package ca.nrc.cadc.ac.server.ldap;

import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserSet;
import ca.nrc.cadc.ac.server.GroupDetailSelector;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.StringUtil;
import com.unboundid.ldap.sdk.AddRequest;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.DeleteRequest;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPResult;
import com.unboundid.ldap.sdk.LDAPSearchException;
import com.unboundid.ldap.sdk.Modification;
import com.unboundid.ldap.sdk.ModificationType;
import com.unboundid.ldap.sdk.ModifyRequest;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchResultListener;
import com.unboundid.ldap.sdk.SearchResultReference;
import com.unboundid.ldap.sdk.SearchScope;
import java.lang.reflect.Field;
import java.net.URI;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.apache.log4j.Logger;
import org.opencadc.gms.GroupURI;

/* loaded from: input_file:ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.class */
public class LdapGroupDAO extends LdapDAO {
    protected static final String LDAP_GROUP_OF_UNIQUE_NAMES = "groupofuniquenames";
    protected static final String LDAP_POSIX_GROUP = "posixgroup";
    private LdapUserDAO userDAO;
    GroupDetailSelector searchDetailSelector;
    private static final Logger logger = Logger.getLogger(LdapGroupDAO.class);
    private static final String[] PUB_GROUP_ATTRS = {"entrydn", "cn"};
    protected static final String LDAP_OWNER = "owner";
    protected static final String LDAP_MODIFY_TIMESTAMP = "modifytimestamp";
    protected static final String LDAP_DESCRIPTION = "description";
    protected static final String LDAP_GID_NUMBER = "gidNumber";
    private static final String[] GROUP_ATTRS = {"entrydn", "cn", "nsaccountlock", LDAP_OWNER, LDAP_MODIFY_TIMESTAMP, LDAP_DESCRIPTION, LDAP_GID_NUMBER};
    protected static final String LDAP_UNIQUE_MEMBER = "uniquemember";
    private static final String[] GROUP_AND_MEMBER_ATTRS = {"entrydn", "cn", "nsaccountlock", LDAP_OWNER, LDAP_MODIFY_TIMESTAMP, LDAP_DESCRIPTION, LDAP_GID_NUMBER, LDAP_UNIQUE_MEMBER};

    public LdapGroupDAO(LdapConnections ldapConnections, LdapUserDAO ldapUserDAO) {
        super(ldapConnections);
        if (ldapUserDAO == null) {
            throw new IllegalArgumentException("User persistence instance required");
        }
        this.userDAO = ldapUserDAO;
    }

    public Group addUserAssociatedGroup(Group group, int i) throws GroupAlreadyExistsException, TransientException, UserNotFoundException, AccessControlException {
        try {
            return addGroup(group, Integer.valueOf(i));
        } catch (GroupNotFoundException e) {
            throw new IllegalStateException("Failed to add user associated group.");
        }
    }

    public Group addGroup(Group group) throws GroupAlreadyExistsException, TransientException, UserNotFoundException, AccessControlException, GroupNotFoundException {
        return addGroup(group, null);
    }

    private Group addGroup(Group group, Integer num) throws GroupAlreadyExistsException, TransientException, UserNotFoundException, AccessControlException, GroupNotFoundException {
        if (!group.getProperties().isEmpty()) {
            throw new UnsupportedOperationException("Support for groups properties not available");
        }
        try {
            Set identities = group.getOwner().getIdentities(DNPrincipal.class);
            if (identities.isEmpty()) {
                throw new RuntimeException("BUG: User does not have an internal DNPrincipal");
            }
            DN dn = new DN(((DNPrincipal) identities.iterator().next()).getName());
            LDAPConnection readWriteConnection = getReadWriteConnection();
            if (!reactivateGroup(group)) {
                LdapDAO.checkLdapResult(addGroup(getGroupDN(group.getID().getName()), group.getID().getName(), dn, group.description, group.getUserMembers(), group.getGroupMembers(), num, readWriteConnection).getResultCode());
                if (num == null) {
                    LdapDAO.checkLdapResult(addGroup(getAdminGroupDN(group.getID().getName()), group.getID().getName(), dn, group.description, group.getUserAdmins(), group.getGroupAdmins(), num, readWriteConnection).getResultCode());
                }
            }
            return num == null ? getGroup(group.getID().getName(), true, readWriteConnection) : getUserAssociatedGroup(group.getID().getName(), true, readWriteConnection);
        } catch (LDAPException e) {
            logger.debug("addGroup Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
            throw new RuntimeException("Unexpected LDAP exception", e);
        }
    }

    private LDAPResult addGroup(DN dn, String str, DN dn2, String str2, Set<User> set, Set<Group> set2, Integer num, LDAPConnection lDAPConnection) throws UserNotFoundException, LDAPException, TransientException, AccessControlException, GroupNotFoundException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Attribute(LDAP_OWNER, dn2.toNormalizedString()));
        arrayList.add(new Attribute("objectClass", LDAP_GROUP_OF_UNIQUE_NAMES));
        arrayList.add(new Attribute("objectClass", "inetuser"));
        arrayList.add(new Attribute("objectClass", LDAP_POSIX_GROUP));
        arrayList.add(new Attribute("cn", str));
        if (num == null) {
            arrayList.add(new Attribute(LDAP_GID_NUMBER, String.valueOf(genNextNumericId())));
        } else {
            arrayList.add(new Attribute(LDAP_GID_NUMBER, String.valueOf(num)));
            arrayList.add(new Attribute("nsaccountlock", "true"));
        }
        if (StringUtil.hasText(str2)) {
            arrayList.add(new Attribute(LDAP_DESCRIPTION, str2));
        }
        ArrayList arrayList2 = new ArrayList();
        for (User user : set) {
            arrayList2.add((num == null ? this.userDAO.getUserDN(user, lDAPConnection, false) : this.userDAO.getUserDN(user, lDAPConnection, true)).toNormalizedString());
        }
        Iterator<Group> it = set2.iterator();
        while (it.hasNext()) {
            String name = it.next().getID().getName();
            if (!checkGroupExists(name, lDAPConnection)) {
                throw new GroupNotFoundException(name);
            }
            arrayList2.add(getGroupDN(name).toNormalizedString());
        }
        if (!arrayList2.isEmpty()) {
            arrayList.add(new Attribute(LDAP_UNIQUE_MEMBER, (String[]) arrayList2.toArray(new String[arrayList2.size()])));
        }
        AddRequest addRequest = new AddRequest(dn, arrayList);
        logger.debug("addGroup: " + dn);
        return lDAPConnection.add(addRequest);
    }

    private SearchResultEntry searchForGroup(Group group) throws TransientException, LDAPSearchException {
        return getReadWriteConnection().searchForEntry(new SearchRequest(getGroupDN(group.getID().getName()).toNormalizedString(), SearchScope.BASE, Filter.createEqualityFilter("cn", group.getID().getName()), new String[]{"nsaccountlock"}));
    }

    public boolean reactivateGroup(Group group) throws AccessControlException, UserNotFoundException, TransientException, GroupAlreadyExistsException {
        try {
            SearchResultEntry searchForGroup = searchForGroup(group);
            if (searchForGroup == null) {
                return false;
            }
            if (searchForGroup.getAttributeValue("nsaccountlock") == null) {
                throw new GroupAlreadyExistsException("Group already exists " + group.getID());
            }
            try {
                activateReactivateGroup(group, true);
                return true;
            } catch (GroupNotFoundException e) {
                throw new RuntimeException("BUG: group to modify does not exist " + group.getID());
            }
        } catch (LDAPException e2) {
            logger.debug("reactivateGroup Exception: " + e2, e2);
            LdapDAO.checkLdapResult(e2.getResultCode());
            throw new RuntimeException("Unexpected LDAP exception", e2);
        }
    }

    public boolean deactivateGroup(Group group) throws AccessControlException, UserNotFoundException, TransientException, GroupAlreadyExistsException {
        try {
            SearchResultEntry searchForGroup = searchForGroup(group);
            if (searchForGroup == null) {
                throw new RuntimeException("BUG: group to be deactivated does not exist " + group.getID());
            }
            String attributeValue = searchForGroup.getAttributeValue("nsaccountlock");
            if (attributeValue != null && attributeValue.equalsIgnoreCase("true")) {
                throw new RuntimeException("BUG: group is already deactivated " + group.getID());
            }
            try {
                activateReactivateGroup(group, false);
                return true;
            } catch (GroupNotFoundException e) {
                throw new RuntimeException("BUG: group to modify does not exist " + group.getID());
            }
        } catch (LDAPException e2) {
            logger.debug("deactivateGroup Exception: " + e2, e2);
            LdapDAO.checkLdapResult(e2.getResultCode());
            throw new RuntimeException("Unexpected LDAP exception", e2);
        }
    }

    public Collection<String> getGroupNames() throws TransientException {
        try {
            Filter createANDFilter = Filter.createANDFilter(new Filter[]{Filter.createNOTFilter(Filter.createPresenceFilter("nsaccountlock")), Filter.create("(cn=*)")});
            final LinkedList linkedList = new LinkedList();
            SearchRequest searchRequest = new SearchRequest(new SearchResultListener() { // from class: ca.nrc.cadc.ac.server.ldap.LdapGroupDAO.1
                long t1 = System.currentTimeMillis();

                public void searchEntryReturned(SearchResultEntry searchResultEntry) {
                    linkedList.add(searchResultEntry.getAttributeValue("cn"));
                    long currentTimeMillis = System.currentTimeMillis();
                    long j = currentTimeMillis - this.t1;
                    if (linkedList.size() == 1) {
                        LdapGroupDAO.logger.debug("first row: " + j + "ms");
                        this.t1 = currentTimeMillis;
                    }
                    if (linkedList.size() % 100 == 0) {
                        LdapGroupDAO.logger.debug("found: " + linkedList.size() + " " + j + "ms");
                        this.t1 = currentTimeMillis;
                    }
                }

                public void searchReferenceReturned(SearchResultReference searchResultReference) {
                    throw new UnsupportedOperationException("Not supported yet.");
                }
            }, this.config.getGroupsDN(), SearchScope.ONE, createANDFilter, PUB_GROUP_ATTRS);
            try {
                Profiler profiler = new Profiler(LdapGroupDAO.class);
                LDAPConnection readOnlyConnection = getReadOnlyConnection();
                profiler.checkpoint("getGroupNames.getConnection");
                SearchResult search = readOnlyConnection.search(searchRequest);
                profiler.checkpoint("getGroupNames.search");
                LdapDAO.checkLdapResult(search.getResultCode());
                return linkedList;
            } catch (LDAPSearchException e) {
                logger.debug("Could not find groups root", e);
                LdapDAO.checkLdapResult(e.getResultCode());
                if (e.getResultCode() == ResultCode.NO_SUCH_OBJECT) {
                    throw new IllegalStateException("Could not find groups root");
                }
                throw new IllegalStateException("unexpected failure", e);
            }
        } catch (LDAPException e2) {
            logger.debug("getGroupNames Exception: " + e2, e2);
            LdapDAO.checkLdapResult(e2.getResultCode());
            throw new IllegalStateException("Unexpected exception: " + e2.getMatchedDN(), e2);
        }
    }

    private void addGroupMembers(SearchResultEntry searchResultEntry, Group group, LDAPConnection lDAPConnection, boolean z) throws LDAPException, AccessControlException, TransientException {
        User userRequest;
        if (searchResultEntry.getAttributeValues(LDAP_UNIQUE_MEMBER) != null) {
            for (String str : searchResultEntry.getAttributeValues(LDAP_UNIQUE_MEMBER)) {
                String userRequestsDN = z ? this.config.getUserRequestsDN() : this.config.getUsersDN();
                DN dn = new DN(str);
                if (dn.isDescendantOf(userRequestsDN, false)) {
                    if (z) {
                        try {
                            userRequest = this.userDAO.getUserRequest(new DNPrincipal(str), lDAPConnection);
                        } catch (UserNotFoundException e) {
                        }
                    } else {
                        userRequest = this.userDAO.getUser((Principal) new DNPrincipal(str), lDAPConnection);
                    }
                    group.getUserMembers().add(userRequest);
                } else {
                    if (!dn.isDescendantOf(this.config.getGroupsDN(), false)) {
                        throw new RuntimeException("BUG: unknown member DN type: " + dn);
                    }
                    if (z) {
                        try {
                            group.getGroupMembers().add(getUserAssociatedGroup(dn, null, PUB_GROUP_ATTRS, lDAPConnection));
                        } catch (GroupNotFoundException e2) {
                        }
                    } else {
                        group.getGroupMembers().add(getGroup(dn, null, PUB_GROUP_ATTRS, lDAPConnection));
                    }
                }
            }
        }
    }

    private SearchResultEntry searchForEntry(Profiler profiler, DN dn, String str, Filter filter, String[] strArr, LDAPConnection lDAPConnection) throws LDAPSearchException, GroupNotFoundException {
        SearchResultEntry searchForEntry = lDAPConnection.searchForEntry(new SearchRequest(dn.toNormalizedString(), SearchScope.BASE, filter, strArr));
        profiler.checkpoint("getGroup.searchForEntry");
        if (searchForEntry != null) {
            return searchForEntry;
        }
        logger.debug("Group not found " + str + " cause: null");
        throw new GroupNotFoundException(str);
    }

    public Group getAnyGroup(String str) throws TransientException, GroupNotFoundException {
        DN groupDN = getGroupDN(str);
        String[] strArr = GROUP_AND_MEMBER_ATTRS;
        logger.debug("getGroup: " + groupDN + " attrs: " + strArr.length);
        LDAPConnection readOnlyConnection = getReadOnlyConnection();
        Profiler profiler = new Profiler(LdapGroupDAO.class);
        try {
            SearchResultEntry searchForEntry = searchForEntry(profiler, groupDN, str, Filter.createEqualityFilter("entrydn", groupDN.toNormalizedString()), strArr, readOnlyConnection);
            Boolean attributeValueAsBoolean = searchForEntry.getAttributeValueAsBoolean("nsaccountlock");
            if (attributeValueAsBoolean == null) {
                attributeValueAsBoolean = false;
            }
            if (!attributeValueAsBoolean.booleanValue() && searchForEntry.getAttribute("nsaccountlock") != null) {
                throw new RuntimeException("BUG: found group with nsaccountlock set: " + searchForEntry.getAttributeValue("entrydn"));
            }
            Group createGroupFromSearchResult = createGroupFromSearchResult(searchForEntry, strArr, readOnlyConnection);
            profiler.checkpoint("getGroup.createGroupFromSearchResult");
            addGroupMembers(searchForEntry, createGroupFromSearchResult, readOnlyConnection, attributeValueAsBoolean.booleanValue());
            profiler.checkpoint("getGroup.addMembers");
            return createGroupFromSearchResult;
        } catch (LDAPException e) {
            logger.debug("getAnyGroup Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
            throw new RuntimeException("BUG: checkLdapResult didn't throw an exception");
        }
    }

    public Group getUserAssociatedGroup(String str, boolean z) throws GroupNotFoundException, TransientException, AccessControlException {
        return getUserAssociatedGroup(str, z, getReadOnlyConnection());
    }

    private Group getUserAssociatedGroup(String str, boolean z, LDAPConnection lDAPConnection) throws GroupNotFoundException, TransientException, AccessControlException {
        String[] strArr = GROUP_ATTRS;
        if (z) {
            strArr = GROUP_AND_MEMBER_ATTRS;
        }
        return getUserAssociatedGroup(getGroupDN(str), str, strArr, lDAPConnection);
    }

    private Group getUserAssociatedGroup(DN dn, String str, String[] strArr, LDAPConnection lDAPConnection) throws GroupNotFoundException, TransientException, AccessControlException {
        logger.debug("getGroup: " + dn + " attrs: " + strArr.length);
        String str2 = str;
        if (str2 == null) {
            str2 = dn.toString();
        }
        Profiler profiler = new Profiler(LdapGroupDAO.class);
        try {
            SearchResultEntry searchForEntry = searchForEntry(profiler, dn, str2, Filter.createEqualityFilter("entrydn", dn.toNormalizedString()), strArr, lDAPConnection);
            Group createGroupFromSearchResult = createGroupFromSearchResult(searchForEntry, strArr, lDAPConnection);
            profiler.checkpoint("getGroup.createGroupFromSearchResult");
            addUserAssociatedGroupMembers(searchForEntry, createGroupFromSearchResult, lDAPConnection);
            profiler.checkpoint("getGroup.addMembers");
            return createGroupFromSearchResult;
        } catch (LDAPException e) {
            logger.debug("getGroup Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
            throw new RuntimeException("BUG: checkLdapResult didn't throw an exception");
        }
    }

    private void addUserAssociatedGroupMembers(SearchResultEntry searchResultEntry, Group group, LDAPConnection lDAPConnection) throws LDAPException, AccessControlException, TransientException {
        if (searchResultEntry.getAttributeValues(LDAP_UNIQUE_MEMBER) != null) {
            for (String str : searchResultEntry.getAttributeValues(LDAP_UNIQUE_MEMBER)) {
                String userRequestsDN = this.config.getUserRequestsDN();
                DN dn = new DN(str);
                if (dn.isDescendantOf(userRequestsDN, false)) {
                    try {
                        group.getUserMembers().add(this.userDAO.getUserRequest(new DNPrincipal(str), lDAPConnection));
                    } catch (UserNotFoundException e) {
                    }
                } else {
                    if (!dn.isDescendantOf(this.config.getGroupsDN(), false)) {
                        throw new RuntimeException("BUG: unknown member DN type: " + dn);
                    }
                    try {
                        group.getGroupMembers().add(getUserAssociatedGroup(dn, null, PUB_GROUP_ATTRS, lDAPConnection));
                    } catch (GroupNotFoundException e2) {
                    }
                }
            }
        }
    }

    public Group getGroup(String str, boolean z) throws GroupNotFoundException, TransientException, AccessControlException {
        return getGroup(str, z, getReadOnlyConnection());
    }

    private Group getGroup(String str, boolean z, LDAPConnection lDAPConnection) throws GroupNotFoundException, TransientException, AccessControlException {
        String[] strArr = GROUP_ATTRS;
        if (z) {
            strArr = GROUP_AND_MEMBER_ATTRS;
        }
        Group group = getGroup(getGroupDN(str), str, strArr, lDAPConnection);
        if (z && !isUserAssociatedGroup(group)) {
            Group group2 = getGroup(getAdminGroupDN(str), null, GROUP_AND_MEMBER_ATTRS, lDAPConnection);
            group.getGroupAdmins().addAll(group2.getGroupMembers());
            group.getUserAdmins().addAll(group2.getUserMembers());
        }
        return group;
    }

    private Group getGroup(DN dn, String str, String[] strArr, LDAPConnection lDAPConnection) throws GroupNotFoundException, TransientException, AccessControlException {
        logger.debug("getGroup: " + dn + " attrs: " + strArr.length);
        String str2 = str;
        if (str2 == null) {
            str2 = dn.toString();
        }
        Profiler profiler = new Profiler(LdapGroupDAO.class);
        try {
            SearchResultEntry searchForEntry = searchForEntry(profiler, dn, str2, Filter.createANDFilter(new Filter[]{Filter.createNOTFilter(Filter.createPresenceFilter("nsaccountlock")), Filter.createEqualityFilter("entrydn", dn.toNormalizedString())}), strArr, lDAPConnection);
            if (searchForEntry.getAttribute("nsaccountlock") != null) {
                throw new RuntimeException("BUG: found group with nsaccountlock set: " + searchForEntry.getAttributeValue("entrydn"));
            }
            Group createGroupFromSearchResult = createGroupFromSearchResult(searchForEntry, strArr, lDAPConnection);
            profiler.checkpoint("getGroup.createGroupFromSearchResult");
            addGroupMembers(searchForEntry, createGroupFromSearchResult, lDAPConnection, false);
            profiler.checkpoint("getGroup.addMembers");
            return createGroupFromSearchResult;
        } catch (LDAPException e) {
            logger.debug("getGroup Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
            throw new RuntimeException("BUG: checkLdapResult didn't throw an exception");
        }
    }

    private boolean isUserAssociatedGroup(Group group) {
        boolean z = false;
        UserSet userMembers = group.getUserMembers();
        if (userMembers.size() == 1) {
            User user = (User) userMembers.iterator().next();
            if (user.posixDetails != null && user.posixDetails.getUsername().equals(group.getID().getURI().getQuery())) {
                z = true;
            }
        }
        return z;
    }

    private void activateReactivateGroup(Group group, boolean z) throws UserNotFoundException, TransientException, AccessControlException, GroupNotFoundException {
        if (!group.getProperties().isEmpty()) {
            throw new UnsupportedOperationException("Support for groups properties not available");
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (z) {
            arrayList.add(new Modification(ModificationType.DELETE, "nsaccountlock"));
            arrayList2.add(new Modification(ModificationType.DELETE, "nsaccountlock"));
        } else {
            arrayList.add(new Modification(ModificationType.ADD, "nsaccountlock", "true"));
            arrayList2.add(new Modification(ModificationType.ADD, "nsaccountlock", "true"));
        }
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        LDAPConnection readWriteConnection = getReadWriteConnection();
        try {
            Iterator it = group.getUserMembers().iterator();
            while (it.hasNext()) {
                hashSet.add(this.userDAO.getUserDN((User) it.next(), readWriteConnection, !z).toNormalizedString());
            }
            Iterator it2 = group.getUserAdmins().iterator();
            while (it2.hasNext()) {
                hashSet2.add(this.userDAO.getUserDN((User) it2.next(), readWriteConnection, !z).toNormalizedString());
            }
        } catch (LDAPException e) {
            logger.debug("Modify Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        modifyGroup(group, arrayList, arrayList2, hashSet, hashSet2, readWriteConnection);
    }

    private void modifyGroup(Group group, List<Modification> list, List<Modification> list2, Set<String> set, Set<String> set2, LDAPConnection lDAPConnection) throws TransientException, UserNotFoundException, GroupNotFoundException {
        if (StringUtil.hasText(group.description)) {
            list.add(new Modification(ModificationType.REPLACE, LDAP_DESCRIPTION, group.description));
        } else {
            list.add(new Modification(ModificationType.REPLACE, LDAP_DESCRIPTION));
        }
        try {
            for (Group group2 : group.getGroupMembers()) {
                if (!checkGroupExists(group2.getID().getName(), lDAPConnection)) {
                    throw new GroupNotFoundException(group2.getID().getName());
                }
                set.add(getGroupDN(group2.getID().getName()).toNormalizedString());
            }
            for (Group group3 : group.getGroupAdmins()) {
                if (!checkGroupExists(group3.getID().getName(), lDAPConnection)) {
                    throw new GroupNotFoundException(group3.getID().getName());
                }
                set2.add(getGroupDN(group3.getID().getName()).toNormalizedString());
            }
            if (!isUserAssociatedGroup(group)) {
                list2.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER, (String[]) set2.toArray(new String[set2.size()])));
                LdapDAO.checkLdapResult(lDAPConnection.modify(new ModifyRequest(getAdminGroupDN(group.getID().getName()), list2)).getResultCode());
            }
            list.add(new Modification(ModificationType.REPLACE, LDAP_UNIQUE_MEMBER, (String[]) set.toArray(new String[set.size()])));
            LdapDAO.checkLdapResult(lDAPConnection.modify(new ModifyRequest(getGroupDN(group.getID().getName()), list)).getResultCode());
        } catch (LDAPException e) {
            logger.debug("Modify Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
    }

    public Group modifyGroup(Group group) throws GroupNotFoundException, TransientException, AccessControlException, UserNotFoundException {
        String name = group.getID().getName();
        getGroup(getGroupDN(name), name, PUB_GROUP_ATTRS, getReadWriteConnection());
        if (!group.getProperties().isEmpty()) {
            throw new UnsupportedOperationException("Support for groups properties not available");
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        LDAPConnection readWriteConnection = getReadWriteConnection();
        try {
            Iterator it = group.getUserMembers().iterator();
            while (it.hasNext()) {
                hashSet.add(this.userDAO.getUserDN((User) it.next(), readWriteConnection, false).toNormalizedString());
            }
            Iterator it2 = group.getUserAdmins().iterator();
            while (it2.hasNext()) {
                hashSet2.add(this.userDAO.getUserDN((User) it2.next(), readWriteConnection, false).toNormalizedString());
            }
        } catch (LDAPException e) {
            logger.debug("Modify Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        modifyGroup(group, arrayList, arrayList2, hashSet, hashSet2, readWriteConnection);
        try {
            return getGroup(group.getID().getName(), true, readWriteConnection);
        } catch (GroupNotFoundException e2) {
            throw new RuntimeException("BUG: modified group not found (" + group.getID() + ")");
        }
    }

    public void deleteUserAssociatedGroup(String str) throws GroupNotFoundException, TransientException, AccessControlException {
        deleteUserAssociatedGroup(getGroupDN(str), str, false);
        deleteUserAssociatedGroup(getAdminGroupDN(str), str, true);
    }

    private void deleteUserAssociatedGroup(DN dn, String str, boolean z) throws GroupNotFoundException, TransientException, AccessControlException {
        LDAPConnection readWriteConnection = getReadWriteConnection();
        try {
            logger.debug("deleteGroup " + dn);
            DeleteRequest deleteRequest = new DeleteRequest(dn);
            LDAPResult delete = readWriteConnection.delete(deleteRequest);
            logger.info("delete result:" + deleteRequest);
            LdapDAO.checkLdapResult(delete.getResultCode());
        } catch (LDAPException e) {
            logger.debug("delete group fail: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        try {
            throw new RuntimeException("BUG: group not deleted " + getUserAssociatedGroup(getGroupDN(str), null, GROUP_ATTRS, readWriteConnection).getID());
        } catch (GroupNotFoundException e2) {
        }
    }

    public void deleteGroup(String str) throws GroupNotFoundException, TransientException, AccessControlException {
        deleteGroup(getGroupDN(str), str, false);
        deleteGroup(getAdminGroupDN(str), str, true);
    }

    private void deleteGroup(DN dn, String str, boolean z) throws GroupNotFoundException, TransientException, AccessControlException {
        LDAPConnection readWriteConnection = getReadWriteConnection();
        ModifyRequest modifyRequest = new ModifyRequest(dn, new Modification(ModificationType.DELETE, LDAP_UNIQUE_MEMBER));
        try {
            logger.debug("clearMembers " + dn);
            LdapDAO.checkLdapResult(readWriteConnection.modify(modifyRequest).getResultCode(), true, null);
        } catch (LDAPException e) {
            logger.debug("clear members fail: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode(), true, null);
        }
        ModifyRequest modifyRequest2 = new ModifyRequest(dn, new Modification(ModificationType.ADD, "nsaccountlock", "true"));
        try {
            logger.debug("deleteGroup " + dn);
            LdapDAO.checkLdapResult(readWriteConnection.modify(modifyRequest2).getResultCode());
        } catch (LDAPException e2) {
            logger.debug("delete group fail: " + e2, e2);
            LdapDAO.checkLdapResult(e2.getResultCode());
        }
        try {
            throw new RuntimeException("BUG: group not deleted " + getGroup(getGroupDN(str), null, GROUP_ATTRS, readWriteConnection).getID());
        } catch (GroupNotFoundException e3) {
        }
    }

    public Collection<Group> getOwnerGroups(DNPrincipal dNPrincipal, String str) throws TransientException, AccessControlException {
        ArrayList arrayList = new ArrayList();
        try {
            Filter createANDFilter = Filter.createANDFilter(new Filter[]{Filter.createNOTFilter(Filter.createPresenceFilter("nsaccountlock")), Filter.createEqualityFilter(LDAP_OWNER, new DN(dNPrincipal.getName()).toNormalizedString())});
            if (str != null) {
                createANDFilter = Filter.createANDFilter(new Filter[]{createANDFilter, Filter.createEqualityFilter("entrydn", getGroupDN(str).toNormalizedString())});
            }
            SearchRequest searchRequest = new SearchRequest(this.config.getGroupsDN(), SearchScope.SUB, createANDFilter, GROUP_ATTRS);
            LDAPConnection readOnlyConnection = getReadOnlyConnection();
            for (SearchResultEntry searchResultEntry : getReadOnlyConnection().search(searchRequest).getSearchEntries()) {
                if (searchResultEntry.getAttribute("nsaccountlock") != null) {
                    throw new RuntimeException("BUG: found group with nsaccountlock set: " + searchResultEntry.getAttributeValue("entrydn"));
                }
                arrayList.add(createGroupFromSearchResult(searchResultEntry, GROUP_ATTRS, readOnlyConnection));
            }
        } catch (LDAPException e) {
            logger.debug("getOwnerGroups Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
        }
        return arrayList;
    }

    private Group createGroupFromSearchResult(SearchResultEntry searchResultEntry, String[] strArr, LDAPConnection lDAPConnection) throws LDAPException, TransientException {
        String attributeValue = searchResultEntry.getAttributeValue("entrydn");
        String attributeValue2 = searchResultEntry.getAttributeValue("cn");
        URI serviceURI = new LocalAuthority().getServiceURI(Standards.GMS_GROUPS_01.toString());
        if (strArr == PUB_GROUP_ATTRS) {
            return new Group(new GroupURI(serviceURI, attributeValue2));
        }
        String attributeValue3 = searchResultEntry.getAttributeValue(LDAP_OWNER);
        if (attributeValue3 == null) {
            throw new AccessControlException(attributeValue2);
        }
        try {
            Object user = this.userDAO.getUser((Principal) new DNPrincipal(attributeValue3), lDAPConnection);
            Group group = new Group(new GroupURI(serviceURI, attributeValue2));
            setField(group, user, LDAP_OWNER);
            if (searchResultEntry.hasAttribute(LDAP_DESCRIPTION)) {
                group.description = searchResultEntry.getAttributeValue(LDAP_DESCRIPTION);
            }
            if (searchResultEntry.hasAttribute(LDAP_GID_NUMBER)) {
                group.gid = Integer.valueOf(Integer.parseInt(searchResultEntry.getAttributeValue(LDAP_GID_NUMBER)));
            }
            if (searchResultEntry.hasAttribute(LDAP_MODIFY_TIMESTAMP)) {
                group.lastModified = searchResultEntry.getAttributeValueAsDate(LDAP_MODIFY_TIMESTAMP);
            }
            return group;
        } catch (UserNotFoundException e) {
            throw new RuntimeException("Invalid state: owner does not exist: " + attributeValue3 + " group: " + attributeValue);
        }
    }

    protected DN getGroupDN(String str) throws TransientException {
        try {
            return new DN("cn=" + str + "," + this.config.getGroupsDN());
        } catch (LDAPException e) {
            logger.debug("getGroupDN Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
            throw new IllegalArgumentException(str + " not a valid group ID");
        }
    }

    protected DN getAdminGroupDN(String str) throws TransientException {
        try {
            return new DN("cn=" + str + "," + this.config.getAdminGroupsDN());
        } catch (LDAPException e) {
            logger.debug("getAdminGroupDN Exception: " + e, e);
            LdapDAO.checkLdapResult(e.getResultCode());
            throw new IllegalArgumentException(str + " not a valid group ID");
        }
    }

    private boolean checkGroupExists(String str, LDAPConnection lDAPConnection) throws LDAPException, TransientException {
        try {
            getGroup(getGroupDN(str), str, PUB_GROUP_ATTRS, lDAPConnection);
            return true;
        } catch (GroupNotFoundException e) {
            return false;
        }
    }

    private void setField(Object obj, Object obj2, String str) {
        try {
            Field declaredField = obj.getClass().getDeclaredField(str);
            declaredField.setAccessible(true);
            declaredField.set(obj, obj2);
        } catch (IllegalAccessException e) {
            throw new RuntimeException("unable to update " + str + " in " + obj.getClass().getSimpleName(), e);
        } catch (NoSuchFieldException e2) {
            throw new RuntimeException(obj.getClass().getSimpleName() + " field " + str + "not found", e2);
        }
    }
}
