package org.apache.james.user.ldap;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.HierarchicalConfiguration;
import org.apache.commons.logging.Log;
import org.apache.james.lifecycle.Configurable;
import org.apache.james.lifecycle.LogEnabled;
import org.apache.james.user.api.User;
import org.apache.james.user.api.UsersRepository;

/* loaded from: input_file:org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.class */
public class ReadOnlyUsersLDAPRepository implements UsersRepository, Configurable, LogEnabled {
    private String ldapHost;
    private String userIdAttribute;
    private String userObjectClass;
    private String userBase;
    private String principal;
    private String credentials;
    private ReadOnlyLDAPGroupRestriction restriction;
    private SimpleLDAPConnection ldapConnection;
    private Log log;

    public void configure(HierarchicalConfiguration hierarchicalConfiguration) throws ConfigurationException {
        this.ldapHost = hierarchicalConfiguration.getString("[@ldapHost]");
        this.principal = hierarchicalConfiguration.getString("[@principal]");
        this.credentials = hierarchicalConfiguration.getString("[@credentials]");
        this.userBase = hierarchicalConfiguration.getString("[@userBase]");
        this.userIdAttribute = hierarchicalConfiguration.getString("[@userIdAttribute]");
        this.userObjectClass = hierarchicalConfiguration.getString("[@userObjectClass]");
        this.restriction = new ReadOnlyLDAPGroupRestriction(hierarchicalConfiguration.configurationAt("restriction"));
    }

    @PostConstruct
    public void init() throws Exception {
        if (this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer(128).append(getClass().getName()).append(".initialize()").toString());
            this.log.debug(new StringBuffer(256).append("Openning connection to LDAP host: ").append(this.ldapHost).append(".").toString());
        }
        this.ldapConnection = SimpleLDAPConnection.openLDAPConnection(this.principal, this.credentials, this.ldapHost);
        if (this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer(256).append("Initialization complete. User baseDN=").append(this.userBase).append(" ; userIdAttribute=" + this.userIdAttribute).append("\n\tGroup restriction:" + this.restriction).toString());
        }
    }

    private boolean userInGroupsMembershipList(String str, Map<String, Collection<String>> map) {
        boolean z = false;
        Iterator<Collection<String>> it = map.values().iterator();
        while (it.hasNext() && !z) {
            z = it.next().contains(str);
        }
        return z;
    }

    private Set<String> getAllUsersFromLDAP() throws NamingException {
        HashSet hashSet = new HashSet();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"distinguishedName"});
        NamingEnumeration search = this.ldapConnection.getLdapContext().search(this.userBase, "(objectClass=" + this.userObjectClass + ")", searchControls);
        while (search.hasMore()) {
            hashSet.add(((SearchResult) search.next()).getNameInNamespace());
        }
        return hashSet;
    }

    private Collection<ReadOnlyLDAPUser> buildUserCollection(Collection<String> collection) throws NamingException {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(buildUser(it.next()));
        }
        return arrayList;
    }

    private ReadOnlyLDAPUser buildUser(String str) throws NamingException {
        return new ReadOnlyLDAPUser(this.ldapConnection.getLdapContext().getAttributes(str).get(this.userIdAttribute).get().toString(), str, this.ldapHost);
    }

    public boolean contains(String str) {
        return getUserByName(str) != null;
    }

    public boolean containsCaseInsensitive(String str) {
        return getUserByNameCaseInsensitive(str) != null;
    }

    public int countUsers() {
        try {
            return getValidUsers().size();
        } catch (NamingException e) {
            this.log.error("Unable to retrieve user count from ldap", e);
            return 0;
        }
    }

    public String getRealName(String str) {
        User userByNameCaseInsensitive = getUserByNameCaseInsensitive(str);
        if (userByNameCaseInsensitive != null) {
            return userByNameCaseInsensitive.getUserName();
        }
        return null;
    }

    public User getUserByName(String str) {
        try {
            for (ReadOnlyLDAPUser readOnlyLDAPUser : buildUserCollection(getValidUsers())) {
                if (readOnlyLDAPUser.getUserName().equals(str)) {
                    return readOnlyLDAPUser;
                }
            }
            return null;
        } catch (NamingException e) {
            this.log.error("Unable to retrieve user from ldap", e);
            return null;
        }
    }

    public User getUserByNameCaseInsensitive(String str) {
        try {
            for (ReadOnlyLDAPUser readOnlyLDAPUser : buildUserCollection(getValidUsers())) {
                if (readOnlyLDAPUser.getUserName().equalsIgnoreCase(str)) {
                    return readOnlyLDAPUser;
                }
            }
            return null;
        } catch (NamingException e) {
            this.log.error("Unable to retrieve user from ldap", e);
            return null;
        }
    }

    public Iterator<String> list() {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<ReadOnlyLDAPUser> it = buildUserCollection(getValidUsers()).iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getUserName());
            }
            return arrayList.iterator();
        } catch (NamingException e) {
            throw new RuntimeException("Unable to retrieve users list from LDAP due to unknown naming error.", e);
        }
    }

    private Collection<String> getValidUsers() throws NamingException {
        Collection collection;
        Set<String> allUsersFromLDAP = getAllUsersFromLDAP();
        if (this.restriction.isActivated()) {
            Map<String, Collection<String>> groupMembershipLists = this.restriction.getGroupMembershipLists(this.ldapConnection);
            collection = new ArrayList();
            for (String str : allUsersFromLDAP) {
                if (userInGroupsMembershipList(str, groupMembershipLists)) {
                    collection.add(str);
                }
            }
        } else {
            collection = allUsersFromLDAP;
        }
        return collection;
    }

    public void removeUser(String str) {
        this.log.warn("This user-repository is read-only. Modifications are not permitted.");
    }

    public boolean test(String str, String str2) {
        User userByName = getUserByName(str);
        if (userByName != null) {
            return userByName.verifyPassword(str2);
        }
        return false;
    }

    public boolean addUser(User user) {
        this.log.warn("This user-repository is read-only. Modifications are not permitted.");
        return false;
    }

    public void addUser(String str, Object obj) {
        this.log.warn("This user-repository is read-only. Modifications are not permitted.");
    }

    public boolean addUser(String str, String str2) {
        this.log.warn("This user-repository is read-only. Modifications are not permitted.");
        return false;
    }

    public boolean updateUser(User user) {
        this.log.warn("This user-repository is read-only. Modifications are not permitted.");
        return false;
    }

    public void setLog(Log log) {
        this.log = log;
    }
}
