package ca.nrc.cadc.ac.server.ldap;

import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.InternalID;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.PosixDetails;
import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.client.GroupMemberships;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import ca.nrc.cadc.auth.PosixPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.ObjectUtil;
import ca.nrc.cadc.util.StringUtil;
import com.unboundid.ldap.sdk.AddRequest;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.BindResult;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.DeleteRequest;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPResult;
import com.unboundid.ldap.sdk.LDAPSearchException;
import com.unboundid.ldap.sdk.Modification;
import com.unboundid.ldap.sdk.ModificationType;
import com.unboundid.ldap.sdk.ModifyDNRequest;
import com.unboundid.ldap.sdk.ModifyRequest;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.SimpleBindRequest;
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.opencadc.gms.GroupURI;

/* loaded from: input_file:ca/nrc/cadc/ac/server/ldap/LdapUserDAO.class */
public class LdapUserDAO extends LdapDAO {
    public static final String EMAIL_ADDRESS_CONFLICT_MESSAGE = "email address ";
    private static final Logger logger = Logger.getLogger(LdapUserDAO.class);
    private final Map<Class<?>, String> userLdapAttrib;
    private final Filter notFilter;
    private final Filter notTrueFilter;
    private final Filter notLockedFilter;
    protected static final String EXTERNAL_USER_CN = "$EXTERNAL-CN";
    protected static final String EXTERNAL_USER_SN = "$EXTERNAL-SN";
    protected static final String LDAP_INET_ORG_PERSON = "inetOrgPerson";
    protected static final String LDAP_CADC_ACCOUNT = "cadcaccount";
    protected static final String LDAP_POSIX_ACCOUNT = "posixaccount";
    protected static final String LDAP_MEMBEROF = "memberOf";
    protected static final String LDAP_USER_NAME = "cn";
    protected static final String LDAP_DISTINGUISHED_NAME = "distinguishedName";
    protected static final String LADP_USER_PASSWORD = "userPassword";
    protected static final String LDAP_FIRST_NAME = "givenName";
    protected static final String LDAP_LAST_NAME = "sn";
    protected static final String LDAP_ADDRESS = "address";
    protected static final String LDAP_CITY = "city";
    protected static final String LDAP_COUNTRY = "country";
    protected static final String LDAP_EMAIL = "email";
    protected static final String LDAP_INSTITUTE = "institute";
    protected static final String LDAP_UID = "uid";
    protected static final String LDAP_UID_NUMBER = "uidNumber";
    protected static final String LDAP_HOME_DIRECTORY = "homeDirectory";
    protected static final String LDAP_LOGIN_SHELL = "loginShell";
    protected static final String USER_ID = "id";
    protected static final String NO_LOGIN = "/bin/nologin";
    public static final String SUPPRESS_CHECKUSER_KEY = "cadc.skip.checkuser";
    private String[] userAttribs;
    private String[] firstLastAttribs;
    private String[] identityAttribs;

    public LdapUserDAO(LdapConnections ldapConnections) {
        super(ldapConnections);
        this.userLdapAttrib = new HashMap();
        this.notFilter = Filter.createNOTFilter(Filter.createPresenceFilter("nsaccountlock"));
        this.notTrueFilter = Filter.createNOTFilter(Filter.createEqualityFilter("nsaccountlock", "true"));
        this.notLockedFilter = Filter.createANDFilter(new Filter[]{this.notFilter, this.notTrueFilter});
        this.userAttribs = new String[]{LDAP_FIRST_NAME, LDAP_LAST_NAME, LDAP_ADDRESS, LDAP_CITY, LDAP_COUNTRY, LDAP_EMAIL, LDAP_INSTITUTE, LDAP_HOME_DIRECTORY, LDAP_LOGIN_SHELL};
        this.firstLastAttribs = new String[]{LDAP_FIRST_NAME, LDAP_LAST_NAME};
        this.identityAttribs = new String[]{LDAP_UID, LDAP_UID_NUMBER, "gidNumber", LDAP_DISTINGUISHED_NAME, "entrydn", LDAP_USER_NAME};
        this.userLdapAttrib.put(HttpPrincipal.class, LDAP_USER_NAME);
        this.userLdapAttrib.put(X500Principal.class, LDAP_DISTINGUISHED_NAME);
        this.userLdapAttrib.put(PosixPrincipal.class, LDAP_UID_NUMBER);
        this.userLdapAttrib.put(NumericPrincipal.class, LDAP_UID);
        this.userLdapAttrib.put(DNPrincipal.class, "entrydn");
        String[] strArr = (String[]) this.userLdapAttrib.values().toArray(new String[this.userLdapAttrib.values().size()]);
        String[] strArr2 = new String[this.userAttribs.length + strArr.length];
        System.arraycopy(strArr, 0, strArr2, 0, strArr.length);
        System.arraycopy(this.userAttribs, 0, strArr2, strArr.length, this.userAttribs.length);
        this.userAttribs = strArr2;
        String[] strArr3 = new String[this.firstLastAttribs.length + strArr.length];
        System.arraycopy(strArr, 0, strArr3, 0, strArr.length);
        System.arraycopy(this.firstLastAttribs, 0, strArr3, strArr.length, this.firstLastAttribs.length);
        this.firstLastAttribs = strArr3;
    }

    public Boolean doLogin(String str, String str2) throws TransientException, UserNotFoundException {
        try {
            BindResult bind = getUnboundReadConnection().bind(new SimpleBindRequest(getUserDN(uuid2long(getUser(new HttpPrincipal(str)).getID().getUUID()), this.config.getUsersDN()), new String(str2)));
            if (bind == null || bind.getResultCode() != ResultCode.SUCCESS) {
                throw new AccessControlException("Invalid username or password");
            }
            return Boolean.TRUE;
        } catch (LDAPException e) {
            logger.debug("doLogin Exception: " + e, e);
            if (e.getResultCode() == ResultCode.INVALID_CREDENTIALS) {
                throw new AccessControlException("Invalid password");
            }
            if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT) {
                throw new AccessControlException("Invalid username");
            }
            if (e.getResultCode() == ResultCode.UNWILLING_TO_PERFORM) {
                throw new AccessControlException("Account inactivated");
            }
            throw new RuntimeException("Unexpected LDAP exception", e);
        } catch (UserNotFoundException e2) {
            throw new AccessControlException("Invalid username");
        }
    }

    public User addUser(User user) throws UserNotFoundException, TransientException, UserAlreadyExistsException {
        Set identities = user.getIdentities();
        if (identities.isEmpty()) {
            throw new IllegalArgumentException("addUser: No user identities");
        }
        Set identities2 = user.getIdentities(X500Principal.class);
        if (identities2.isEmpty()) {
            throw new IllegalArgumentException("addUser: No user X500Principals found");
        }
        X500Principal x500Principal = (X500Principal) identities2.iterator().next();
        Iterator it = identities.iterator();
        while (it.hasNext()) {
            checkUsers((Principal) it.next(), null, this.config.getUsersDN());
        }
        try {
            int genNextNumericId = genNextNumericId();
            String uuid = UUID.randomUUID().toString();
            PosixDetails posixDetails = new PosixDetails(EXTERNAL_USER_CN, genNextNumericId, genNextNumericId, "/home/" + String.valueOf(genNextNumericId));
            posixDetails.loginShell = NO_LOGIN;
            user.posixDetails = posixDetails;
            ArrayList arrayList = new ArrayList();
            addAttribute(arrayList, "objectClass", LDAP_INET_ORG_PERSON);
            addAttribute(arrayList, "objectClass", "inetuser");
            addAttribute(arrayList, "objectClass", LDAP_CADC_ACCOUNT);
            addAttribute(arrayList, "objectClass", LDAP_POSIX_ACCOUNT);
            addAttribute(arrayList, LDAP_UID, String.valueOf(genNextNumericId));
            addAttribute(arrayList, LDAP_UID_NUMBER, String.valueOf(genNextNumericId));
            addAttribute(arrayList, "gidNumber", String.valueOf(genNextNumericId));
            addAttribute(arrayList, LDAP_USER_NAME, EXTERNAL_USER_CN);
            addAttribute(arrayList, LDAP_LAST_NAME, EXTERNAL_USER_SN);
            addAttribute(arrayList, LADP_USER_PASSWORD, uuid);
            addAttribute(arrayList, LDAP_HOME_DIRECTORY, user.posixDetails.getHomeDirectory());
            addAttribute(arrayList, LDAP_LOGIN_SHELL, user.posixDetails.loginShell);
            Iterator it2 = identities2.iterator();
            while (it2.hasNext()) {
                addAttribute(arrayList, LDAP_DISTINGUISHED_NAME, ((X500Principal) it2.next()).getName());
            }
            AddRequest addRequest = new AddRequest(getUserDN(genNextNumericId, this.config.getUsersDN()), arrayList);
            logger.debug("addUser: adding " + x500Principal.getName() + " to " + this.config.getUsersDN());
            LDAPConnection readWriteConnection = getReadWriteConnection();
            LdapDAO.checkLdapResult(readWriteConnection.add(addRequest).getResultCode());
            return getUser((Principal) identities.toArray()[0], readWriteConnection);
        } catch (LDAPException e) {
            logger.error("addUser Exception: " + e, e);
            checkUserLDAPResult(e.getResultCode());
            throw new RuntimeException("Unexpected LDAP exception", e);
        }
    }

    private String getEmailAddress(User user) {
        if (user.personalDetails == null) {
            throw new IllegalArgumentException(user.getHttpPrincipal().getName() + " missing required PersonalDetails");
        }
        if (StringUtil.hasText(user.personalDetails.email)) {
            return user.personalDetails.email;
        }
        throw new IllegalArgumentException(user.getHttpPrincipal().getName() + " missing required email address");
    }

    protected void checkUsers(Principal principal, String str, String str2) throws TransientException, UserAlreadyExistsException {
        try {
            getUser(principal, str2);
            throw new UserAlreadyExistsException("user " + principal.getName() + " found in " + str2);
        } catch (UserNotFoundException e) {
            if (str != null) {
                try {
                    getUserByEmailAddress(str, str2);
                    throw new UserAlreadyExistsException(EMAIL_ADDRESS_CONFLICT_MESSAGE + str + " for user " + principal.getName() + " found in " + str2);
                } catch (UserNotFoundException e2) {
                }
            }
        }
    }

    public User addUserRequest(UserRequest userRequest) throws UserNotFoundException, TransientException, UserAlreadyExistsException {
        User user = userRequest.getUser();
        HttpPrincipal httpPrincipal = user.getHttpPrincipal();
        if (httpPrincipal == null) {
            throw new IllegalArgumentException("User missing required HttpPrincipal type");
        }
        if (httpPrincipal.getName().startsWith("$")) {
            throw new IllegalArgumentException("addUserRequest: username " + user.getHttpPrincipal().getName() + " cannot start with a $");
        }
        String emailAddress = getEmailAddress(user);
        checkUsers(httpPrincipal, emailAddress, this.config.getUsersDN());
        checkUsers(httpPrincipal, emailAddress, this.config.getUserRequestsDN());
        try {
            int genNextNumericId = genNextNumericId();
            PosixDetails posixDetails = new PosixDetails(httpPrincipal.getName(), genNextNumericId, genNextNumericId, "/home/" + String.valueOf(genNextNumericId));
            posixDetails.loginShell = NO_LOGIN;
            user.posixDetails = posixDetails;
            ArrayList arrayList = new ArrayList();
            addAttribute(arrayList, "objectClass", LDAP_INET_ORG_PERSON);
            addAttribute(arrayList, "objectClass", "inetuser");
            addAttribute(arrayList, "objectClass", LDAP_CADC_ACCOUNT);
            addAttribute(arrayList, "objectClass", LDAP_POSIX_ACCOUNT);
            addAttribute(arrayList, LDAP_UID, String.valueOf(genNextNumericId));
            addAttribute(arrayList, LDAP_UID_NUMBER, String.valueOf(genNextNumericId));
            addAttribute(arrayList, "gidNumber", String.valueOf(genNextNumericId));
            addAttribute(arrayList, LDAP_USER_NAME, httpPrincipal.getName());
            addAttribute(arrayList, LDAP_LAST_NAME, user.personalDetails.getLastName());
            addAttribute(arrayList, LADP_USER_PASSWORD, new String(userRequest.getPassword()));
            addAttribute(arrayList, LDAP_FIRST_NAME, user.personalDetails.getFirstName());
            addAttribute(arrayList, LDAP_ADDRESS, user.personalDetails.address);
            addAttribute(arrayList, LDAP_CITY, user.personalDetails.city);
            addAttribute(arrayList, LDAP_COUNTRY, user.personalDetails.country);
            addAttribute(arrayList, LDAP_EMAIL, emailAddress);
            addAttribute(arrayList, LDAP_INSTITUTE, user.personalDetails.institute);
            addAttribute(arrayList, LDAP_HOME_DIRECTORY, user.posixDetails.getHomeDirectory());
            addAttribute(arrayList, LDAP_LOGIN_SHELL, user.posixDetails.loginShell);
            Set<Principal> identities = user.getIdentities();
            for (Principal principal : identities) {
                if (principal instanceof X500Principal) {
                    addAttribute(arrayList, LDAP_DISTINGUISHED_NAME, principal.getName());
                }
            }
            AddRequest addRequest = new AddRequest(getUserDN(genNextNumericId, this.config.getUserRequestsDN()), arrayList);
            logger.debug("addUserRequest: adding " + httpPrincipal.getName() + " to " + this.config.getUserRequestsDN());
            LDAPConnection readWriteConnection = getReadWriteConnection();
            LdapDAO.checkLdapResult(readWriteConnection.add(addRequest).getResultCode());
            return getUserRequest((Principal) identities.toArray()[0], readWriteConnection);
        } catch (LDAPException e) {
            logger.error("addUserRequest Exception: " + e, e);
            checkUserLDAPResult(e.getResultCode());
            throw new RuntimeException("Unexpected LDAP exception", e);
        }
    }

    public User getUser(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        return getUser(principal, this.config.getUsersDN());
    }

    public User getUser(Principal principal, LDAPConnection lDAPConnection) throws UserNotFoundException, TransientException, AccessControlException {
        return getUser(principal, this.config.getUsersDN(), lDAPConnection, false);
    }

    public User getUserRequest(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        return getUser(principal, this.config.getUserRequestsDN());
    }

    public User getUserRequest(Principal principal, LDAPConnection lDAPConnection) throws UserNotFoundException, TransientException, AccessControlException {
        return getUser(principal, this.config.getUserRequestsDN(), lDAPConnection, false);
    }

    private SearchResultEntry getFirstUserEntry(SearchResult searchResult) {
        SearchResultEntry searchResultEntry = null;
        if (searchResult == null) {
            return null;
        }
        if (searchResult.getSearchEntries().size() == 1) {
            return (SearchResultEntry) searchResult.getSearchEntries().get(0);
        }
        Iterator it = searchResult.getSearchEntries().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SearchResultEntry searchResultEntry2 = (SearchResultEntry) it.next();
            if (!EXTERNAL_USER_CN.equals(searchResultEntry2.getAttributeValue(LDAP_USER_NAME))) {
                searchResultEntry = searchResultEntry2;
                break;
            }
        }
        if (searchResultEntry != null) {
            return searchResultEntry;
        }
        throw new RuntimeException("multiple $EXTERNAL-CN users found for userid " + ((SearchResultEntry) searchResult.getSearchEntries().get(0)).getAttributeValue(this.userLdapAttrib.get(X500Principal.class)));
    }

    private User makeUserFromResult(SearchResultEntry searchResultEntry) {
        User user = new User();
        if (searchResultEntry == null) {
            return null;
        }
        String attributeValue = searchResultEntry.getAttributeValue(LDAP_FIRST_NAME);
        String attributeValue2 = searchResultEntry.getAttributeValue(LDAP_LAST_NAME);
        if (StringUtil.hasLength(attributeValue) && StringUtil.hasLength(attributeValue2)) {
            user.personalDetails = new PersonalDetails(attributeValue, attributeValue2);
            user.personalDetails.address = searchResultEntry.getAttributeValue(LDAP_ADDRESS);
            user.personalDetails.city = searchResultEntry.getAttributeValue(LDAP_CITY);
            user.personalDetails.country = searchResultEntry.getAttributeValue(LDAP_COUNTRY);
            user.personalDetails.email = searchResultEntry.getAttributeValue(LDAP_EMAIL);
            user.personalDetails.institute = searchResultEntry.getAttributeValue(LDAP_INSTITUTE);
        }
        String attributeValue3 = searchResultEntry.getAttributeValue(this.userLdapAttrib.get(NumericPrincipal.class));
        logger.debug("makeUserFromResult: uid = " + attributeValue3);
        if (attributeValue3 == null) {
            throw new AccessControlException("Permission denied");
        }
        String attributeValue4 = searchResultEntry.getAttributeValue(LDAP_USER_NAME);
        logger.debug("makeUserFromResult: username = " + attributeValue4);
        String str = null;
        if (attributeValue4 != null) {
            user.getIdentities().add(new HttpPrincipal(attributeValue4));
            String attributeValue5 = searchResultEntry.getAttributeValue(LDAP_HOME_DIRECTORY);
            if (attributeValue5 != null) {
                str = searchResultEntry.getAttributeValue(this.userLdapAttrib.get(PosixPrincipal.class));
                int parseInt = Integer.parseInt(str);
                user.posixDetails = new PosixDetails(attributeValue4, parseInt, parseInt, attributeValue5);
                user.posixDetails.loginShell = searchResultEntry.getAttributeValue(LDAP_LOGIN_SHELL);
            }
        }
        InternalID internalID = getInternalID(attributeValue3);
        ObjectUtil.setField(user, internalID, USER_ID);
        user.getIdentities().add(new NumericPrincipal(internalID.getUUID()));
        String attributeValue6 = searchResultEntry.getAttributeValue(this.userLdapAttrib.get(X500Principal.class));
        logger.debug("makeUserFromResult: x500principal = " + attributeValue6);
        if (attributeValue6 != null) {
            user.getIdentities().add(new X500Principal(attributeValue6));
        }
        logger.debug("makeUserFromResult: posixPrincipal = " + str);
        if (str != null) {
            user.getIdentities().add(new PosixPrincipal(Integer.parseInt(str)));
        }
        return user;
    }

    private User getUserFromResultList(SearchResult searchResult) {
        return makeUserFromResult(getFirstUserEntry(searchResult));
    }

    private User getUser(Principal principal, String str) throws UserNotFoundException, TransientException, AccessControlException {
        return getUser(principal, str, getReadOnlyConnection(), false);
    }

    public User getLockedUser(Principal principal) throws UserNotFoundException, TransientException {
        return getLockedUser(principal, this.config.getUsersDN());
    }

    private User getLockedUser(Principal principal, String str) throws UserNotFoundException, TransientException, AccessControlException {
        return getUser(principal, str, getReadOnlyConnection(), true);
    }

    private User getUser(Principal principal, String str, LDAPConnection lDAPConnection, Boolean bool) throws UserNotFoundException, TransientException, AccessControlException {
        Profiler profiler = new Profiler(LdapUserDAO.class);
        String str2 = this.userLdapAttrib.get(principal.getClass());
        if (str2 == null) {
            throw new IllegalArgumentException("Unsupported principal type " + principal.getClass());
        }
        try {
            Filter createEqualityFilter = Filter.createEqualityFilter(str2, principal instanceof NumericPrincipal ? String.valueOf(uuid2long(UUID.fromString(principal.getName()))) : principal.getName());
            Filter createANDFilter = !bool.booleanValue() ? Filter.createANDFilter(new Filter[]{this.notLockedFilter, createEqualityFilter}) : createEqualityFilter;
            logger.debug("getUser: search filter = " + createANDFilter);
            SearchResult search = lDAPConnection.search(new SearchRequest(str, SearchScope.ONE, createANDFilter, this.userAttribs));
            profiler.checkpoint("getUser.search");
            if (search == null || search.getSearchEntries().size() == 0) {
                String str3 = "getUser: user " + principal.toString() + " not found in " + str;
                logger.debug(str3);
                throw new UserNotFoundException(str3);
            }
            if (search.getSearchEntries().size() > 1) {
                logger.info("getUser: multiple LDAP entries found for " + principal.toString());
            }
            new User();
            User userFromResultList = getUserFromResultList(search);
            if (userFromResultList == null) {
                throw new RuntimeException("BUG: user not found (" + principal.getName() + ")");
            }
            logger.debug("getUser: found " + principal.getName() + " in " + str);
            return userFromResultList;
        } catch (LDAPException e) {
            LdapDAO.checkLdapResult(e.getResultCode());
            throw new RuntimeException("BUG: user not found (" + principal.getName() + ")");
        }
    }

    public List<User> getAllUsers(Principal principal, String str) throws UserNotFoundException, TransientException, AccessControlException {
        SearchResult search;
        String str2 = this.userLdapAttrib.get(principal.getClass());
        ArrayList arrayList = new ArrayList();
        if (str2 == null) {
            throw new IllegalArgumentException("Unsupported principal type " + principal.getClass());
        }
        try {
            Filter createANDFilter = Filter.createANDFilter(new Filter[]{this.notLockedFilter, Filter.createEqualityFilter(str2, principal instanceof NumericPrincipal ? String.valueOf(uuid2long(UUID.fromString(principal.getName()))) : principal.getName())});
            logger.debug("getAllUsers: search filter = " + createANDFilter);
            search = getReadOnlyConnection().search(new SearchRequest(str, SearchScope.ONE, createANDFilter, this.userAttribs));
        } catch (LDAPException e) {
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        if (search == null || search.getSearchEntries().size() == 0) {
            String str3 = "getAllUsers: user " + principal.toString() + " not found in " + str;
            logger.debug(str3);
            throw new UserNotFoundException(str3);
        }
        if (search.getSearchEntries().size() > 1) {
            logger.info("getAllUsers: ,multiple LDAP entries found for " + principal.toString());
        }
        Iterator it = search.getSearchEntries().iterator();
        while (it.hasNext()) {
            arrayList.add(makeUserFromResult((SearchResultEntry) it.next()));
        }
        logger.debug("getAllUsers returning " + arrayList.size() + " entries for " + principal.toString());
        return arrayList;
    }

    public User getUserByEmailAddress(String str) throws UserNotFoundException, TransientException, AccessControlException, UserAlreadyExistsException {
        return getUserByEmailAddress(str, this.config.getUsersDN());
    }

    private User getUserByEmailAddress(String str, String str2) throws UserNotFoundException, TransientException, AccessControlException {
        SearchResultEntry searchResultEntry = null;
        try {
            Filter createANDFilter = Filter.createANDFilter(new Filter[]{this.notLockedFilter, Filter.createEqualityFilter(LDAP_EMAIL, str)});
            logger.debug("search filter: " + createANDFilter);
            searchResultEntry = getReadOnlyConnection().searchForEntry(new SearchRequest(str2, SearchScope.ONE, createANDFilter, this.userAttribs));
        } catch (LDAPException e) {
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        if (searchResultEntry == null) {
            String str3 = "getUserByEmailAddress: user with email address " + str + " not found";
            logger.debug(str3);
            throw new UserNotFoundException(str3);
        }
        String attributeValue = searchResultEntry.getAttributeValue(LDAP_USER_NAME);
        User user = new User();
        if (!EXTERNAL_USER_CN.equals(attributeValue)) {
            user.getIdentities().add(new HttpPrincipal(attributeValue));
        }
        InternalID internalID = getInternalID(searchResultEntry.getAttributeValue(this.userLdapAttrib.get(NumericPrincipal.class)));
        ObjectUtil.setField(user, internalID, USER_ID);
        user.getIdentities().add(new NumericPrincipal(internalID.getUUID()));
        String attributeValue2 = searchResultEntry.getAttributeValue(this.userLdapAttrib.get(X500Principal.class));
        logger.debug("getUserByEmailAddress: x500principal = " + attributeValue2);
        if (attributeValue2 != null) {
            user.getIdentities().add(new X500Principal(attributeValue2));
        }
        String attributeValue3 = searchResultEntry.getAttributeValue(this.userLdapAttrib.get(PosixPrincipal.class));
        logger.debug("getUserByEmailAddress: posixprincipal = " + attributeValue3);
        if (attributeValue3 != null) {
            user.getIdentities().add(new PosixPrincipal(Integer.parseInt(attributeValue3)));
        }
        String attributeValue4 = searchResultEntry.getAttributeValue(LDAP_FIRST_NAME);
        String attributeValue5 = searchResultEntry.getAttributeValue(LDAP_LAST_NAME);
        if (StringUtil.hasLength(attributeValue4) && StringUtil.hasLength(attributeValue5)) {
            user.personalDetails = new PersonalDetails(attributeValue4, attributeValue5);
            user.personalDetails.address = searchResultEntry.getAttributeValue(LDAP_ADDRESS);
            user.personalDetails.city = searchResultEntry.getAttributeValue(LDAP_CITY);
            user.personalDetails.country = searchResultEntry.getAttributeValue(LDAP_COUNTRY);
            user.personalDetails.email = searchResultEntry.getAttributeValue(LDAP_EMAIL);
            user.personalDetails.institute = searchResultEntry.getAttributeValue(LDAP_INSTITUTE);
            String attributeValue6 = searchResultEntry.getAttributeValue(LDAP_HOME_DIRECTORY);
            if (attributeValue6 != null) {
                int parseInt = Integer.parseInt(attributeValue3);
                user.posixDetails = new PosixDetails(attributeValue, parseInt, parseInt, attributeValue6);
                user.posixDetails.loginShell = searchResultEntry.getAttributeValue(LDAP_LOGIN_SHELL);
            }
        }
        return user;
    }

    public User getAugmentedUser(Principal principal, boolean z) throws UserNotFoundException, TransientException {
        Profiler profiler = new Profiler(LdapUserDAO.class);
        String str = this.userLdapAttrib.get(principal.getClass());
        try {
            if (str == null) {
                throw new IllegalArgumentException("getAugmentedUser: unsupported principal type " + principal.getClass());
            }
            try {
                Filter createANDFilter = Filter.createANDFilter(new Filter[]{this.notLockedFilter, Filter.createEqualityFilter(str, principal instanceof NumericPrincipal ? String.valueOf(uuid2long(UUID.fromString(principal.getName()))) : principal.getName())});
                profiler.checkpoint("getAugmentedUser.createFilter");
                logger.debug("getAugmentedUser: search filter = " + createANDFilter);
                String[] strArr = this.identityAttribs;
                if (z) {
                    strArr = new String[this.identityAttribs.length + 1];
                    for (int i = 0; i < this.identityAttribs.length; i++) {
                        strArr[i] = this.identityAttribs[i];
                    }
                    strArr[this.identityAttribs.length] = "memberOf";
                }
                String usersDN = this.config.getUsersDN();
                SearchRequest searchRequest = new SearchRequest(usersDN, SearchScope.ONE, createANDFilter, strArr);
                profiler.checkpoint("getAugmentedUser.getReadOnlyConnection");
                SearchResult search = getReadOnlyConnection().search(searchRequest);
                profiler.checkpoint("getAugmentedUser.search");
                if (search == null || search.getSearchEntries().size() == 0) {
                    String str2 = "getUser: user " + principal.toString() + " not found in " + usersDN;
                    logger.debug(str2);
                    throw new UserNotFoundException(str2);
                }
                if (search.getSearchEntries().size() > 1) {
                    logger.info("getAugmentedUser: multiple LDAP entries found for " + principal.toString());
                }
                SearchResultEntry firstUserEntry = getFirstUserEntry(search);
                if (firstUserEntry == null) {
                    throw new RuntimeException("BUG: augmented user not found (" + principal.getName() + ")");
                }
                logger.debug("getAugmentedUser: found " + principal.getName() + " in " + usersDN);
                User user = new User();
                String attributeValue = firstUserEntry.getAttributeValue(LDAP_USER_NAME);
                logger.debug("getAugmentedUser: username = " + attributeValue);
                if (!EXTERNAL_USER_CN.equals(attributeValue)) {
                    user.getIdentities().add(new HttpPrincipal(attributeValue));
                }
                String attributeValue2 = firstUserEntry.getAttributeValue(LDAP_UID);
                logger.debug("getAugmentedUser: numericID = " + attributeValue2);
                InternalID internalID = getInternalID(attributeValue2);
                ObjectUtil.setField(user, internalID, USER_ID);
                user.getIdentities().add(new NumericPrincipal(internalID.getUUID()));
                String attributeValue3 = firstUserEntry.getAttributeValue(LDAP_DISTINGUISHED_NAME);
                if (attributeValue3 != null) {
                    user.getIdentities().add(new X500Principal(attributeValue3));
                }
                user.getIdentities().add(new DNPrincipal(firstUserEntry.getAttributeValue("entrydn")));
                String attributeValue4 = firstUserEntry.getAttributeValue(LDAP_UID_NUMBER);
                if (attributeValue4 != null) {
                    user.getIdentities().add(new PosixPrincipal(Integer.valueOf(attributeValue4).intValue()));
                }
                URI serviceURI = new LocalAuthority().getServiceURI(Standards.GMS_GROUPS_01.toString());
                if (z) {
                    GroupMemberships groupMemberships = new GroupMemberships(serviceURI.toString(), principal);
                    user.appData = groupMemberships;
                    String[] attributeValues = firstUserEntry.getAttributeValues("memberOf");
                    if (attributeValues != null && attributeValues.length > 0) {
                        DN dn = new DN(this.config.getAdminGroupsDN());
                        DN dn2 = new DN(this.config.getGroupsDN());
                        ArrayList arrayList = new ArrayList();
                        ArrayList arrayList2 = new ArrayList();
                        for (String str3 : attributeValues) {
                            DN dn3 = new DN(str3);
                            if (dn3.isDescendantOf(dn2, false)) {
                                arrayList.add(createGroupFromDN(dn3));
                            } else if (dn3.isDescendantOf(dn, false)) {
                                arrayList2.add(createGroupFromDN(dn3));
                            }
                        }
                        groupMemberships.add(arrayList2, Role.ADMIN);
                        groupMemberships.add(arrayList, Role.MEMBER);
                    }
                }
                profiler.checkpoint("getAugmentedUser.mapIdentities");
                logger.debug("getAugmentedUser: returning user " + principal.getName());
                profiler.checkpoint("Done getAugmentedUser");
                return user;
            } catch (LDAPException e) {
                logger.debug("getAugmentedUser Exception: " + e, e);
                LdapDAO.checkLdapResult(e.getResultCode());
                throw new RuntimeException("BUG: checkLdapResult didn't throw an exception");
            }
        } catch (Throwable th) {
            profiler.checkpoint("Done getAugmentedUser");
            throw th;
        }
    }

    private Group createGroupFromDN(DN dn) {
        URI serviceURI = new LocalAuthority().getServiceURI(Standards.GMS_GROUPS_01.toString());
        String[] split = dn.getRDNString().split("=");
        if (split.length == 2 && split[0].equals(LDAP_USER_NAME)) {
            return new Group(new GroupURI(serviceURI, split[1]));
        }
        throw new RuntimeException("BUG: failed to extract group name from " + dn.toString());
    }

    public Collection<User> getUsers() throws AccessControlException, TransientException {
        return getUsers(this.config.getUsersDN());
    }

    public Collection<User> getUserRequests() throws AccessControlException, TransientException {
        return getUsers(this.config.getUserRequestsDN());
    }

    public Collection<User> getUsers(String str) throws AccessControlException, TransientException {
        ArrayList arrayList = new ArrayList();
        Filter createANDFilter = Filter.createANDFilter(new Filter[]{this.notLockedFilter, Filter.createPresenceFilter(LDAP_UID)});
        logger.debug("search filter: " + createANDFilter);
        try {
            SearchResult search = getReadOnlyConnection().search(new SearchRequest(str, SearchScope.ONE, createANDFilter, new String[]{LDAP_USER_NAME, LDAP_FIRST_NAME, LDAP_LAST_NAME}));
            LdapDAO.checkLdapResult(search.getResultCode());
            for (SearchResultEntry searchResultEntry : search.getSearchEntries()) {
                String attributeValue = searchResultEntry.getAttributeValue(LDAP_FIRST_NAME);
                String trim = searchResultEntry.getAttributeValue(LDAP_LAST_NAME).trim();
                String attributeValue2 = searchResultEntry.getAttributeValue(LDAP_USER_NAME);
                User user = new User();
                if (!EXTERNAL_USER_CN.equals(attributeValue2)) {
                    user.getIdentities().add(new HttpPrincipal(attributeValue2));
                    if (StringUtil.hasLength(attributeValue) && StringUtil.hasLength(trim)) {
                        user.personalDetails = new PersonalDetails(attributeValue.trim(), trim.trim());
                        String attributeValue3 = searchResultEntry.getAttributeValue(LDAP_HOME_DIRECTORY);
                        if (attributeValue3 != null) {
                            int parseInt = Integer.parseInt(searchResultEntry.getAttributeValue(LDAP_UID_NUMBER));
                            user.posixDetails = new PosixDetails(attributeValue2, parseInt, parseInt, attributeValue3);
                            user.posixDetails.loginShell = searchResultEntry.getAttributeValue(LDAP_LOGIN_SHELL);
                        }
                    }
                    arrayList.add(user);
                }
            }
        } catch (LDAPSearchException e) {
            if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT) {
                logger.debug("Could not find users root", e);
                throw new IllegalStateException("Could not find users root");
            }
        }
        logger.debug("getUsers: found " + arrayList.size() + " in " + str);
        return arrayList;
    }

    public User approveUserRequest(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        LDAPConnection readWriteConnection = getReadWriteConnection();
        User userRequest = getUserRequest(principal, readWriteConnection);
        if (userRequest.getHttpPrincipal() == null) {
            throw new RuntimeException("BUG: missing HttpPrincipal for " + principal.getName());
        }
        String str = "uid=" + uuid2long(userRequest.getID().getUUID());
        try {
            LdapDAO.checkLdapResult(readWriteConnection.modifyDN(new ModifyDNRequest(str + "," + this.config.getUserRequestsDN(), str, true, this.config.getUsersDN())).getResultCode());
        } catch (LDAPException e) {
            logger.debug("Modify Exception", e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        try {
            User user = getUser(principal, readWriteConnection);
            logger.debug("approvedUserRequest: " + principal.getName());
            return user;
        } catch (UserNotFoundException e2) {
            throw new RuntimeException("BUG: approved user not found (" + principal.getName() + ")");
        }
    }

    public User modifyUser(User user) throws UserNotFoundException, TransientException, AccessControlException {
        ArrayList arrayList = new ArrayList();
        if (user.personalDetails != null) {
            addModification(arrayList, LDAP_FIRST_NAME, user.personalDetails.getFirstName());
            addModification(arrayList, LDAP_LAST_NAME, user.personalDetails.getLastName());
            addModification(arrayList, LDAP_ADDRESS, user.personalDetails.address);
            addModification(arrayList, LDAP_CITY, user.personalDetails.city);
            addModification(arrayList, LDAP_COUNTRY, user.personalDetails.country);
            addModification(arrayList, LDAP_EMAIL, user.personalDetails.email);
            addModification(arrayList, LDAP_INSTITUTE, user.personalDetails.institute);
        }
        if (user.posixDetails != null) {
            addModification(arrayList, LDAP_USER_NAME, user.posixDetails.getUsername());
            addModification(arrayList, LDAP_UID_NUMBER, Integer.toString(user.posixDetails.getUid()));
            addModification(arrayList, "gidNumber", Integer.toString(user.posixDetails.getGid()));
            addModification(arrayList, LDAP_HOME_DIRECTORY, user.posixDetails.getHomeDirectory());
            addModification(arrayList, LDAP_LOGIN_SHELL, user.posixDetails.loginShell);
        }
        Set identities = user.getIdentities(X500Principal.class);
        if (identities != null && !identities.isEmpty()) {
            Iterator it = identities.iterator();
            while (it.hasNext()) {
                addModification(arrayList, LDAP_DISTINGUISHED_NAME, ((X500Principal) it.next()).getName());
            }
        }
        LDAPConnection readWriteConnection = getReadWriteConnection();
        try {
            LdapDAO.checkLdapResult(readWriteConnection.modify(new ModifyRequest(getUserDN(user, readWriteConnection, false), arrayList)).getResultCode());
        } catch (LDAPException e) {
            logger.debug("Modify Exception", e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        try {
            User user2 = getUser((Principal) user.getHttpPrincipal(), readWriteConnection);
            logger.debug("ModifiedUser: " + user.getHttpPrincipal().getName());
            return user2;
        } catch (UserNotFoundException e2) {
            throw new RuntimeException("BUG: modified user not found (" + user.getHttpPrincipal().getName() + ")");
        }
    }

    protected void updatePassword(HttpPrincipal httpPrincipal, String str, String str2) throws UserNotFoundException, TransientException, AccessControlException {
        try {
            LDAPConnection readWriteConnection = getReadWriteConnection();
            User user = new User();
            user.getIdentities().add(httpPrincipal);
            DN userDN = getUserDN(user, readWriteConnection, false);
            LdapDAO.checkLdapResult(readWriteConnection.processExtendedOperation(str == null ? new PasswordModifyExtendedRequest(userDN.toNormalizedString(), (String) null, new String(str2)) : new PasswordModifyExtendedRequest(userDN.toNormalizedString(), new String(str), new String(str2))).getResultCode());
            logger.debug("updatedPassword for " + httpPrincipal.getName());
        } catch (LDAPException e) {
            logger.debug("setPassword Exception: " + e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
    }

    public void setPassword(HttpPrincipal httpPrincipal, String str, String str2) throws UserNotFoundException, TransientException, AccessControlException {
        updatePassword(httpPrincipal, str, str2);
    }

    public void resetPassword(HttpPrincipal httpPrincipal, String str) throws UserNotFoundException, TransientException, AccessControlException {
        updatePassword(httpPrincipal, null, str);
    }

    public void deleteUser(Principal principal, boolean z) throws UserNotFoundException, TransientException, AccessControlException {
        deleteUser(principal, this.config.getUsersDN(), z);
    }

    public void unlockUser(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        unlockUser(principal, this.config.getUsersDN());
    }

    public void deleteUserRequest(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        deleteUser(principal, this.config.getUserRequestsDN(), false);
    }

    private void deleteUser(Principal principal, String str, boolean z) throws UserNotFoundException, AccessControlException, TransientException {
        User user = getUser(principal, str);
        LDAPConnection readWriteConnection = getReadWriteConnection();
        try {
            DN userDN = getUserDN(uuid2long(user.getID().getUUID()), str);
            if (z) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(new Modification(ModificationType.ADD, "nsaccountlock", "true"));
                LdapDAO.checkLdapResult(readWriteConnection.modify(new ModifyRequest(userDN, arrayList)).getResultCode());
            } else {
                DeleteRequest deleteRequest = new DeleteRequest(userDN);
                LDAPResult delete = readWriteConnection.delete(deleteRequest);
                logger.info("delete result:" + deleteRequest);
                LdapDAO.checkLdapResult(delete.getResultCode());
            }
            logger.debug("deleted " + principal.getName() + " from " + str);
        } catch (LDAPException e) {
            logger.debug("Delete Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        if (z) {
            return;
        }
        try {
            getUser(principal, str, readWriteConnection, false);
            throw new RuntimeException("BUG: " + principal.getName() + " not deleted in " + str);
        } catch (UserNotFoundException e2) {
        }
    }

    private void unlockUser(Principal principal, String str) throws UserNotFoundException, AccessControlException, TransientException {
        User lockedUser = getLockedUser(principal, str);
        LDAPConnection readWriteConnection = getReadWriteConnection();
        try {
            DN userDN = getUserDN(uuid2long(lockedUser.getID().getUUID()), str);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new Modification(ModificationType.DELETE, "nsaccountlock"));
            LdapDAO.checkLdapResult(readWriteConnection.modify(new ModifyRequest(userDN, arrayList)).getResultCode());
            logger.debug("unlocked " + principal.getName());
        } catch (LDAPException e) {
            logger.debug("UnlockUser Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode(), true);
        }
    }

    private Principal getPreferredPrincipal(User user) {
        Principal principal = null;
        for (Principal principal2 : user.getIdentities()) {
            if (principal2 instanceof NumericPrincipal) {
                return principal2;
            }
            principal = principal2;
        }
        return principal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DN getUserDN(User user, LDAPConnection lDAPConnection, boolean z) throws UserNotFoundException, TransientException, LDAPException {
        Principal preferredPrincipal = getPreferredPrincipal(user);
        if (preferredPrincipal == null) {
            throw new UserNotFoundException("No identities");
        }
        String userRequestsDN = z ? this.config.getUserRequestsDN() : this.config.getUsersDN();
        if (preferredPrincipal instanceof NumericPrincipal) {
            return getUserDN(uuid2long(UUID.fromString(preferredPrincipal.getName())), userRequestsDN);
        }
        String str = this.userLdapAttrib.get(preferredPrincipal.getClass());
        if (str == null) {
            throw new IllegalArgumentException("Unsupported principal type " + preferredPrincipal.getClass());
        }
        Filter createEqualityFilter = Filter.createEqualityFilter(str, preferredPrincipal.getName());
        logger.debug("search filter: " + createEqualityFilter);
        SearchResultEntry searchResultEntry = null;
        try {
            searchResultEntry = lDAPConnection.searchForEntry(new SearchRequest(userRequestsDN, SearchScope.ONE, createEqualityFilter, new String[]{"entrydn"}));
            logger.debug("getUserDN: got " + preferredPrincipal.getName() + " from " + userRequestsDN);
        } catch (LDAPException e) {
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        if (searchResultEntry != null) {
            return searchResultEntry.getAttributeValueAsDN("entrydn");
        }
        String str2 = "User not found " + preferredPrincipal.getName() + " in " + userRequestsDN;
        logger.debug(str2);
        throw new UserNotFoundException(str2);
    }

    protected DN getUserDN(long j, String str) throws LDAPException, TransientException {
        return new DN("uid=" + j + "," + str);
    }

    protected DN getGroupDN(String str, String str2) throws LDAPException, TransientException {
        return new DN("cn=" + str + "," + str2);
    }

    private void addAttribute(List<Attribute> list, String str, String str2) {
        if (str2 == null || str2.isEmpty()) {
            return;
        }
        list.add(new Attribute(str, str2));
    }

    private void addModification(List<Modification> list, String str, String str2) {
        if (str2 == null || str2.isEmpty()) {
            list.add(new Modification(ModificationType.REPLACE, str));
        } else {
            list.add(new Modification(ModificationType.REPLACE, str, str2));
        }
    }

    protected static void checkUserLDAPResult(ResultCode resultCode) throws TransientException, UserAlreadyExistsException {
        if (resultCode == ResultCode.ENTRY_ALREADY_EXISTS) {
            throw new UserAlreadyExistsException("User already exists.");
        }
        LdapDAO.checkLdapResult(resultCode);
    }

    protected long uuid2long(UUID uuid) {
        return uuid.getLeastSignificantBits();
    }

    protected InternalID getInternalID(String str) {
        String str2 = new LocalAuthority().getServiceURI(Standards.UMS_REQS_01.toString()).toString() + "?" + new UUID(0L, Long.parseLong(str)).toString();
        try {
            return new InternalID(new URI(str2));
        } catch (URISyntaxException e) {
            throw new RuntimeException("Invalid InternalID URI " + str2);
        }
    }
}
