package org.sonatype.security.ldap.dao;

import com.google.common.base.Preconditions;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.codehaus.plexus.util.StringUtils;
import org.sonatype.security.ldap.dao.password.PasswordEncoderManager;
import org.sonatype.sisu.goodies.common.ComponentSupport;

@Singleton
@Named
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.17-01/dependencies/nexus-ldap-common-2.14.17-01.jar:org/sonatype/security/ldap/dao/DefaultLdapUserDAO.class */
public class DefaultLdapUserDAO extends ComponentSupport implements LdapUserDAO {
    private final PasswordEncoderManager passwordEncoderManager;

    @Inject
    public DefaultLdapUserDAO(PasswordEncoderManager passwordEncoderManager) {
        this.passwordEncoderManager = (PasswordEncoderManager) Preconditions.checkNotNull(passwordEncoderManager);
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public PasswordEncoderManager getPasswordEncoderManager() {
        return this.passwordEncoderManager;
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public void removeUser(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws NoSuchLdapUserException, LdapDAOException {
        this.log.info("Remove user: " + str);
        try {
            ((LdapContext) ldapContext.lookup(StringUtils.defaultString(ldapAuthConfiguration.getUserBaseDn(), ""))).destroySubcontext(ldapAuthConfiguration.getUserIdAttribute() + "=" + str);
        } catch (NamingException e) {
            throw new LdapDAOException("Failed to remove user: " + str, e);
        }
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public void updateUser(LdapUser ldapUser, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws NoSuchLdapUserException, LdapDAOException {
        LdapUser user = getUser(ldapUser.getUsername(), ldapContext, ldapAuthConfiguration);
        String userIdAttribute = ldapAuthConfiguration.getUserIdAttribute();
        try {
            LdapContext ldapContext2 = (LdapContext) ldapContext.lookup(StringUtils.defaultString(ldapAuthConfiguration.getUserBaseDn(), ""));
            BasicAttributes basicAttributes = new BasicAttributes();
            BasicAttributes basicAttributes2 = new BasicAttributes();
            if (!StringUtils.isEmpty(ldapUser.getRealName())) {
                if (user.getRealName() == null) {
                    basicAttributes.put(ldapAuthConfiguration.getUserRealNameAttribute(), ldapUser.getRealName());
                } else if (!ldapUser.getRealName().equals(user.getRealName())) {
                    basicAttributes2.put(ldapAuthConfiguration.getUserRealNameAttribute(), ldapUser.getRealName());
                }
            }
            if (!StringUtils.isEmpty(ldapUser.getEmail())) {
                if (user.getEmail() == null) {
                    basicAttributes.put(ldapAuthConfiguration.getEmailAddressAttribute(), ldapUser.getEmail());
                } else if (!ldapUser.getEmail().equals(user.getEmail())) {
                    basicAttributes2.put(ldapAuthConfiguration.getEmailAddressAttribute(), ldapUser.getEmail());
                }
            }
            if (!StringUtils.isEmpty(ldapUser.getWebsite())) {
                if (user.getWebsite() == null) {
                    if (ldapAuthConfiguration.isWebsiteAttributeLabelUri()) {
                        basicAttributes.put(ldapAuthConfiguration.getWebsiteAttribute(), ldapUser.getWebsite() + " " + ldapAuthConfiguration.getWebsiteUriLabel());
                    } else {
                        basicAttributes.put(ldapAuthConfiguration.getWebsiteAttribute(), ldapUser.getWebsite());
                    }
                } else if (!ldapUser.getWebsite().equals(user.getWebsite())) {
                    if (ldapAuthConfiguration.isWebsiteAttributeLabelUri()) {
                        basicAttributes2.put(ldapAuthConfiguration.getWebsiteAttribute(), ldapUser.getWebsite() + " " + ldapAuthConfiguration.getWebsiteUriLabel());
                    } else {
                        basicAttributes2.put(ldapAuthConfiguration.getWebsiteAttribute(), ldapUser.getWebsite());
                    }
                }
            }
            if (basicAttributes.size() > 0) {
                try {
                    ldapContext2.modifyAttributes(userIdAttribute + "=" + ldapUser.getUsername(), 1, basicAttributes);
                } catch (NamingException e) {
                    throw new LdapDAOException("Failed to update user: " + ldapUser.getUsername(), e);
                }
            }
            if (basicAttributes2.size() > 0) {
                try {
                    ldapContext2.modifyAttributes(userIdAttribute + "=" + ldapUser.getUsername(), 2, basicAttributes2);
                } catch (NamingException e2) {
                    throw new LdapDAOException("Failed to update user: " + ldapUser.getUsername(), e2);
                }
            }
        } catch (NamingException e3) {
            throw new LdapDAOException("Failed to create user for: " + ldapUser.getUsername(), e3);
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public void changePassword(String str, String str2, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws NoSuchLdapUserException, LdapDAOException {
        String userIdAttribute = ldapAuthConfiguration.getUserIdAttribute();
        String defaultString = StringUtils.defaultString(ldapAuthConfiguration.getUserBaseDn(), "");
        String passwordAttribute = ldapAuthConfiguration.getPasswordAttribute();
        try {
            NamingEnumeration<SearchResult> searchUsers = searchUsers(str, ldapContext, new String[]{userIdAttribute}, ldapAuthConfiguration, 1L);
            try {
                if (!searchUsers.hasMoreElements()) {
                    throw new NoSuchLdapUserException(str);
                }
                searchUsers.close();
                try {
                    LdapContext ldapContext2 = (LdapContext) ldapContext.lookup(defaultString);
                    BasicAttributes basicAttributes = new BasicAttributes();
                    basicAttributes.put(passwordAttribute, this.passwordEncoderManager.encodePassword(str2, null));
                    try {
                        ldapContext2.modifyAttributes(userIdAttribute + "=" + str, 2, basicAttributes);
                    } catch (NamingException e) {
                        throw new LdapDAOException("Failed to update user for: " + str);
                    }
                } catch (NamingException e2) {
                    throw new LdapDAOException("Failed to change password for: " + str, e2);
                }
            } catch (Throwable th) {
                searchUsers.close();
                throw th;
            }
        } catch (NamingException e3) {
            throw new LdapDAOException("Error while checking for existing user: " + str, e3);
        }
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public NamingEnumeration<SearchResult> searchUsers(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration, long j) throws NamingException {
        return searchUsers(str, ldapContext, null, ldapAuthConfiguration, j);
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public NamingEnumeration<SearchResult> searchUsers(LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration, long j) throws NamingException {
        return searchUsers(null, ldapContext, null, ldapAuthConfiguration, j);
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public NamingEnumeration<SearchResult> searchUsers(LdapContext ldapContext, String[] strArr, LdapAuthConfiguration ldapAuthConfiguration, long j) throws NamingException {
        return searchUsers(null, ldapContext, strArr, ldapAuthConfiguration, j);
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public NamingEnumeration<SearchResult> searchUsers(String str, LdapContext ldapContext, String[] strArr, LdapAuthConfiguration ldapAuthConfiguration, long j) throws NamingException {
        String[] strArr2 = strArr;
        if (strArr2 == null) {
            strArr2 = ldapAuthConfiguration.getUserAttributes();
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setDerefLinkFlag(true);
        searchControls.setSearchScope(ldapAuthConfiguration.isUserSubtree() ? 2 : 1);
        searchControls.setReturningAttributes(strArr2);
        if (j > 0) {
            searchControls.setCountLimit(j);
        }
        String ldapFilter = ldapAuthConfiguration.getLdapFilter();
        this.log.debug("Specific filter rule: \"" + (ldapFilter != null ? ldapFilter : "none") + "\"");
        String str2 = "(&(objectClass=" + ldapAuthConfiguration.getUserObjectClass() + ")(" + ldapAuthConfiguration.getUserIdAttribute() + "=" + (str != null ? str : "*") + ")" + ((ldapFilter == null || ldapFilter.isEmpty()) ? "" : "(" + ldapFilter + ")") + ")";
        this.log.debug("Searching for users with filter: '" + str2 + "'");
        return ldapContext.search(StringUtils.defaultString(ldapAuthConfiguration.getUserBaseDn(), ""), str2, searchControls);
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public SortedSet<LdapUser> getUsers(LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration, long j) throws LdapDAOException {
        return getUsers(null, ldapContext, ldapAuthConfiguration, j);
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public SortedSet<LdapUser> getUsers(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration, long j) throws LdapDAOException {
        try {
            NamingEnumeration<SearchResult> searchUsers = searchUsers(str, ldapContext, ldapAuthConfiguration, j);
            try {
                TreeSet treeSet = new TreeSet();
                while (searchUsers.hasMoreElements()) {
                    treeSet.add(createUser((SearchResult) searchUsers.nextElement(), ldapAuthConfiguration));
                }
                return treeSet;
            } finally {
                searchUsers.close();
            }
        } catch (NamingException e) {
            throw new LdapDAOException("Failed to retrieve ldap information for users.", e);
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public void createUser(LdapUser ldapUser, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException {
        String userIdAttribute = ldapAuthConfiguration.getUserIdAttribute();
        String defaultString = StringUtils.defaultString(ldapAuthConfiguration.getUserBaseDn(), "");
        try {
            NamingEnumeration<SearchResult> searchUsers = searchUsers(ldapUser.getUsername(), ldapContext, new String[]{userIdAttribute}, ldapAuthConfiguration, 1L);
            try {
                if (searchUsers.hasMoreElements()) {
                    throw new LdapDAOException("User: " + ldapUser.getUsername() + " already exists!");
                }
                searchUsers.close();
                try {
                    LdapContext ldapContext2 = (LdapContext) ldapContext.lookup(defaultString);
                    BasicAttributes basicAttributes = new BasicAttributes();
                    if (!StringUtils.isEmpty(ldapUser.getPassword())) {
                        basicAttributes.put(ldapAuthConfiguration.getPasswordAttribute(), this.passwordEncoderManager.encodePassword(ldapUser.getPassword(), null));
                    }
                    if (!StringUtils.isEmpty(ldapUser.getRealName())) {
                        basicAttributes.put(ldapAuthConfiguration.getUserRealNameAttribute(), ldapUser.getRealName());
                    }
                    if (!StringUtils.isEmpty(ldapUser.getEmail())) {
                        basicAttributes.put(ldapAuthConfiguration.getEmailAddressAttribute(), ldapUser.getEmail());
                    }
                    if (!StringUtils.isEmpty(ldapUser.getWebsite())) {
                        if (ldapAuthConfiguration.isWebsiteAttributeLabelUri()) {
                            basicAttributes.put(ldapAuthConfiguration.getWebsiteAttribute(), ldapUser.getWebsite() + " " + ldapAuthConfiguration.getWebsiteUriLabel());
                        } else {
                            basicAttributes.put(ldapAuthConfiguration.getWebsiteAttribute(), ldapUser.getWebsite());
                        }
                    }
                    try {
                        ldapContext2.createSubcontext(userIdAttribute + "=" + ldapUser.getUsername(), basicAttributes);
                    } catch (NamingException e) {
                        throw new LdapDAOException("Failed to create user for: " + ldapUser.getUsername(), e);
                    }
                } catch (NamingException e2) {
                    throw new LdapDAOException("Failed to create user for: " + ldapUser.getUsername(), e2);
                }
            } catch (Throwable th) {
                searchUsers.close();
                throw th;
            }
        } catch (NamingException e3) {
            throw new LdapDAOException("Error while checking for existing user: " + ldapUser.getUsername(), e3);
        }
    }

    @Override // org.sonatype.security.ldap.dao.LdapUserDAO
    public LdapUser getUser(String str, LdapContext ldapContext, LdapAuthConfiguration ldapAuthConfiguration) throws NoSuchLdapUserException, LdapDAOException {
        this.log.debug("Searching for user: " + str);
        try {
            NamingEnumeration<SearchResult> searchUsers = searchUsers(str, ldapContext, null, ldapAuthConfiguration, 1L);
            try {
                if (!searchUsers.hasMoreElements()) {
                    throw new NoSuchLdapUserException("A user with username '" + str + "' does not exist");
                }
                LdapUser createUser = createUser((SearchResult) searchUsers.nextElement(), ldapAuthConfiguration);
                searchUsers.close();
                return createUser;
            } catch (Throwable th) {
                searchUsers.close();
                throw th;
            }
        } catch (NamingException e) {
            throw new LdapDAOException("Failed to retrieve information for user: " + str, e);
        }
    }

    private LdapUser createUser(SearchResult searchResult, LdapAuthConfiguration ldapAuthConfiguration) throws LdapDAOException {
        Attributes attributes = searchResult.getAttributes();
        LdapUser ldapUser = new LdapUser();
        String userIdAttribute = ldapAuthConfiguration.getUserIdAttribute();
        String emailAddressAttribute = ldapAuthConfiguration.getEmailAddressAttribute();
        String userRealNameAttribute = ldapAuthConfiguration.getUserRealNameAttribute();
        String websiteAttribute = ldapAuthConfiguration.getWebsiteAttribute();
        String websiteUriLabel = ldapAuthConfiguration.getWebsiteUriLabel();
        String passwordAttribute = ldapAuthConfiguration.getPasswordAttribute();
        String userMemberOfAttribute = ldapAuthConfiguration.getUserMemberOfAttribute();
        ldapUser.setUsername(LdapUtils.getAttributeValue(attributes, userIdAttribute, "username"));
        ldapUser.setDn(searchResult.getNameInNamespace());
        ldapUser.setEmail(LdapUtils.getAttributeValue(attributes, emailAddressAttribute, "email address"));
        ldapUser.setRealName(LdapUtils.getAttributeValue(attributes, userRealNameAttribute, "name"));
        ldapUser.setPassword(LdapUtils.getAttributeValueFromByteArray(attributes, passwordAttribute, "password"));
        if (ldapAuthConfiguration.isWebsiteAttributeLabelUri()) {
            ldapUser.setWebsite(LdapUtils.getLabeledUriValue(attributes, websiteAttribute, websiteUriLabel, LdapUserDAO.WEBSITE));
        } else {
            ldapUser.setWebsite(LdapUtils.getAttributeValue(attributes, websiteAttribute, LdapUserDAO.WEBSITE));
        }
        if (ldapAuthConfiguration.isLdapGroupsAsRoles() && StringUtils.isNotEmpty(ldapAuthConfiguration.getUserMemberOfAttribute())) {
            Set<String> attributeValues = LdapUtils.getAttributeValues(attributes, userMemberOfAttribute, "Member Of");
            HashSet hashSet = new HashSet();
            Iterator<String> it = attributeValues.iterator();
            while (it.hasNext()) {
                hashSet.add(getGroupFromString(it.next()));
            }
            ldapUser.setMembership(hashSet);
        }
        return ldapUser;
    }

    private String getGroupFromString(String str) {
        String str2 = str;
        try {
            LdapName ldapName = new LdapName(str);
            str2 = String.valueOf(ldapName.getRdn(ldapName.size() - 1).getValue());
        } catch (InvalidNameException e) {
            this.log.debug("Expected a Group DN but found: " + str);
        }
        return str2;
    }
}
