilter, this.configuration.userAttribute, str);
        this.pluginLog.actionHint("Complete filter expression for user lookup: %s", format);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(this.configuration.userBase, format, searchControls);
        this.pluginLog.actionHint("Search base is: %s", this.configuration.userBase);
        if (!search.hasMoreElements()) {
            this.pluginLog.actionWarning("Lookup using search filter was empty.", new Object[0]);
            return null;
        }
        this.pluginLog.actionHint("Lookup using search filter returned non-empty result", new Object[0]);
        SearchResult searchResult = (SearchResult) search.nextElement();
        if (search.hasMoreElements()) {
            throw new RuntimeException("Ambiguity in LDAP CN query: Matched multiple users for the accountName");
        }
        return searchResult.getNameInNamespace();
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean changePassword(String str, String str2) {
        this.pluginLog.actionHint("Changing password for user %s", str);
        LdapContext ldapContext = null;
        try {
            ldapContext = connect();
            boolean changePasswordImpl = changePasswordImpl(ldapContext, str, new LdapShaPasswordEncoder().encode(str2));
            closeQuietly(ldapContext);
            return changePasswordImpl;
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    boolean changePasswordImpl(LdapContext ldapContext, String str, String str2) {
        try {
            ldapContext.modifyAttributes(userNameToEntryDn(str), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("userPassword", str2))});
            return true;
        } catch (NamingException e) {
            this.pluginLog.actionWarning("Attempt to modify userPassword attribute lead to exception", e);
            return false;
        }
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean deleteUser(String str) {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = connect();
                ldapContext.destroySubcontext(userNameToEntryDn(str));
                closeQuietly(ldapContext);
                return true;
            } catch (NamingException e) {
                this.pluginLog.actionError(String.format("Unable to delete user from LDAP %s", str), e);
                closeQuietly(ldapContext);
                return false;
            }
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    private String userNameToEntryDn(String str) {
        return String.format("%s=%s,%s", this.configuration.userAttribute, str, this.configuration.userBase);
    }

    private LdapContext connect() {
        return connect(this.configuration.getConnectionUrl(), this.configuration.manager, this.configuration.password, false);
    }

    private LdapContext connect(String str, String str2, String str3, boolean z) {
        this.pluginLog.actionHint("creating LDAP connection using URL %s and username %s", str, str2);
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.provider.url", str);
        hashtable.put("java.naming.security.principal", str2);
        hashtable.put("java.naming.security.credentials", str3);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.ldap.attributes.binary", "objectSID");
        if (this.configuration.loggingMode == Configuration.LoggingMode.DEBUG) {
            this.pluginLog.actionHint("Enabling detailed SSL logging", new Object[0]);
            System.setProperty("javax.net.debug", "all");
        }
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, new Control[0]);
            this.pluginLog.actionHint("Initial context created", new Object[0]);
            if (this.configuration.protocol == Configuration.ProtocolType.STARTTLS) {
                this.pluginLog.actionHint("Attempting TLS negotiation (StartTLS protocol)", new Object[0]);
                initialLdapContext.extendedOperation(new StartTlsRequest()).negotiate();
                this.pluginLog.actionHint("TLS negotiated successfully.", new Object[0]);
            }
            this.pluginLog.actionHint("Initial context usable", new Object[0]);
            return initialLdapContext;
        } catch (NamingException e) {
            if (!z) {
                throw new RuntimeException("Attempting to connect to LDAP server lead to Exception", e);
            }
            this.pluginLog.actionWarning("Attempting to connect to LDAP server lead to Exception", e);
            return null;
        } catch (IOException e2) {
            throw new RuntimeException("Could not establish TLS connection. Connecting failed.", e2);
        }
    }

    private void closeQuietly(LdapContext ldapContext) {
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e) {
                this.pluginLog.actionWarning("Exception while closing connection", e);
            }
        }
    }

    private String groupDn(String str) {
        return String.format("cn=%s,%s", str, this.configuration.groupBase);
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean addMember(String str, String str2) {
        String groupDn = groupDn(str);
        this.pluginLog.actionHint("Adding user %s to group %s", str2, groupDn);
        LdapContext ldapContext = null;
        try {
            ldapContext = connect();
            boolean addMemberImpl = addMemberImpl(ldapContext, groupDn, str2);
            closeQuietly(ldapContext);
            return addMemberImpl;
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean createGroup(String str, String str2, List<String> list) {
        Predicate predicate;
        LdapContext ldapContext = null;
        try {
            ldapContext = connect();
            String groupDn = groupDn(str);
            String resolveUserDn = resolveUserDn(ldapContext, str2);
            Stream<R> map = list.stream().map(JndiLDAP$$Lambda$1.lambdaFactory$(this, ldapContext));
            predicate = JndiLDAP$$Lambda$2.instance;
            boolean createGroupImpl = createGroupImpl(ldapContext, groupDn, resolveUserDn, (List) map.filter(predicate).collect(Collectors.toList()));
            closeQuietly(ldapContext);
            return createGroupImpl;
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    private boolean createGroupImpl(LdapContext ldapContext, String str, String str2, List<String> list) {
        this.pluginLog.actionHint("Creating group %s with first member %s and %s other members", str, str2, Integer.valueOf(list.size()));
        BasicAttribute basicAttribute = new BasicAttribute("member", str2);
        basicAttribute.getClass();
        list.forEach(JndiLDAP$$Lambda$3.lambdaFactory$(basicAttribute));
        BasicAttribute basicAttribute2 = new BasicAttribute("objectClass");
        basicAttribute2.add("top");
        basicAttribute2.add("groupOfNames");
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put(basicAttribute2);
        basicAttributes.put(basicAttribute);
        try {
            ldapContext.createSubcontext(str, basicAttributes);
            return true;
        } catch (NamingException e) {
            this.pluginLog.actionError("Unable to create group subcontext", e);
            return false;
        }
    }

    private boolean addMemberImpl(LdapContext ldapContext, String str, String str2) {
        String resolveUserDn = resolveUserDn(ldapContext, str2);
        if (resolveUserDn == null) {
            return false;
        }
        try {
            ldapContext.lookup(str);
            try {
                ldapContext.modifyAttributes(str, new ModificationItem[]{new ModificationItem(1, new BasicAttribute("member", resolveUserDn))});
                return true;
            } catch (NamingException e) {
                this.pluginLog.actionWarning("Attempt to modify member attribute lead to exception", e);
                return false;
            }
        } catch (NamingException e2) {
            this.pluginLog.actionHint("Group %s does not exist. Attempting to create it.", str);
            return createGroupImpl(ldapContext, str, resolveUserDn, Collections.emptyList());
        }
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean deleteGroup(String str) {
        String groupDn = groupDn(str);
        LdapContext ldapContext = null;
        try {
            try {
                this.pluginLog.actionHint("Trying to delete group %s", groupDn);
                ldapContext = connect();
                ldapContext.destroySubcontext(groupDn);
                closeQuietly(ldapContext);
                return true;
            } catch (NamingException e) {
                this.pluginLog.actionWarning("Attempt to delete group lead to exception", e);
                closeQuietly(ldapContext);
                return false;
            }
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    @Override // systems.dmx.ldap.LDAP
    public boolean removeMember(String str, String str2) {
        String groupDn = groupDn(str);
        this.pluginLog.actionHint("Removing user %s from group %s", str2, groupDn);
        LdapContext ldapContext = null;
        try {
            ldapContext = connect();
            String resolveUserDn = resolveUserDn(ldapContext, str2);
            if (resolveUserDn == null) {
                closeQuietly(ldapContext);
                return false;
            }
            boolean removeMemberImpl = removeMemberImpl(ldapContext, groupDn, resolveUserDn);
            closeQuietly(ldapContext);
            return removeMemberImpl;
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    private boolean maybeDeleteGroup(LdapContext ldapContext, DirContext dirContext, String str, String str2) {
        try {
            Attribute attribute = dirContext.getAttributes(StringUtils.EMPTY).get("member");
            if (attribute.size() != 1 || !str2.equals(attribute.get(0))) {
                return false;
            }
            this.pluginLog.actionHint("Group %s is now empty. Attempting to delete.", str);
            ldapContext.destroySubcontext(str);
            return true;
        } catch (NamingException e) {
            this.pluginLog.actionHint("Unable to check membership or delete the group %s", str);
            return false;
        }
    }

    public String resolveUserDn(LdapContext ldapContext, String str) {
        String userNameToEntryDn = userNameToEntryDn(str);
        try {
            ldapContext.lookup(userNameToEntryDn);
            return userNameToEntryDn;
        } catch (NamingException e) {
            if (str.equals(ADMIN_USER)) {
                return this.configuration.manager;
            }
            this.pluginLog.actionWarning("Unable to find regular user %s in LDAP. Ignoring", str);
            return null;
        }
    }

    private boolean removeMemberImpl(LdapContext ldapContext, String str, String str2) {
        try {
            if (maybeDeleteGroup(ldapContext, (DirContext) ldapContext.lookup(str), str, str2)) {
                return true;
            }
            try {
                ldapContext.modifyAttributes(str, new ModificationItem[]{new ModificationItem(3, new BasicAttribute("member", str2))});
                return true;
            } catch (NamingException e) {
                this.pluginLog.actionWarning("Attempt to modify member attribute lead to exception", e);
                return false;
            }
        } catch (NamingException e2) {
            this.pluginLog.actionWarning("Unable to look up group lead to exception", e2);
            return false;
        }
    }
}
