package systems.dmx.ldap;

import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Logger;
import systems.dmx.accesscontrol.AccessControlService;
import systems.dmx.accesscontrol.AuthorizationMethod;
import systems.dmx.core.Topic;
import systems.dmx.core.osgi.PluginActivator;
import systems.dmx.core.service.Inject;
import systems.dmx.core.service.accesscontrol.Credentials;
import systems.dmx.core.storage.spi.DMXTransaction;
import systems.dmx.ldap.LDAP;
import systems.dmx.ldap.service.LDAPPluginService;

/* loaded from: input_file:systems/dmx/ldap/LDAPPlugin.class */
public class LDAPPlugin extends PluginActivator implements AuthorizationMethod, LDAPPluginService {
    private static Logger logger = Logger.getLogger(LDAPPlugin.class.getName());

    @Inject
    private AccessControlService acs;
    private Configuration configuration;
    private PluginLog pluginLog;
    private LDAP ldap;

    public void serviceArrived(Object obj) {
        ((AccessControlService) obj).registerAuthorizationMethod("LDAP", this);
    }

    public void serviceGone(Object obj) {
        ((AccessControlService) obj).unregisterAuthorizationMethod("LDAP");
    }

    public void init() {
        try {
            this.configuration = Configuration.createFromProperties();
            this.pluginLog = PluginLog$.newInstance(this.configuration.loggingMode);
        } catch (Exception e) {
            this.configuration = Configuration.createFallback();
            this.pluginLog = PluginLog$.newInstance(this.configuration.loggingMode);
            this.pluginLog.configurationError("Error parsing configuration", e);
            this.pluginLog.configurationHint("Configuration could not be parsed. Providing an emergency fallback configuration. LDAP logins will not work!", new Object[0]);
        }
        this.pluginLog.configurationHint("Plugin configuration:\n%s", this.configuration.summary());
        if (this.configuration.check(this.pluginLog)) {
            this.configuration.compile();
            this.ldap = LDAP$.newInstance(this.configuration, this.pluginLog);
        } else {
            this.pluginLog.configurationError("LDAP Plugin configuration is not correct. Please fix the issues mentioned in the log.", new Object[0]);
            this.ldap = LDAP$.newDummyInstance(this.pluginLog);
        }
    }

    public Topic checkCredentials(Credentials credentials) {
        if (!this.ldap.checkCredentials(credentials.username, credentials.plaintextPassword)) {
            this.pluginLog.actionError(String.format("Credential check for user %s failed.", credentials.username), null);
            return null;
        }
        Topic lookupOrCreateUsernameTopic = lookupOrCreateUsernameTopic(credentials.username);
        if (lookupOrCreateUsernameTopic != null) {
            this.pluginLog.actionHint("LDAP log-in successful for user %s", credentials.username);
            return lookupOrCreateUsernameTopic;
        }
        this.pluginLog.actionError("Credentials in LDAP are OK but unable find or create username topic", null);
        return null;
    }

    @Override // systems.dmx.ldap.service.LDAPPluginService
    public Topic createUser(Credentials credentials) {
        if (!this.configuration.userCreationEnabled) {
            logger.warning("User creation is disabled in plugin configuration!");
            return null;
        }
        final AtomicReference atomicReference = new AtomicReference();
        this.ldap.createUser(credentials.username, credentials.plaintextPassword, new LDAP.CompletableAction() { // from class: systems.dmx.ldap.LDAPPlugin.1
            @Override // systems.dmx.ldap.LDAP.CompletableAction
            public boolean run(String str) {
                Topic topic = null;
                try {
                    try {
                        topic = LDAPPlugin.this.lookupOrCreateUsernameTopic(str);
                        boolean z = topic != null;
                        atomicReference.set(topic);
                        return z;
                    } catch (Exception e) {
                        LDAPPlugin.this.pluginLog.actionError(String.format("Creating username %s failed but LDAP entry was already created. Rolling back.", str), e);
                        throw new RuntimeException("Creating username failed", e);
                    }
                } catch (Throwable th) {
                    atomicReference.set(topic);
                    throw th;
                }
            }
        });
        return (Topic) atomicReference.get();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Topic lookupOrCreateUsernameTopic(String str) {
        Topic usernameTopic = this.acs.getUsernameTopic(str);
        if (usernameTopic != null) {
            return usernameTopic;
        }
        DMXTransaction beginTx = this.dmx.beginTx();
        try {
            Topic createUsername = this.acs.createUsername(str);
            beginTx.success();
            beginTx.finish();
            return createUsername;
        } catch (Throwable th) {
            beginTx.finish();
            throw th;
        }
    }

    @Override // systems.dmx.ldap.service.LDAPPluginService
    public Topic changePassword(Credentials credentials) {
        if (!this.configuration.userCreationEnabled) {
            this.pluginLog.actionWarning("Cannot change password because user creation is disabled in plugin configuration!", null);
            return null;
        }
        Topic usernameTopic = this.acs.getUsernameTopic(credentials.username);
        if (usernameTopic == null || !this.ldap.changePassword(credentials.username, credentials.password)) {
            return null;
        }
        this.pluginLog.actionHint("Succesfully changed password for %s", credentials.username);
        return usernameTopic;
    }
}
