package systems.dmx.ldap.repository;

import java.io.IOException;
import java.util.Collections;
import java.util.Hashtable;
import java.util.List;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.crypto.password.LdapShaPasswordEncoder;
import systems.dmx.ldap.Configuration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:systems/dmx/ldap/repository/JndiDatasource.class */
public class JndiDatasource {
    private static final Logger logger = Logger.getLogger(JndiDatasource.class.getName());
    public static final String LDAP_SEARCH_TEMPLATE = "%s=%s,%s";
    private final Configuration.ProtocolType protocolType;
    private final String connectionUrl;
    private final String userFilter;
    private final String userAttribute;
    private final String userBase;
    private final String userMemberGroup;
    private final String groupBase;
    private final String adminUserName;
    private final String adminDn;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JndiDatasource(Configuration configuration, String str, String str2) {
        this.protocolType = configuration.protocolType;
        this.connectionUrl = configuration.connectionUrl;
        this.userFilter = configuration.userFilter;
        this.userAttribute = configuration.userAttribute;
        this.userBase = configuration.userBase;
        this.userMemberGroup = configuration.userMemberGroup;
        this.groupBase = configuration.groupBase;
        this.adminUserName = str;
        this.adminDn = str2;
    }

    private String encodePassword(String str) {
        return new LdapShaPasswordEncoder().encode(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createUser(LdapContext ldapContext, String str, String str2) throws NamingException {
        String format = String.format(LDAP_SEARCH_TEMPLATE, this.userAttribute, str, this.userBase);
        ldapContext.createSubcontext(format, createUserNameEntry(str, encodePassword(str2)));
        if (StringUtils.isNotEmpty(this.userMemberGroup)) {
            try {
                ldapContext.modifyAttributes(this.userMemberGroup, new ModificationItem[]{new ModificationItem(1, new BasicAttribute("member", format))});
            } catch (NamingException e) {
                ldapContext.destroySubcontext(format);
                throw e;
            }
        }
    }

    private BasicAttributes createUserNameEntry(String str, String str2) {
        BasicAttribute basicAttribute = new BasicAttribute("cn", str);
        BasicAttribute basicAttribute2 = new BasicAttribute("sn", "deepamehta-ldap");
        BasicAttribute basicAttribute3 = new BasicAttribute("userPassword", str2);
        BasicAttribute basicAttribute4 = new BasicAttribute("objectClass");
        basicAttribute4.add("top");
        basicAttribute4.add("person");
        basicAttribute4.add("organizationalPerson");
        basicAttribute4.add("inetOrgPerson");
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put(basicAttribute4);
        basicAttributes.put(basicAttribute);
        basicAttributes.put(basicAttribute2);
        basicAttributes.put(basicAttribute3);
        return basicAttributes;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkCredentialsWithLookup(LdapContext ldapContext, String str, String str2) throws NamingException {
        logger.log(Level.INFO, "Checking credentials for user %s", str);
        try {
            try {
                String lookupUserCn = lookupUserCn(ldapContext, str);
                if (lookupUserCn == null) {
                    logger.warning(() -> {
                        return String.format("User %s not found in LDAP", str);
                    });
                    throw new NamingException();
                }
                closeQuietly(connect(lookupUserCn, str2));
            } catch (NamingException e) {
                logger.warning(() -> {
                    return String.format("Provided credentials for user %s were wrong", str);
                });
                throw e;
            }
        } catch (Throwable th) {
            closeQuietly(null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkCredentials(String str, String str2) throws NamingException {
        logger.info(() -> {
            return String.format("Checking credentials for user %s", str);
        });
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = connect(userNameToEntryDn(str), str2);
                closeQuietly(ldapContext);
            } catch (NamingException e) {
                logger.warning(() -> {
                    return String.format("Provided credentials for user %s were wrong", str);
                });
                throw e;
            }
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    private String lookupUserCn(LdapContext ldapContext, String str) throws NamingException {
        String format = StringUtils.isEmpty(this.userFilter) ? String.format("(%s=%s)", this.userAttribute, str) : String.format("(&(%s)(%s=%s))", this.userFilter, this.userAttribute, str);
        logger.info(() -> {
            return String.format("Complete filter expression for user lookup: %s", format);
        });
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = ldapContext.search(this.userBase, format, searchControls);
        logger.info(() -> {
            return String.format("Search base is: %s", this.userBase);
        });
        if (!search.hasMoreElements()) {
            logger.warning("Lookup using search filter was empty.");
            return null;
        }
        logger.info("Lookup using search filter returned non-empty result");
        SearchResult searchResult = (SearchResult) search.nextElement();
        if (search.hasMoreElements()) {
            throw new RuntimeException("Ambiguity in LDAP CN query: Matched multiple users for the accountName");
        }
        return searchResult.getNameInNamespace();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void changePassword(LdapContext ldapContext, String str, String str2) throws NamingException {
        logger.info(() -> {
            return String.format("Changing password for user %s", str);
        });
        changePasswordImpl(ldapContext, str, encodePassword(str2));
    }

    private void changePasswordImpl(LdapContext ldapContext, String str, String str2) throws NamingException {
        try {
            ldapContext.modifyAttributes(userNameToEntryDn(str), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("userPassword", str2))});
        } catch (NamingException e) {
            logger.log(Level.WARNING, "Attempt to modify userPassword attribute lead to exception", e);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteUser(LdapContext ldapContext, String str) throws NamingException {
        try {
            try {
                ldapContext.destroySubcontext(userNameToEntryDn(str));
                closeQuietly(ldapContext);
            } catch (NamingException e) {
                logger.log(Level.SEVERE, String.format("Unable to delete user from LDAP %s", str), e);
                throw e;
            }
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    private String userNameToEntryDn(String str) {
        return String.format(LDAP_SEARCH_TEMPLATE, this.userAttribute, str, this.userBase);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapContext connect(String str, String str2) throws NamingException {
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(createEnvironment(str, str2), (Control[]) null);
            if (this.protocolType == Configuration.ProtocolType.STARTTLS) {
                logger.info("Attempting TLS negotiation (StartTLS protocol)");
                initialLdapContext.extendedOperation(new StartTlsRequest()).negotiate();
                logger.info("TLS negotiated successfully.");
            }
            logger.info(() -> {
                return String.format("Context for user %s usable", str);
            });
            return initialLdapContext;
        } catch (IOException e) {
            throw new RuntimeException("Could not establish TLS connection. Connecting failed.", e);
        }
    }

    private Hashtable<String, Object> createEnvironment(String str, String str2) {
        Hashtable<String, Object> hashtable = new Hashtable<>();
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.provider.url", this.connectionUrl);
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.ldap.attributes.binary", "objectSID");
        return hashtable;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void closeQuietly(LdapContext ldapContext) {
        if (ldapContext != null) {
            try {
                ldapContext.close();
            } catch (NamingException e) {
                logger.log(Level.WARNING, "Exception while closing connection", e);
            }
        }
    }

    private String groupDn(String str) {
        return String.format("cn=%s,%s", str, this.groupBase);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createGroup(LdapContext ldapContext, String str, String str2, List<String> list) throws NamingException {
        try {
            createGroupImpl(ldapContext, groupDn(str), resolveUserDn(ldapContext, str2), (List) list.stream().map(str3 -> {
                return resolveUserDn(ldapContext, str3);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList()));
            closeQuietly(ldapContext);
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    private void createGroupImpl(LdapContext ldapContext, String str, String str2, List<String> list) throws NamingException {
        logger.info(() -> {
            return String.format("Creating group %s with first member %s and %s other members", str, str2, Integer.valueOf(list.size()));
        });
        BasicAttribute basicAttribute = new BasicAttribute("member", str2);
        Objects.requireNonNull(basicAttribute);
        list.forEach((v1) -> {
            r1.add(v1);
        });
        BasicAttribute basicAttribute2 = new BasicAttribute("objectClass");
        basicAttribute2.add("top");
        basicAttribute2.add("groupOfNames");
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put(basicAttribute2);
        basicAttributes.put(basicAttribute);
        try {
            ldapContext.createSubcontext(str, basicAttributes);
        } catch (NamingException e) {
            logger.log(Level.SEVERE, "Unable to create group subcontext", e);
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addMember(LdapContext ldapContext, String str, String str2) throws NamingException {
        String resolveUserDn = resolveUserDn(ldapContext, str2);
        if (resolveUserDn == null) {
            throw new IllegalStateException("User not found");
        }
        try {
            ldapContext.lookup(str);
        } catch (NamingException e) {
            logger.info(() -> {
                return String.format("Group %s does not exist. Attempting to create it.", str);
            });
            createGroupImpl(ldapContext, str, resolveUserDn, Collections.emptyList());
        }
        try {
            ldapContext.modifyAttributes(str, new ModificationItem[]{new ModificationItem(1, new BasicAttribute("member", resolveUserDn))});
        } catch (NamingException e2) {
            logger.log(Level.WARNING, "Attempt to modify member attribute lead to exception", e2);
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteGroup(LdapContext ldapContext, String str) throws NamingException {
        String groupDn = groupDn(str);
        try {
            try {
                logger.info(() -> {
                    return String.format("Trying to delete group %s", groupDn);
                });
                ldapContext.destroySubcontext(groupDn);
                closeQuietly(ldapContext);
            } catch (NamingException e) {
                logger.log(Level.WARNING, "Attempt to delete group lead to exception", e);
                throw e;
            }
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeMember(LdapContext ldapContext, String str, String str2) throws NamingException {
        String groupDn = groupDn(str);
        logger.info(() -> {
            return String.format("Removing user %s from group %s", str2, groupDn);
        });
        try {
            String resolveUserDn = resolveUserDn(ldapContext, str2);
            if (resolveUserDn == null) {
                throw new IllegalStateException("User not found");
            }
            removeMemberImpl(ldapContext, groupDn, resolveUserDn);
            closeQuietly(ldapContext);
        } catch (Throwable th) {
            closeQuietly(ldapContext);
            throw th;
        }
    }

    void maybeDeleteGroup(LdapContext ldapContext, DirContext dirContext, String str, String str2) throws NamingException {
        try {
            Attribute attribute = dirContext.getAttributes("").get("member");
            if (attribute.size() == 1 && str2.equals(attribute.get(0))) {
                logger.info(() -> {
                    return String.format("Group %s is now empty. Attempting to delete.", str);
                });
                ldapContext.destroySubcontext(str);
            }
        } catch (NamingException e) {
            logger.warning(() -> {
                return String.format("Unable to check membership or delete the group %s", str);
            });
            throw e;
        }
    }

    private String resolveUserDn(LdapContext ldapContext, String str) {
        String userNameToEntryDn = userNameToEntryDn(str);
        try {
            ldapContext.lookup(userNameToEntryDn);
            return userNameToEntryDn;
        } catch (NamingException e) {
            if (str.equals(this.adminUserName)) {
                return this.adminDn;
            }
            logger.warning(() -> {
                return String.format("Unable to find regular user %s in LDAP. Ignoring", str);
            });
            return null;
        }
    }

    private void removeMemberImpl(LdapContext ldapContext, String str, String str2) throws NamingException {
        try {
            maybeDeleteGroup(ldapContext, (DirContext) ldapContext.lookup(str), str, str2);
            try {
                ldapContext.modifyAttributes(str, new ModificationItem[]{new ModificationItem(3, new BasicAttribute("member", str2))});
            } catch (NamingException e) {
                logger.log(Level.WARNING, "Attempt to modify member attribute lead to exception", e);
                throw e;
            }
        } catch (NamingException e2) {
            logger.log(Level.WARNING, "Unable to look up group lead to exception", e2);
            throw e2;
        }
    }
}
