package pl.edu.icm.yadda.service2.user;

import java.io.UnsupportedEncodingException;
import java.security.InvalidParameterException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.Name;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.OrFilter;
import pl.edu.icm.yadda.common.pagination.PaginationResult;
import pl.edu.icm.yadda.service2.catalog.CountingIterator;
import pl.edu.icm.yadda.service2.user.credential.Credential;
import pl.edu.icm.yadda.service2.user.credential.LoginPasswordCredential;
import pl.edu.icm.yadda.service2.user.exception.CredentialNotFoundException;
import pl.edu.icm.yadda.service2.user.exception.DomainNotSpecifiedException;
import pl.edu.icm.yadda.service2.user.exception.ExportException;
import pl.edu.icm.yadda.service2.user.exception.GroupExistsException;
import pl.edu.icm.yadda.service2.user.exception.GroupNotFoundException;
import pl.edu.icm.yadda.service2.user.exception.ImportException;
import pl.edu.icm.yadda.service2.user.exception.InvalidCredentialException;
import pl.edu.icm.yadda.service2.user.exception.TokenVerificationException;
import pl.edu.icm.yadda.service2.user.exception.UserExistsException;
import pl.edu.icm.yadda.service2.user.exception.UserNotFoundException;
import pl.edu.icm.yadda.service2.user.hashing.IPasswordHasher;
import pl.edu.icm.yadda.service2.user.model.Group;
import pl.edu.icm.yadda.service2.user.model.GroupName;
import pl.edu.icm.yadda.service2.user.model.User;
import pl.edu.icm.yadda.service2.user.model.UserAttributesConstants;
import pl.edu.icm.yadda.service2.user.model.UserData;
import pl.edu.icm.yadda.service2.user.token.LoginPasswordToken;
import pl.edu.icm.yadda.service2.user.token.SecurityToken;

/* loaded from: input_file:WEB-INF/lib/yadda-user-ldap-1.13.0.jar:pl/edu/icm/yadda/service2/user/JoomlaLDAPUserCatalog.class */
public class JoomlaLDAPUserCatalog implements UserCatalog {
    protected static final String PREDEFINED_REQUIRED_GROUP_NAME = "Registered";
    protected LdapTemplate ldapTemplate;
    protected IPasswordHasher passwordHasher;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected String passwordEncoding = "utf8";

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public UserData loadUser(String str, String str2, UserData.UserDataParts... userDataPartsArr) {
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter("objectclass", JoomlaLDAPConstants.USER_OBJECTCLASS_NAME)).and(new EqualsFilter("uid", str));
        List search = this.ldapTemplate.search(DistinguishedName.EMPTY_PATH, andFilter.encode(), new UserDataAttributesMapper(this.passwordEncoding, fetchEffectiveGroupsSpecified(userDataPartsArr)));
        if (search.isEmpty()) {
            return null;
        }
        return (UserData) search.get(0);
    }

    boolean fetchEffectiveGroupsSpecified(UserData.UserDataParts[] userDataPartsArr) {
        if (userDataPartsArr == null || userDataPartsArr.length <= 0) {
            return false;
        }
        for (UserData.UserDataParts userDataParts : userDataPartsArr) {
            if (UserData.UserDataParts.EFFECTIVE_GROUPS.equals(userDataParts)) {
                return true;
            }
        }
        return false;
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public String verifyToken(SecurityToken securityToken) throws TokenVerificationException {
        if (!(securityToken instanceof LoginPasswordToken)) {
            throw new TokenVerificationException(TokenVerificationException.REASONS.NOT_FOUND, "unsupported token instance: " + securityToken.getClass().getCanonicalName() + ", only " + LoginPasswordToken.class.getCanonicalName() + " is supported!");
        }
        LoginPasswordToken loginPasswordToken = (LoginPasswordToken) securityToken;
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter("objectclass", JoomlaLDAPConstants.USER_OBJECTCLASS_NAME)).and(new EqualsFilter("uid", loginPasswordToken.getLogin()));
        UserDataAttributesMapper userDataAttributesMapper = new UserDataAttributesMapper(this.passwordEncoding, false);
        userDataAttributesMapper.setRetrievePassword(true);
        List search = this.ldapTemplate.search(DistinguishedName.EMPTY_PATH, andFilter.encode(), userDataAttributesMapper);
        if (search.isEmpty()) {
            throw new TokenVerificationException(TokenVerificationException.REASONS.NOT_FOUND, "unable to find user " + loginPasswordToken.getLogin());
        }
        UserData userData = (UserData) search.get(0);
        if (userData.getCredentials() == null || userData.getCredentials().size() <= 0) {
            throw new TokenVerificationException(TokenVerificationException.REASONS.NOT_FOUND, "unable to retrieve credential for user " + loginPasswordToken.getLogin());
        }
        if (this.passwordHasher.validate(((LoginPasswordCredential) userData.getCredentials().get(0)).getPassword(), loginPasswordToken.getPassword())) {
            return loginPasswordToken.getLogin();
        }
        throw new TokenVerificationException(TokenVerificationException.REASONS.TOKEN_INVALID, "password validation for user " + loginPasswordToken.getLogin() + " usuccessful!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public PaginationResult<UserData> searchUsers(String str, Set<String> set, Set<String> set2, Map<String, String> map, Set<String> set3, int i, int i2, UserData.UserDataParts... userDataPartsArr) throws DomainNotSpecifiedException {
        if (set3 != null && !set3.isEmpty()) {
            throw new InvalidParameterException("flag conditions are not supported by LDAP user catalog implementation");
        }
        if (set2 != null && !set2.isEmpty()) {
            throw new InvalidParameterException("roles conditions are not supported by LDAP user catalog implementation");
        }
        if (str != null) {
            throw new InvalidParameterException("domain condition is not supported by LDAP user catalog implementation");
        }
        List search = this.ldapTemplate.search(DistinguishedName.EMPTY_PATH, addGroupsCondition(addAttributesCondition(new AndFilter(), map), set).encode(), new UserDataAttributesMapper(this.passwordEncoding, fetchEffectiveGroupsSpecified(userDataPartsArr)));
        return new PaginationResult<>(search != null ? search.size() : 0, search);
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public List<UserData> listUsers(List<String> list, String str, UserData.UserDataParts... userDataPartsArr) throws DomainNotSpecifiedException {
        if (str != null) {
            throw new InvalidParameterException("domain condition is not supported by LDAP user catalog implementation");
        }
        OrFilter orFilter = new OrFilter();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            orFilter = orFilter.or(new EqualsFilter("uid", it.next()));
        }
        return prepareResults(this.ldapTemplate.search(DistinguishedName.EMPTY_PATH, orFilter.encode(), new UserDataAttributesMapper(this.passwordEncoding, fetchEffectiveGroupsSpecified(userDataPartsArr))), list);
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public PaginationResult<UserData> fetchGroupUsers(GroupName groupName, int i, int i2, UserData.UserDataParts... userDataPartsArr) throws GroupNotFoundException {
        if (groupName == null) {
            throw new GroupNotFoundException(groupName, "unable to find null group!");
        }
        List search = this.ldapTemplate.search(DistinguishedName.EMPTY_PATH, new EqualsFilter(JoomlaLDAPConstants.GROUP_ATTR_NAME, groupName.getName()).encode(), new UserDataAttributesMapper(this.passwordEncoding, fetchEffectiveGroupsSpecified(userDataPartsArr)));
        return new PaginationResult<>(search != null ? search.size() : 0, search);
    }

    List<UserData> prepareResults(List<UserData> list, List<String> list2) {
        if (list == null || list.size() == 0) {
            ArrayList arrayList = new ArrayList(list2.size());
            for (int i = 0; i < list2.size(); i++) {
                arrayList.add(i, null);
            }
            return arrayList;
        }
        if (list2.size() == list.size()) {
            return sort(list, list2);
        }
        ArrayList arrayList2 = new ArrayList(list2.size());
        for (int i2 = 0; i2 < list2.size(); i2++) {
            arrayList2.add(i2, getUserDataForId(list2.get(i2), list));
        }
        return arrayList2;
    }

    List<UserData> sort(List<UserData> list, List<String> list2) {
        UserData[] userDataArr = new UserData[list.size()];
        for (UserData userData : list) {
            userDataArr[list2.indexOf(userData.getUser().getId())] = userData;
        }
        return Arrays.asList(userDataArr);
    }

    UserData getUserDataForId(String str, List<UserData> list) {
        for (UserData userData : list) {
            if (str.equals(userData.getUser().getId())) {
                return userData;
            }
        }
        return null;
    }

    protected AndFilter addGroupsCondition(AndFilter andFilter, Set<String> set) {
        if (set == null || set.isEmpty()) {
            return andFilter;
        }
        if (set.size() <= 1) {
            return andFilter.and(new EqualsFilter(JoomlaLDAPConstants.GROUP_ATTR_NAME, set.iterator().next()));
        }
        OrFilter orFilter = new OrFilter();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            orFilter = orFilter.or(new EqualsFilter(JoomlaLDAPConstants.GROUP_ATTR_NAME, it.next()));
        }
        return andFilter.and(orFilter);
    }

    protected AndFilter addAttributesCondition(AndFilter andFilter, Map<String, String> map) throws InvalidParameterException {
        if (map == null || map.isEmpty()) {
            return andFilter;
        }
        AndFilter andFilter2 = new AndFilter();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if ("email".equals(entry.getKey())) {
                andFilter2 = andFilter2.and(new EqualsFilter(JoomlaLDAPConstants.MAIL_ATTR_NAME, entry.getValue()));
            } else {
                if (!UserAttributesConstants.FULL_NAME.equals(entry.getKey())) {
                    throw new InvalidParameterException(entry.getKey() + " attribute is unsupported by LDAP implementation!");
                }
                andFilter2 = andFilter2.and(new EqualsFilter(JoomlaLDAPConstants.DISP_NAME_ATTR_NAME, entry.getValue()));
            }
        }
        return andFilter.and(andFilter2);
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public String addUser(User user) throws UserExistsException {
        if (user.getId() == null) {
            throw new InvalidParameterException("got null user id: user identifier has to be set externally!");
        }
        if (this.ldapTemplate.lookup(builUserDn(user.getId())) != null) {
            throw new UserExistsException(user);
        }
        this.ldapTemplate.bind(builUserDn(user.getId()), (Object) null, buildUserAttributes(user));
        return user.getId();
    }

    protected Name builUserDn(String str) {
        DistinguishedName distinguishedName = new DistinguishedName();
        distinguishedName.add("ou", "users");
        distinguishedName.add("uid", str);
        return distinguishedName;
    }

    protected Attributes buildUserAttributes(User user) {
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("person");
        basicAttribute.add(JoomlaLDAPConstants.USER_OBJECTCLASS_NAME);
        basicAttributes.put(basicAttribute);
        basicAttributes.put("cn", user.getId());
        basicAttributes.put("sn", user.getId());
        try {
            basicAttributes.put(JoomlaLDAPConstants.PASSWD_ATTR_NAME, generateTempPass().getBytes(this.passwordEncoding));
            if (user.getAttributes() != null) {
                if (user.getAttributes().containsKey("email")) {
                    basicAttributes.put(JoomlaLDAPConstants.MAIL_ATTR_NAME, user.getAttributes().get("email"));
                }
                if (user.getAttributes().containsKey(UserAttributesConstants.FULL_NAME)) {
                    basicAttributes.put(JoomlaLDAPConstants.DISP_NAME_ATTR_NAME, user.getAttributes().get(UserAttributesConstants.FULL_NAME));
                }
            }
            basicAttributes.put(JoomlaLDAPConstants.BLOCKED_FLAG_ATTR_NAME, "0");
            BasicAttribute basicAttribute2 = new BasicAttribute(JoomlaLDAPConstants.GROUP_ATTR_NAME);
            basicAttribute2.add(PREDEFINED_REQUIRED_GROUP_NAME);
            basicAttributes.put(basicAttribute2);
            return basicAttributes;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("invalid state: bad encoding!", e);
        }
    }

    protected String generateTempPass() {
        StringBuffer stringBuffer = new StringBuffer();
        SecureRandom secureRandom = new SecureRandom();
        for (int i = 0; i < 32; i++) {
            stringBuffer.append(Integer.toString(secureRandom.nextInt(36), 36));
        }
        return stringBuffer.toString();
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void deleteUser(String str, String str2) throws UserNotFoundException {
        Name builUserDn = builUserDn(str);
        try {
            if (this.ldapTemplate.lookup(builUserDn) == null) {
                throw new UserNotFoundException(str, str2);
            }
            this.ldapTemplate.unbind(builUserDn);
        } catch (NameNotFoundException e) {
            throw new UserNotFoundException(str, str2);
        }
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void assignUser(String str, GroupName groupName) throws UserNotFoundException, GroupNotFoundException {
        if (str == null) {
            throw new UserNotFoundException(str);
        }
        if (groupName == null || groupName.getName() == null) {
            throw new GroupNotFoundException(groupName);
        }
        try {
            Name builUserDn = builUserDn(str);
            Attribute attribute = this.ldapTemplate.lookupContext(builUserDn).getAttributes().get(JoomlaLDAPConstants.GROUP_ATTR_NAME);
            if (!attribute.contains(groupName.getName())) {
                attribute.add(groupName.getName());
                this.ldapTemplate.modifyAttributes(builUserDn, new ModificationItem[]{new ModificationItem(2, attribute)});
            }
        } catch (NameNotFoundException e) {
            throw new UserNotFoundException(str);
        }
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void unassignUser(String str, GroupName groupName) throws UserNotFoundException, GroupNotFoundException {
        if (str == null) {
            throw new UserNotFoundException(str);
        }
        if (groupName == null || groupName.getName() == null) {
            throw new GroupNotFoundException(groupName);
        }
        try {
            Name builUserDn = builUserDn(str);
            Attribute attribute = this.ldapTemplate.lookupContext(builUserDn).getAttributes().get(JoomlaLDAPConstants.GROUP_ATTR_NAME);
            if (attribute.contains(groupName.getName()) && !PREDEFINED_REQUIRED_GROUP_NAME.equals(groupName.getName())) {
                attribute.remove(groupName.getName());
                this.ldapTemplate.modifyAttributes(builUserDn, new ModificationItem[]{new ModificationItem(2, attribute)});
            }
        } catch (NameNotFoundException e) {
            throw new UserNotFoundException(str);
        }
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public String addCredential(Credential credential) throws InvalidCredentialException {
        if (credential == null) {
            throw new InvalidCredentialException("null credential!");
        }
        if (credential.getUserId() == null) {
            throw new InvalidCredentialException("null userId!");
        }
        if (!(credential instanceof LoginPasswordCredential)) {
            throw new InvalidCredentialException("invalid credential instance: " + credential.getClass().getName() + ", only " + LoginPasswordCredential.class.getName() + " is supported!");
        }
        try {
            Name builUserDn = builUserDn(credential.getUserId());
            Attribute attribute = this.ldapTemplate.lookupContext(builUserDn).getAttributes().get(JoomlaLDAPConstants.PASSWD_ATTR_NAME);
            attribute.clear();
            attribute.add(this.passwordHasher.hash(((LoginPasswordCredential) credential).getPassword()));
            this.ldapTemplate.modifyAttributes(builUserDn, new ModificationItem[]{new ModificationItem(2, attribute)});
            return null;
        } catch (NameNotFoundException e) {
            throw new InvalidCredentialException("user " + credential.getUserId() + " not found!");
        }
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public Credential getCredential(String str) {
        throw new UnsupportedOperationException("NIY");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void deleteCredential(String str) throws CredentialNotFoundException {
        throw new UnsupportedOperationException("credential cannot be removed!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public String updateCredential(Credential credential) throws CredentialNotFoundException, InvalidCredentialException, UserNotFoundException {
        throw new UnsupportedOperationException("credential connot be update");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public String addGroup(Group group) throws GroupExistsException {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void assignGroup(GroupName groupName, GroupName groupName2) throws GroupNotFoundException {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void deleteGroup(GroupName groupName, boolean z) throws GroupNotFoundException {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public String exportEntity(String str, String str2) throws ExportException {
        throw new UnsupportedOperationException("NIY");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void importEntity(String str, String str2, String str3) throws ImportException {
        throw new UnsupportedOperationException("NIY");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public CountingIterator<String> iterateGroups(String[] strArr) {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public CountingIterator<String> iterateUsers(String[] strArr) {
        throw new UnsupportedOperationException("NIY");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void unassignGroup(GroupName groupName, GroupName groupName2) throws GroupNotFoundException {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void updateGroup(Group group) throws GroupNotFoundException {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public void updateUser(User user) throws UserNotFoundException {
        if (user.getId() == null) {
            throw new InvalidParameterException("got null user id: user identifier has to be set externally!");
        }
        Name builUserDn = builUserDn(user.getId());
        try {
            if (this.ldapTemplate.lookup(builUserDn) == null) {
                throw new UserNotFoundException(user.getId(), user.getDomain());
            }
            ModificationItem[] prepareModifications = prepareModifications(user);
            if (prepareModifications == null || prepareModifications.length <= 0) {
                this.log.warn("No modifications will be made: no modification items found!");
            } else {
                this.ldapTemplate.modifyAttributes(builUserDn, prepareModifications);
            }
        } catch (NameNotFoundException e) {
            throw new UserNotFoundException(user.getId(), user.getDomain());
        }
    }

    protected ModificationItem[] prepareModifications(User user) {
        if (user.getAttributes() == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        if (user.getAttributes().containsKey("email")) {
            String str = user.getAttributes().get("email");
            if (str == null || str.trim().length() <= 0) {
                throw new InvalidParameterException("mail attribute was found empty: email LDAP attribute is mandatory and cannot be removed!");
            }
            arrayList.add(new ModificationItem(2, new BasicAttribute(JoomlaLDAPConstants.MAIL_ATTR_NAME, str)));
        }
        if (user.getAttributes().containsKey(UserAttributesConstants.FULL_NAME)) {
            String str2 = user.getAttributes().get(UserAttributesConstants.FULL_NAME);
            if (str2 == null || str2.trim().length() <= 0) {
                arrayList.add(new ModificationItem(3, new BasicAttribute(JoomlaLDAPConstants.DISP_NAME_ATTR_NAME, str2)));
            } else {
                arrayList.add(new ModificationItem(2, new BasicAttribute(JoomlaLDAPConstants.DISP_NAME_ATTR_NAME, str2)));
            }
        }
        return (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]);
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public List<String> fetchDomains() {
        return Collections.emptyList();
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public Group loadGroup(GroupName groupName) {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public Group loadGroup(String str) {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public Set<Group> fetchChildGroups(GroupName groupName) throws GroupNotFoundException {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public PaginationResult<Group> listGroups(String str, int i, int i2) throws DomainNotSpecifiedException {
        throw new UnsupportedOperationException("groups are not being held as separate entities in this LDAP implementation!");
    }

    @Override // pl.edu.icm.yadda.service2.user.UserCatalog
    public Set<String> fetchUserIndentifiers(String str, String str2) {
        throw new UnsupportedOperationException("NIY");
    }

    @Required
    public void setLdapTemplate(LdapTemplate ldapTemplate) {
        this.ldapTemplate = ldapTemplate;
    }

    @Required
    public void setPasswordHasher(IPasswordHasher iPasswordHasher) {
        this.passwordHasher = iPasswordHasher;
    }

    public void setPasswordEncoding(String str) {
        this.passwordEncoding = str;
    }
}
