package ca.nrc.cadc.ac.server.ldap;

import ca.nrc.cadc.ac.Group;
import ca.nrc.cadc.ac.GroupAlreadyExistsException;
import ca.nrc.cadc.ac.GroupNotFoundException;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.PosixPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.util.ObjectUtil;
import java.net.URI;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.SortedSet;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.opencadc.gms.GroupURI;

/* loaded from: input_file:ca/nrc/cadc/ac/server/ldap/LdapUserPersistence.class */
public class LdapUserPersistence extends LdapPersistence implements UserPersistence {
    private static final Logger logger = Logger.getLogger(LdapUserPersistence.class);

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public void destroy() {
        super.shutdown();
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User addUser(User user) throws UserNotFoundException, TransientException, AccessControlException, UserAlreadyExistsException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            User addUser = new LdapUserDAO(ldapConnections).addUser(user);
            ldapConnections.releaseConnections();
            return addUser;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User addUserRequest(UserRequest userRequest, Principal principal) throws UserNotFoundException, TransientException, AccessControlException, UserAlreadyExistsException {
        LdapConnections ldapConnections = new LdapConnections(this);
        User user = null;
        try {
            try {
                LdapUserDAO ldapUserDAO = new LdapUserDAO(ldapConnections);
                LdapGroupDAO ldapGroupDAO = new LdapGroupDAO(ldapConnections, ldapUserDAO);
                Group group = new Group(new GroupURI(new LocalAuthority().getServiceURI(Standards.GMS_GROUPS_01.toString()), userRequest.getUser().getHttpPrincipal().getName()));
                ObjectUtil.setField(group, ldapUserDAO.getAugmentedUser(principal, false), "owner");
                user = ldapUserDAO.addUserRequest(userRequest);
                group.getUserMembers().add(user);
                ldapGroupDAO.addUserAssociatedGroup(group, user.posixDetails.getGid());
                ldapConnections.releaseConnections();
                return user;
            } catch (GroupAlreadyExistsException e) {
                throw new IllegalStateException("group " + user.posixDetails.getGid() + " already existed", e);
            }
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User getUser(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), principal)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            User user = new LdapUserDAO(ldapConnections).getUser(principal);
            ldapConnections.releaseConnections();
            return user;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User getLockedUser(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), principal)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            User lockedUser = new LdapUserDAO(ldapConnections).getLockedUser(principal);
            ldapConnections.releaseConnections();
            return lockedUser;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User getUserByEmailAddress(String str) throws UserNotFoundException, UserAlreadyExistsException, TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            List<User> usersByEmailAddress = new LdapUserDAO(ldapConnections).getUsersByEmailAddress(str);
            if (usersByEmailAddress.size() == 0) {
                throw new UserNotFoundException("user with email address " + str + " not found");
            }
            if (usersByEmailAddress.size() > 1) {
                throw new UserAlreadyExistsException("more than one account matched email address " + str);
            }
            User user = usersByEmailAddress.get(0);
            ldapConnections.releaseConnections();
            return user;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public List<User> getUsersByEmailAddress(String str) throws TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            List<User> usersByEmailAddress = new LdapUserDAO(ldapConnections).getUsersByEmailAddress(str);
            ldapConnections.releaseConnections();
            return usersByEmailAddress;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User getUserRequest(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), principal)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            User userRequest = new LdapUserDAO(ldapConnections).getUserRequest(principal);
            ldapConnections.releaseConnections();
            return userRequest;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User getAugmentedUser(Principal principal, boolean z) throws UserNotFoundException, TransientException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            Profiler profiler = new Profiler(LdapUserPersistence.class);
            LdapUserDAO ldapUserDAO = new LdapUserDAO(ldapConnections);
            profiler.checkpoint("Create LdapUserDAO");
            User augmentedUser = ldapUserDAO.getAugmentedUser(principal, z);
            profiler.checkpoint("getAugmentedUser");
            ldapConnections.releaseConnections();
            return augmentedUser;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public Collection<User> getUsers() throws TransientException, AccessControlException {
        Subject currentSubject = AuthenticationUtil.getCurrentSubject();
        if (currentSubject == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(currentSubject))) {
            throw new AccessControlException("Caller is not authenticated");
        }
        if (currentSubject.getPrincipals(HttpPrincipal.class).isEmpty()) {
            throw new AccessControlException("Caller does not have authorized account");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            Collection<User> users = new LdapUserDAO(ldapConnections).getUsers();
            ldapConnections.releaseConnections();
            return users;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    public Collection<PosixPrincipal> getUsers(List<String> list, List<Integer> list2) throws TransientException, AccessControlException {
        Subject currentSubject = AuthenticationUtil.getCurrentSubject();
        if (currentSubject == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(currentSubject))) {
            throw new AccessControlException("Caller is not authenticated");
        }
        if (currentSubject.getPrincipals(HttpPrincipal.class).isEmpty()) {
            throw new AccessControlException("Caller does not have authorized account");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            LdapUserDAO ldapUserDAO = new LdapUserDAO(ldapConnections);
            if (list == null && list2 == null) {
                Collection<User> users = ldapUserDAO.getUsers();
                ArrayList arrayList = new ArrayList(users.size());
                for (User user : users) {
                    if (user.posixDetails != null) {
                        PosixPrincipal posixPrincipal = new PosixPrincipal(user.posixDetails.getUid());
                        posixPrincipal.defaultGroup = Integer.valueOf(user.posixDetails.getGid());
                        posixPrincipal.username = user.posixDetails.getUsername();
                        arrayList.add(posixPrincipal);
                    }
                }
                return arrayList;
            }
            ArrayList arrayList2 = new ArrayList();
            if (list != null) {
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    try {
                        User augmentedUser = ldapUserDAO.getAugmentedUser(new HttpPrincipal(it.next()), false);
                        if (augmentedUser.posixDetails != null) {
                            PosixPrincipal posixPrincipal2 = new PosixPrincipal(augmentedUser.posixDetails.getUid());
                            posixPrincipal2.defaultGroup = Integer.valueOf(augmentedUser.posixDetails.getGid());
                            posixPrincipal2.username = augmentedUser.posixDetails.getUsername();
                            arrayList2.add(posixPrincipal2);
                        }
                    } catch (UserNotFoundException e) {
                        logger.debug("skip: " + e);
                    }
                }
            }
            if (list2 != null) {
                Iterator<Integer> it2 = list2.iterator();
                while (it2.hasNext()) {
                    try {
                        User augmentedUser2 = ldapUserDAO.getAugmentedUser(new PosixPrincipal(it2.next().intValue()), false);
                        if (augmentedUser2.posixDetails != null) {
                            PosixPrincipal posixPrincipal3 = new PosixPrincipal(augmentedUser2.posixDetails.getUid());
                            posixPrincipal3.defaultGroup = Integer.valueOf(augmentedUser2.posixDetails.getGid());
                            posixPrincipal3.username = augmentedUser2.posixDetails.getUsername();
                            arrayList2.add(posixPrincipal3);
                        }
                    } catch (UserNotFoundException e2) {
                        logger.debug("skip: " + e2);
                    }
                }
            }
            ldapConnections.releaseConnections();
            return arrayList2;
        } finally {
            ldapConnections.releaseConnections();
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public Collection<User> getUserRequests() throws TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            Collection<User> userRequests = new LdapUserDAO(ldapConnections).getUserRequests();
            ldapConnections.releaseConnections();
            return userRequests;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User approveUserRequest(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            User userRequest = getUserRequest(principal);
            LdapUserDAO ldapUserDAO = new LdapUserDAO(ldapConnections);
            LdapGroupDAO ldapGroupDAO = new LdapGroupDAO(ldapConnections, ldapUserDAO);
            URI serviceURI = new LocalAuthority().getServiceURI(Standards.GMS_GROUPS_01.toString());
            String name = userRequest.getHttpPrincipal().getName();
            try {
                try {
                    Group userAssociatedGroup = ldapGroupDAO.getUserAssociatedGroup(new GroupURI(serviceURI, name).getName(), true);
                    if (!ldapGroupDAO.reactivateGroup(userAssociatedGroup)) {
                        throw new IllegalStateException("BUG: Failed to activate group for user " + name);
                    }
                    try {
                        User approveUserRequest = ldapUserDAO.approveUserRequest(principal);
                        ldapConnections.releaseConnections();
                        return approveUserRequest;
                    } catch (Exception e) {
                        ldapGroupDAO.deactivateGroup(userAssociatedGroup);
                        throw new IllegalStateException("Failed to approve userRequest for user " + name, e);
                    }
                } catch (GroupAlreadyExistsException e2) {
                    throw new IllegalStateException("BUG: Group for user " + name + " has already been activated.");
                }
            } catch (GroupNotFoundException e3) {
                throw new IllegalStateException("BUG: Missing group for user " + name);
            }
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User modifyUserPersonalDetails(User user) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), user)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            user.posixDetails = null;
            User modifyUser = new LdapUserDAO(ldapConnections).modifyUser(user);
            ldapConnections.releaseConnections();
            return modifyUser;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public User modifyUser(User user) throws UserNotFoundException, TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            User modifyUser = new LdapUserDAO(ldapConnections).modifyUser(user);
            ldapConnections.releaseConnections();
            return modifyUser;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public void deactivateUser(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), principal)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            new LdapUserDAO(ldapConnections).deleteUser(principal, true);
            ldapConnections.releaseConnections();
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public void reactivateUser(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), principal)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            new LdapUserDAO(ldapConnections).unlockUser(principal);
            ldapConnections.releaseConnections();
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public void deleteUser(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            new LdapUserDAO(ldapConnections).deleteUser(principal, false);
            ldapConnections.releaseConnections();
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public void deleteUserRequest(Principal principal) throws UserNotFoundException, TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            LdapUserDAO ldapUserDAO = new LdapUserDAO(ldapConnections);
            try {
                new LdapGroupDAO(ldapConnections, ldapUserDAO).deleteUserAssociatedGroup(new GroupURI(new LocalAuthority().getServiceURI(Standards.GMS_GROUPS_01.toString()), principal.getName()).getName());
            } catch (GroupNotFoundException e) {
            }
            ldapUserDAO.deleteUserRequest(principal);
            ldapConnections.releaseConnections();
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public Boolean doLogin(String str, String str2) throws UserNotFoundException, TransientException, AccessControlException {
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            Boolean doLogin = new LdapUserDAO(ldapConnections).doLogin(str, str2);
            ldapConnections.releaseConnections();
            return doLogin;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public void setPassword(HttpPrincipal httpPrincipal, String str, String str2) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), (Principal) httpPrincipal)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            LdapUserDAO ldapUserDAO = new LdapUserDAO(ldapConnections);
            if (ldapUserDAO.doLogin(httpPrincipal.getName(), str).booleanValue()) {
                ldapUserDAO.setPassword(httpPrincipal, str, str2);
            }
        } finally {
            ldapConnections.releaseConnections();
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public void resetPassword(HttpPrincipal httpPrincipal, String str) throws UserNotFoundException, TransientException, AccessControlException {
        if (!isMatch(AuthenticationUtil.getCurrentSubject(), (Principal) httpPrincipal)) {
            throw new AccessControlException("permission denied: target user does not match current user");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            LdapUserDAO ldapUserDAO = new LdapUserDAO(ldapConnections);
            if (getUser(httpPrincipal) != null) {
                ldapUserDAO.resetPassword(httpPrincipal, str);
            }
        } finally {
            ldapConnections.releaseConnections();
        }
    }

    @Override // ca.nrc.cadc.ac.server.UserPersistence
    public SortedSet<String> getEmailsForAllUsers() throws TransientException, AccessControlException {
        Subject currentSubject = AuthenticationUtil.getCurrentSubject();
        if (currentSubject == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(currentSubject))) {
            throw new AccessControlException("Caller is not authenticated");
        }
        if (currentSubject.getPrincipals(HttpPrincipal.class).isEmpty()) {
            throw new AccessControlException("Caller does not have authorized account");
        }
        LdapConnections ldapConnections = new LdapConnections(this);
        try {
            SortedSet<String> emailsForAllUsers = new LdapUserDAO(ldapConnections).getEmailsForAllUsers();
            ldapConnections.releaseConnections();
            return emailsForAllUsers;
        } catch (Throwable th) {
            ldapConnections.releaseConnections();
            throw th;
        }
    }

    private boolean checkIfGroupExists(Group group, LdapGroupDAO ldapGroupDAO) {
        boolean z = false;
        try {
            ldapGroupDAO.getAnyGroup(group.getID().getName());
            z = true;
        } catch (GroupNotFoundException e) {
        } catch (TransientException e2) {
        }
        return z;
    }

    private boolean isMatch(Subject subject, User user) {
        if (subject == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(subject))) {
            throw new AccessControlException("Caller is not authenticated");
        }
        for (Principal principal : subject.getPrincipals()) {
            Iterator it = user.getIdentities().iterator();
            while (it.hasNext()) {
                if (AuthenticationUtil.equals(principal, (Principal) it.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean isMatch(Subject subject, Principal principal) {
        if (subject == null || AuthMethod.ANON.equals(AuthenticationUtil.getAuthMethod(subject))) {
            throw new AccessControlException("Caller is not authenticated");
        }
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            if (AuthenticationUtil.equals(it.next(), principal)) {
                return true;
            }
        }
        return false;
    }
}
