package org.sonatype.security.ldap.realms.persist;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.Writer;
import java.util.concurrent.locks.ReentrantLock;
import org.codehaus.plexus.util.StringUtils;
import org.codehaus.plexus.util.xml.Xpp3Dom;
import org.codehaus.plexus.util.xml.Xpp3DomBuilder;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.sonatype.nexus.configuration.ModelUtils;
import org.sonatype.nexus.configuration.ModelloUtils;
import org.sonatype.nexus.configuration.application.ApplicationConfiguration;
import org.sonatype.security.ldap.dao.LdapAuthConfiguration;
import org.sonatype.security.ldap.realms.persist.model.CConnectionInfo;
import org.sonatype.security.ldap.realms.persist.model.CUserAndGroupAuthConfiguration;
import org.sonatype.security.ldap.realms.persist.model.Configuration;
import org.sonatype.security.ldap.realms.persist.model.io.xpp3.LdapConfigurationXpp3Reader;
import org.sonatype.security.ldap.realms.persist.model.io.xpp3.LdapConfigurationXpp3Writer;
import org.sonatype.security.ldap.upgrade.cipher.PlexusCipherException;
import org.sonatype.sisu.goodies.common.ComponentSupport;

/* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.18-01/dependencies/nexus-ldap-common-2.14.18-01.jar:org/sonatype/security/ldap/realms/persist/AbstractLdapConfiguration.class */
public abstract class AbstractLdapConfiguration extends ComponentSupport implements LdapConfiguration {
    private final ConfigurationValidator validator;
    private final PasswordHelper passwordHelper;
    private final File configurationFile;
    private final LdapModelReader ldapModelReader;
    private final LdapModelWriter ldapModelWriter;
    private final ReentrantLock lock = new ReentrantLock();
    private Configuration configuration;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.18-01/dependencies/nexus-ldap-common-2.14.18-01.jar:org/sonatype/security/ldap/realms/persist/AbstractLdapConfiguration$LdapModelReader.class */
    public static class LdapModelReader extends ModelloUtils.ModelloModelReader<Configuration> implements ModelUtils.Versioned {
        private final LdapConfigurationXpp3Reader modelloReader;

        private LdapModelReader() {
            this.modelloReader = new LdapConfigurationXpp3Reader();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.sonatype.nexus.configuration.ModelloUtils.ModelloModelReader
        public Configuration doRead(Reader reader) throws IOException, XmlPullParserException {
            return this.modelloReader.read(reader);
        }

        @Override // org.sonatype.nexus.configuration.ModelUtils.Versioned
        public String readVersion(InputStream inputStream) throws IOException, ModelUtils.CorruptModelException {
            InputStreamReader inputStreamReader = new InputStreamReader(inputStream, this.charset);
            Throwable th = null;
            try {
                try {
                    try {
                        Xpp3Dom child = Xpp3DomBuilder.build(inputStreamReader).getChild("version");
                        if (child == null) {
                            if (inputStreamReader != null) {
                                if (0 != 0) {
                                    try {
                                        inputStreamReader.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    inputStreamReader.close();
                                }
                            }
                            return org.sonatype.security.ldap.realms.persist.model.v1_0_1.Configuration.MODEL_VERSION;
                        }
                        String value = child.getValue();
                        if (Strings.isNullOrEmpty(value)) {
                            throw new ModelUtils.MissingModelVersionException("Passed in XML model have empty 'version' node");
                        }
                        if (inputStreamReader != null) {
                            if (0 != 0) {
                                try {
                                    inputStreamReader.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                inputStreamReader.close();
                            }
                        }
                        return value;
                    } catch (XmlPullParserException e) {
                        throw new ModelUtils.CorruptModelException("Passed in XML model cannot be parsed", e);
                    }
                } finally {
                }
            } catch (Throwable th4) {
                if (inputStreamReader != null) {
                    if (th != null) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                throw th4;
            }
        }
    }

    /* loaded from: input_file:WEB-INF/plugin-repository/nexus-ldap-realm-plugin-2.14.18-01/dependencies/nexus-ldap-common-2.14.18-01.jar:org/sonatype/security/ldap/realms/persist/AbstractLdapConfiguration$LdapModelWriter.class */
    private static class LdapModelWriter extends ModelloUtils.ModelloModelWriter<Configuration> {
        private final LdapConfigurationXpp3Writer modelloWriter;

        private LdapModelWriter() {
            this.modelloWriter = new LdapConfigurationXpp3Writer();
        }

        @Override // org.sonatype.nexus.configuration.ModelUtils.CharacterModelWriter
        public void write(Writer writer, Configuration configuration) throws IOException {
            configuration.setVersion("2.8.0");
            this.modelloWriter.write(writer, configuration);
        }
    }

    public AbstractLdapConfiguration(ApplicationConfiguration applicationConfiguration, ConfigurationValidator configurationValidator, PasswordHelper passwordHelper) throws IOException {
        Preconditions.checkNotNull(applicationConfiguration);
        this.validator = (ConfigurationValidator) Preconditions.checkNotNull(configurationValidator);
        this.passwordHelper = (PasswordHelper) Preconditions.checkNotNull(passwordHelper);
        this.configurationFile = new File(applicationConfiguration.getConfigurationDirectory(), "ldap.xml");
        this.ldapModelReader = new LdapModelReader();
        this.ldapModelWriter = new LdapModelWriter();
        this.configuration = load();
    }

    @Override // org.sonatype.security.ldap.realms.persist.LdapConfiguration
    public CConnectionInfo readConnectionInfo() {
        return getConfiguration().getConnectionInfo();
    }

    @Override // org.sonatype.security.ldap.realms.persist.LdapConfiguration
    public CUserAndGroupAuthConfiguration readUserAndGroupConfiguration() {
        return getConfiguration().getUserAndGroupConfig();
    }

    @Override // org.sonatype.security.ldap.realms.persist.LdapConfiguration
    public void updateUserAndGroupConfiguration(CUserAndGroupAuthConfiguration cUserAndGroupAuthConfiguration) throws InvalidConfigurationException {
        this.lock.lock();
        try {
            ValidationResponse validateUserAndGroupAuthConfiguration = this.validator.validateUserAndGroupAuthConfiguration(null, cUserAndGroupAuthConfiguration);
            if (validateUserAndGroupAuthConfiguration.getValidationErrors().size() > 0) {
                throw new InvalidConfigurationException(validateUserAndGroupAuthConfiguration);
            }
            getConfiguration().setUserAndGroupConfig(cUserAndGroupAuthConfiguration);
        } finally {
            this.lock.unlock();
        }
    }

    @Override // org.sonatype.security.ldap.realms.persist.LdapConfiguration
    public void updateConnectionInfo(CConnectionInfo cConnectionInfo) throws InvalidConfigurationException {
        this.lock.lock();
        try {
            ValidationResponse validateConnectionInfo = this.validator.validateConnectionInfo(null, cConnectionInfo);
            if (validateConnectionInfo.getValidationErrors().size() > 0) {
                throw new InvalidConfigurationException(validateConnectionInfo);
            }
            getConfiguration().setConnectionInfo(cConnectionInfo);
        } finally {
            this.lock.unlock();
        }
    }

    protected Configuration getConfiguration() {
        return this.configuration;
    }

    protected Configuration load() throws IOException {
        this.lock.lock();
        try {
            try {
                Configuration configuration = (Configuration) ModelloUtils.load("2.8.0", this.configurationFile, this.ldapModelReader, new ModelloUtils.ModelloModelUpgrader(org.sonatype.security.ldap.realms.persist.model.v1_0_1.Configuration.MODEL_VERSION, "2.8.0") { // from class: org.sonatype.security.ldap.realms.persist.AbstractLdapConfiguration.1
                    @Override // org.sonatype.nexus.configuration.ModelloUtils.ModelloModelUpgrader
                    public void doUpgrade(Reader reader, Writer writer) throws IOException, XmlPullParserException {
                        Configuration read = new LdapConfigurationXpp3Reader().read(reader);
                        read.setVersion("2.8.0");
                        new LdapConfigurationXpp3Writer().write(writer, read);
                    }
                });
                ValidationResponse validateModel = this.validator.validateModel(new ValidationRequest(configuration));
                if (validateModel.getValidationErrors().size() > 0) {
                    this.log.warn("Invalid LDAP configuration, defaulting configuration", (Throwable) new InvalidConfigurationException(validateModel));
                    configuration = getDefaultConfiguration();
                }
                if (configuration.getConnectionInfo() != null && StringUtils.isNotEmpty(configuration.getConnectionInfo().getSystemPassword())) {
                    try {
                        configuration.getConnectionInfo().setSystemPassword(this.passwordHelper.decrypt(configuration.getConnectionInfo().getSystemPassword()));
                    } catch (PlexusCipherException e) {
                        this.log.error("Failed to decrypt password, assuming the password in file: '" + this.configurationFile.getAbsolutePath() + "' is clear text.", (Throwable) e);
                    }
                }
                Configuration configuration2 = configuration;
                this.lock.unlock();
                return configuration2;
            } catch (FileNotFoundException e2) {
                Configuration defaultConfiguration = getDefaultConfiguration();
                this.lock.unlock();
                return defaultConfiguration;
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    @Override // org.sonatype.security.ldap.realms.persist.LdapConfiguration
    public void save() throws IOException {
        this.lock.lock();
        try {
            Configuration m4100clone = this.configuration.m4100clone();
            if (m4100clone.getConnectionInfo() != null && StringUtils.isNotEmpty(m4100clone.getConnectionInfo().getSystemPassword())) {
                try {
                    m4100clone.getConnectionInfo().setSystemPassword(this.passwordHelper.encrypt(m4100clone.getConnectionInfo().getSystemPassword()));
                } catch (PlexusCipherException e) {
                    this.log.error("Failed to encrypt password while storing configuration file", (Throwable) e);
                }
            }
            this.log.debug("Saving configuration: {}", this.configurationFile);
            ModelloUtils.save(m4100clone, this.configurationFile, this.ldapModelWriter);
        } finally {
            this.lock.unlock();
        }
    }

    @Override // org.sonatype.security.ldap.realms.persist.LdapConfiguration
    public void clearCache() {
        this.configuration = null;
    }

    private Configuration getDefaultConfiguration() {
        Configuration configuration;
        InputStreamReader inputStreamReader = null;
        InputStream inputStream = null;
        try {
            try {
                inputStream = getClass().getResourceAsStream("/META-INF/realms/ldap.xml");
                LdapConfigurationXpp3Reader ldapConfigurationXpp3Reader = new LdapConfigurationXpp3Reader();
                inputStreamReader = new InputStreamReader(inputStream);
                configuration = ldapConfigurationXpp3Reader.read(inputStreamReader);
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                    } catch (IOException e) {
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                    }
                }
            } catch (Throwable th) {
                if (inputStreamReader != null) {
                    try {
                        inputStreamReader.close();
                    } catch (IOException e3) {
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                    }
                }
                throw th;
            }
        } catch (IOException e5) {
            this.log.error("Failed to read default LDAP Realm configuration.  This may be corrected while the application is running.", (Throwable) e5);
            configuration = new Configuration();
            if (inputStreamReader != null) {
                try {
                    inputStreamReader.close();
                } catch (IOException e6) {
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e7) {
                }
            }
        } catch (XmlPullParserException e8) {
            this.log.error("Failed to read default LDAP Realm configuration.  This may be corrected while the application is running.", (Throwable) e8);
            configuration = new Configuration();
            if (inputStreamReader != null) {
                try {
                    inputStreamReader.close();
                } catch (IOException e9) {
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e10) {
                }
            }
        }
        return configuration;
    }

    @Override // org.sonatype.security.ldap.realms.persist.LdapConfiguration
    public LdapAuthConfiguration getLdapAuthConfiguration() {
        CUserAndGroupAuthConfiguration readUserAndGroupConfiguration = readUserAndGroupConfiguration();
        LdapAuthConfiguration ldapAuthConfiguration = new LdapAuthConfiguration();
        ldapAuthConfiguration.setEmailAddressAttribute(readUserAndGroupConfiguration.getEmailAddressAttribute());
        ldapAuthConfiguration.setUserBaseDn(StringUtils.defaultString(readUserAndGroupConfiguration.getUserBaseDn(), ""));
        ldapAuthConfiguration.setUserIdAttribute(readUserAndGroupConfiguration.getUserIdAttribute());
        ldapAuthConfiguration.setUserObjectClass(readUserAndGroupConfiguration.getUserObjectClass());
        ldapAuthConfiguration.setPasswordAttribute(readUserAndGroupConfiguration.getUserPasswordAttribute());
        ldapAuthConfiguration.setUserRealNameAttribute(readUserAndGroupConfiguration.getUserRealNameAttribute());
        ldapAuthConfiguration.setGroupBaseDn(StringUtils.defaultString(readUserAndGroupConfiguration.getGroupBaseDn(), ""));
        ldapAuthConfiguration.setGroupIdAttribute(readUserAndGroupConfiguration.getGroupIdAttribute());
        ldapAuthConfiguration.setGroupMemberAttribute(readUserAndGroupConfiguration.getGroupMemberAttribute());
        ldapAuthConfiguration.setGroupMemberFormat(readUserAndGroupConfiguration.getGroupMemberFormat());
        ldapAuthConfiguration.setGroupObjectClass(readUserAndGroupConfiguration.getGroupObjectClass());
        ldapAuthConfiguration.setUserSubtree(readUserAndGroupConfiguration.isUserSubtree());
        ldapAuthConfiguration.setGroupSubtree(readUserAndGroupConfiguration.isGroupSubtree());
        ldapAuthConfiguration.setUserMemberOfAttribute(readUserAndGroupConfiguration.getUserMemberOfAttribute());
        ldapAuthConfiguration.setLdapGroupsAsRoles(readUserAndGroupConfiguration.isLdapGroupsAsRoles());
        ldapAuthConfiguration.setLdapFilter(readUserAndGroupConfiguration.getLdapFilter());
        return ldapAuthConfiguration;
    }
}
