package org.ikasan.security.service;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import org.ikasan.security.dao.SecurityDao;
import org.ikasan.security.dao.UserDao;
import org.ikasan.security.model.AuthenticationMethod;
import org.ikasan.security.model.IkasanPrincipal;
import org.ikasan.security.model.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.control.PagedResult;
import org.springframework.ldap.control.PagedResultsCookie;
import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.security.ldap.search.FilterBasedLdapUserSearch;

/* loaded from: input_file:lib/ikasan-security-2.0.0.jar:org/ikasan/security/service/LdapServiceImpl.class */
public class LdapServiceImpl implements LdapService {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) LdapServiceImpl.class);
    private SecurityDao securityDao;
    private UserDao userDao;
    private AuthenticationMethod authenticationMethod;
    private PasswordEncoder passwordEncoder;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:lib/ikasan-security-2.0.0.jar:org/ikasan/security/service/LdapServiceImpl$ApplicationSecurityGroupAttributeMapper.class */
    public class ApplicationSecurityGroupAttributeMapper implements AttributesMapper {
        protected ApplicationSecurityGroupAttributeMapper() {
        }

        @Override // org.springframework.ldap.core.AttributesMapper
        public Object mapFromAttributes(Attributes attributes) throws NamingException {
            return attributes.get(LdapServiceImpl.this.authenticationMethod.getApplicationSecurityGroupAttributeName()).get();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:lib/ikasan-security-2.0.0.jar:org/ikasan/security/service/LdapServiceImpl$ApplicationUserAttributeMapper.class */
    public class ApplicationUserAttributeMapper implements AttributesMapper {
        protected ApplicationUserAttributeMapper() {
        }

        @Override // org.springframework.ldap.core.AttributesMapper
        public Object mapFromAttributes(Attributes attributes) throws NamingException {
            return attributes.get("name").get();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:lib/ikasan-security-2.0.0.jar:org/ikasan/security/service/LdapServiceImpl$LdapUser.class */
    public class LdapUser {
        String accountType;
        String accountName;
        String email;
        String firstName;
        String surname;
        String department;
        String description;
        String[] memberOf;

        protected LdapUser() {
        }

        public String toString() {
            return "LdapUser [accountType=" + this.accountType + ", accountName=" + this.accountName + ", email=" + this.email + ", firstName=" + this.firstName + ", surname=" + this.surname + ", department=" + this.department + ", description=" + this.description + ", memberOf=" + Arrays.toString(this.memberOf) + "]";
        }
    }

    public LdapServiceImpl(SecurityDao securityDao, UserDao userDao, PasswordEncoder passwordEncoder) {
        this.securityDao = securityDao;
        if (this.securityDao == null) {
            throw new IllegalArgumentException("securityDao cannot be null!");
        }
        this.userDao = userDao;
        if (this.userDao == null) {
            throw new IllegalArgumentException("userDao cannot be null!");
        }
        this.passwordEncoder = passwordEncoder;
        if (this.userDao == null) {
            throw new IllegalArgumentException("passwordEncoder cannot be null!");
        }
    }

    protected LdapUser getLdapUser(String str) throws LdapServiceException {
        AuthenticationMethod authenticationMethod = getAuthenticationMethod();
        try {
            DirContextOperations searchForUser = new FilterBasedLdapUserSearch(authenticationMethod.getLdapUserSearchBaseDn(), "CN={0}", getContextSource()).searchForUser(str);
            String stringAttribute = searchForUser.getStringAttribute(authenticationMethod.getAccountTypeAttributeName());
            String stringAttribute2 = searchForUser.getStringAttribute(authenticationMethod.getEmailAttributeName());
            String stringAttribute3 = searchForUser.getStringAttribute(authenticationMethod.getSurnameAttributeName());
            String stringAttribute4 = searchForUser.getStringAttribute(authenticationMethod.getFirstNameAttributeName());
            String stringAttribute5 = searchForUser.getStringAttribute(authenticationMethod.getUserAccountNameAttributeName());
            if (stringAttribute5 == null) {
                return null;
            }
            if (stringAttribute2 == null || stringAttribute2.length() == 0) {
                stringAttribute2 = "no email";
            }
            if (stringAttribute3 == null || stringAttribute3.length() == 0) {
                stringAttribute3 = "no surname";
            }
            if (stringAttribute4 == null || stringAttribute4.length() == 0) {
                stringAttribute4 = "no firstname";
            }
            LdapUser ldapUser = new LdapUser();
            ldapUser.accountName = stringAttribute5.toLowerCase();
            ldapUser.email = stringAttribute2;
            ldapUser.surname = stringAttribute3;
            ldapUser.accountType = stringAttribute;
            ldapUser.firstName = stringAttribute4;
            ldapUser.department = searchForUser.getStringAttribute(authenticationMethod.getDepartmentAttributeName());
            ldapUser.description = searchForUser.getStringAttribute(authenticationMethod.getLdapUserDescriptionAttributeName());
            ldapUser.memberOf = searchForUser.getStringAttributes(authenticationMethod.getMemberofAttributeName());
            return ldapUser;
        } catch (UsernameNotFoundException e) {
            logger.warn("An exception occurred trying to search for LDAP user: " + e.getMessage());
            e.printStackTrace();
            return null;
        } catch (RuntimeException e2) {
            logger.warn("An exception occurred trying to search for LDAP user: " + e2.getMessage());
            e2.printStackTrace();
            return null;
        }
    }

    public List<String> getAllLdapUsers() throws LdapServiceException {
        AuthenticationMethod authenticationMethod = getAuthenticationMethod();
        DefaultSpringSecurityContextSource contextSource = getContextSource();
        contextSource.setBase(authenticationMethod.getLdapUserSearchBaseDn());
        try {
            contextSource.afterPropertiesSet();
            LdapTemplate ldapTemplate = new LdapTemplate(contextSource);
            PagedResultsCookie pagedResultsCookie = null;
            ArrayList arrayList = new ArrayList();
            do {
                PagedResult allUsers = getAllUsers(pagedResultsCookie, ldapTemplate);
                arrayList.addAll(allUsers.getResultList());
                pagedResultsCookie = allUsers.getCookie();
            } while (pagedResultsCookie.getCookie() != null);
            logger.debug("Returning users: " + arrayList.size());
            return arrayList;
        } catch (Exception e) {
            throw new LdapServiceException();
        }
    }

    protected PagedResult getAllUsers(PagedResultsCookie pagedResultsCookie, LdapTemplate ldapTemplate) {
        PagedResultsDirContextProcessor pagedResultsDirContextProcessor = new PagedResultsDirContextProcessor(200, pagedResultsCookie);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        return new PagedResult(ldapTemplate.search("", this.authenticationMethod.getUserSynchronisationFilter(), searchControls, new ApplicationUserAttributeMapper(), pagedResultsDirContextProcessor), pagedResultsDirContextProcessor.getCookie());
    }

    public List<String> getAllApplicationSecurity() throws LdapServiceException {
        AuthenticationMethod authenticationMethod = getAuthenticationMethod();
        DefaultSpringSecurityContextSource contextSource = getContextSource();
        contextSource.setBase(authenticationMethod.getApplicationSecurityBaseDn());
        try {
            contextSource.afterPropertiesSet();
            LdapTemplate ldapTemplate = new LdapTemplate(contextSource);
            PagedResultsCookie pagedResultsCookie = null;
            ArrayList arrayList = new ArrayList();
            do {
                PagedResult allGroups = getAllGroups(pagedResultsCookie, ldapTemplate);
                arrayList.addAll(allGroups.getResultList());
                pagedResultsCookie = allGroups.getCookie();
            } while (pagedResultsCookie.getCookie() != null);
            return arrayList;
        } catch (Exception e) {
            throw new LdapServiceException();
        }
    }

    protected PagedResult getAllGroups(PagedResultsCookie pagedResultsCookie, LdapTemplate ldapTemplate) {
        PagedResultsDirContextProcessor pagedResultsDirContextProcessor = new PagedResultsDirContextProcessor(200, pagedResultsCookie);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        return new PagedResult(ldapTemplate.search("", this.authenticationMethod.getGroupSynchronisationFilter(), searchControls, new ApplicationSecurityGroupAttributeMapper(), pagedResultsDirContextProcessor), pagedResultsDirContextProcessor.getCookie());
    }

    public IkasanPrincipal getApplicationSecurity(String str) throws LdapServiceException {
        AuthenticationMethod authenticationMethod = getAuthenticationMethod();
        try {
            DirContextOperations searchForUser = new FilterBasedLdapUserSearch(authenticationMethod.getApplicationSecurityBaseDn(), "CN={0}", getContextSource()).searchForUser(str);
            String stringAttribute = searchForUser.getStringAttribute(authenticationMethod.getApplicationSecurityGroupAttributeName());
            String stringAttribute2 = searchForUser.getStringAttribute(authenticationMethod.getApplicationSecurityDescriptionAttributeName());
            IkasanPrincipal ikasanPrincipal = null;
            if (stringAttribute != null && stringAttribute.length() > 0) {
                ikasanPrincipal = new IkasanPrincipal();
                ikasanPrincipal.setName(stringAttribute);
                ikasanPrincipal.setType("application");
                if (stringAttribute2 == null || stringAttribute2.length() <= 0) {
                    ikasanPrincipal.setDescription("No description");
                } else {
                    ikasanPrincipal.setDescription(stringAttribute2);
                }
            }
            return ikasanPrincipal;
        } catch (UsernameNotFoundException e) {
            return null;
        } catch (RuntimeException e2) {
            throw new LdapServiceException(e2);
        }
    }

    @Override // org.ikasan.security.service.LdapService
    public void synchronize(AuthenticationMethod authenticationMethod) throws LdapServiceException {
        this.authenticationMethod = authenticationMethod;
        for (String str : getAllApplicationSecurity()) {
            IkasanPrincipal principalByName = this.securityDao.getPrincipalByName(str);
            if (principalByName == null) {
                principalByName = getApplicationSecurity(str);
            }
            if (principalByName != null) {
                this.securityDao.saveOrUpdatePrincipal(principalByName);
            }
        }
        Iterator<String> it = getAllLdapUsers().iterator();
        while (it.hasNext()) {
            LdapUser ldapUser = getLdapUser(it.next());
            if (ldapUser != null) {
                ArrayList arrayList = new ArrayList();
                User user = this.userDao.getUser(ldapUser.accountName);
                if (user == null) {
                    User user2 = new User(ldapUser.accountName, this.passwordEncoder.encodePassword("pa55word", null), ldapUser.email, true);
                    user2.setDepartment(ldapUser.department);
                    user2.setFirstName(ldapUser.firstName);
                    user2.setSurname(ldapUser.surname);
                    user2.setPrincipals(new HashSet(arrayList));
                    this.userDao.save(user2);
                    user = this.userDao.getUser(ldapUser.accountName);
                }
                IkasanPrincipal principalByName2 = this.securityDao.getPrincipalByName(ldapUser.accountName);
                if (principalByName2 == null) {
                    principalByName2 = new IkasanPrincipal();
                    principalByName2.setName(ldapUser.accountName);
                    principalByName2.setType("user");
                    if (ldapUser.description == null) {
                        principalByName2.setDescription("No description");
                    } else {
                        principalByName2.setDescription(ldapUser.description);
                    }
                    this.securityDao.saveOrUpdatePrincipal(principalByName2);
                }
                arrayList.add(principalByName2);
                if (ldapUser.memberOf != null) {
                    for (String str2 : ldapUser.memberOf) {
                        if (str2.contains(getAuthenticationMethod().getApplicationSecurityBaseDn())) {
                            IkasanPrincipal principalByName3 = this.securityDao.getPrincipalByName(new DistinguishedName(str2).getValue("cn"));
                            if (principalByName3 != null) {
                                arrayList.add(principalByName3);
                            }
                        }
                    }
                }
                user.setEmail(ldapUser.email);
                user.setFirstName(ldapUser.firstName);
                user.setSurname(ldapUser.surname);
                user.setDepartment(ldapUser.department);
                user.setPrincipals(new HashSet(arrayList));
                this.userDao.save(user);
            }
        }
    }

    protected AuthenticationMethod getAuthenticationMethod() throws LdapServiceException {
        if (this.authenticationMethod == null) {
            throw new LdapServiceException("Null AuthenticationMethod!");
        }
        return this.authenticationMethod;
    }

    protected DefaultSpringSecurityContextSource getContextSource() throws LdapServiceException {
        DefaultSpringSecurityContextSource defaultSpringSecurityContextSource = new DefaultSpringSecurityContextSource(this.authenticationMethod.getLdapServerUrl());
        defaultSpringSecurityContextSource.setUserDn(this.authenticationMethod.getLdapBindUserDn());
        defaultSpringSecurityContextSource.setPassword(this.authenticationMethod.getLdapBindUserPassword());
        try {
            defaultSpringSecurityContextSource.afterPropertiesSet();
            return defaultSpringSecurityContextSource;
        } catch (Exception e) {
            throw new LdapServiceException();
        }
    }
}
