package org.jboss.portal.identity.ldap;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.jboss.logging.Logger;
import org.jboss.portal.common.util.Tools;
import org.jboss.portal.identity.CachedUserImpl;
import org.jboss.portal.identity.IdentityException;
import org.jboss.portal.identity.NoSuchUserException;
import org.jboss.portal.identity.Role;
import org.jboss.portal.identity.User;
import org.jboss.portal.identity.ldap.LDAPUserImpl;

/* loaded from: input_file:org/jboss/portal/identity/ldap/LDAPStaticGroupMembershipModuleImpl.class */
public class LDAPStaticGroupMembershipModuleImpl extends LDAPMembershipModule {
    private static final Logger log = Logger.getLogger(LDAPStaticGroupMembershipModuleImpl.class);

    @Override // org.jboss.portal.identity.MembershipModule
    public Set getRoles(User user) throws IdentityException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        if (user instanceof CachedUserImpl) {
            try {
                user = getUserModule().findUserById(user.getId());
            } catch (NoSuchUserException e) {
                throw new IdentityException("Illegal state - cached user doesn't exist in identity store: ", e);
            }
        }
        if (!(user instanceof LDAPUserImpl)) {
            throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPUserImpl objects");
        }
        LDAPUserImpl lDAPUserImpl = (LDAPUserImpl) user;
        HashSet hashSet = new HashSet();
        try {
            log.debug("getRoles(): user DN = " + lDAPUserImpl.getDn());
            String concat = getMemberAttributeID().concat("=").concat(isUidAttributeIsDN() ? lDAPUserImpl.getDn() : lDAPUserImpl.getUserName());
            log.debug("Search filter: " + concat);
            for (SearchResult searchResult : getRoleModule().searchRoles(concat, null)) {
                DirContext dirContext = (DirContext) searchResult.getObject();
                hashSet.add(getRoleModule().createRoleInstance(searchResult.getAttributes(), dirContext.getNameInNamespace()));
                dirContext.close();
            }
        } catch (Exception e2) {
            log.debug("Failed to resolve userRoles: " + lDAPUserImpl.getId().toString(), e2);
        }
        return hashSet;
    }

    @Override // org.jboss.portal.identity.MembershipModule
    public Set getUsers(Role role) throws IdentityException {
        return getUsers(role, null);
    }

    public Set getUsers(Role role, String str) throws IdentityException {
        if (role == null) {
            throw new IllegalArgumentException("Role cannot be null");
        }
        if (!(role instanceof LDAPRoleImpl)) {
            throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPRoleImpl objects");
        }
        LDAPRoleImpl lDAPRoleImpl = (LDAPRoleImpl) role;
        HashSet hashSet = new HashSet();
        LdapContext createInitialContext = getConnectionContext().createInitialContext();
        try {
            try {
                log.debug("findUsers(): role = " + lDAPRoleImpl.getDn());
                if (lDAPRoleImpl.getName() == null) {
                    throw new IdentityException("Role name canot be null");
                }
                Attributes attributes = createInitialContext.getAttributes(lDAPRoleImpl.getDn(), new String[]{getMemberAttributeID()});
                if (attributes == null) {
                    throw new IdentityException("Cannot find Role with DN: " + lDAPRoleImpl.getDn());
                }
                Attribute attribute = attributes.get(getMemberAttributeID());
                if (attribute != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMoreElements()) {
                        String obj = all.nextElement().toString();
                        if (str == null || str.length() == 0 || obj.matches(".*" + str + ".*")) {
                            try {
                                if (isUidAttributeIsDN()) {
                                    hashSet.add(getUserModule().findUserByDN(obj));
                                } else {
                                    hashSet.add(getUserModule().findUserByUserName(obj));
                                }
                            } catch (IdentityException e) {
                                log.error("Failed to find user: " + obj + "/" + obj, e);
                            }
                        }
                    }
                }
                try {
                    createInitialContext.close();
                    return hashSet;
                } catch (NamingException e2) {
                    throw new IdentityException("Failed to close LDAP connection", e2);
                }
            } catch (Throwable th) {
                try {
                    createInitialContext.close();
                    throw th;
                } catch (NamingException e3) {
                    throw new IdentityException("Failed to close LDAP connection", e3);
                }
            }
        } catch (NamingException e4) {
            throw new IdentityException("Resolving Role Users failed.", e4);
        }
    }

    @Override // org.jboss.portal.identity.MembershipModule
    public void assignUsers(Role role, Set set) throws IdentityException {
        if (role == null) {
            throw new IllegalArgumentException("Role cannot be null");
        }
        if (!(role instanceof LDAPRoleImpl)) {
            throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPRoleImpl objects");
        }
        LDAPRoleImpl lDAPRoleImpl = (LDAPRoleImpl) role;
        if (set.size() == 0 && isMembershipAttributeRequired()) {
            throw new IdentityException("Cannot assigne 0 users to a role using this membership strategy (because some LDAPs require the member field to be set). ");
        }
        LdapContext createInitialContext = getConnectionContext().createInitialContext();
        try {
            try {
                log.debug("findUsers(): role = " + lDAPRoleImpl.getDn());
                if (lDAPRoleImpl.getName() == null) {
                    throw new IdentityException("Role name canot be null");
                }
                BasicAttributes basicAttributes = new BasicAttributes(true);
                BasicAttribute basicAttribute = new BasicAttribute(getMemberAttributeID());
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    try {
                        User user = (User) it.next();
                        if (user instanceof CachedUserImpl) {
                            try {
                                user = getUserModule().findUserById(user.getId());
                            } catch (NoSuchUserException e) {
                                throw new IdentityException("Illegal state - cached user doesn't exist in identity store: ", e);
                            }
                        }
                        LDAPUserImpl lDAPUserImpl = (LDAPUserImpl) user;
                        if (isUidAttributeIsDN()) {
                            basicAttribute.add(lDAPUserImpl.getDn());
                        } else {
                            basicAttribute.add(lDAPUserImpl.getUserName());
                        }
                    } catch (ClassCastException e2) {
                        throw new IdentityException("Can add only LDAPUserImpl objects", e2);
                    }
                }
                basicAttributes.put(basicAttribute);
                if (set.size() > 0) {
                    createInitialContext.modifyAttributes(lDAPRoleImpl.getDn(), 2, basicAttributes);
                } else {
                    createInitialContext.modifyAttributes(lDAPRoleImpl.getDn(), 3, basicAttributes);
                }
                fireMembershipChangedEvent(role, set);
                try {
                    createInitialContext.close();
                } catch (NamingException e3) {
                    throw new IdentityException("Failed to close LDAP connection", e3);
                }
            } catch (Throwable th) {
                try {
                    createInitialContext.close();
                    throw th;
                } catch (NamingException e4) {
                    throw new IdentityException("Failed to close LDAP connection", e4);
                }
            }
        } catch (NamingException e5) {
            throw new IdentityException("Failed to change Role members", e5);
        }
    }

    @Override // org.jboss.portal.identity.MembershipModule
    public void assignRoles(User user, Set set) throws IdentityException {
        if (user == null) {
            throw new IllegalArgumentException("User cannot be null");
        }
        if (user instanceof CachedUserImpl) {
            try {
                user = getUserModule().findUserById(user.getId());
            } catch (NoSuchUserException e) {
                throw new IdentityException("Illegal state - cached user doesn't exist in identity store: ", e);
            }
        }
        if (!(user instanceof LDAPUserImpl)) {
            throw new IllegalArgumentException("UserMembershipModuleImpl supports only LDAPUserImpl objects");
        }
        LDAPUserImpl lDAPUserImpl = (LDAPUserImpl) user;
        LinkedList linkedList = new LinkedList();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            try {
                linkedList.add(((LDAPRoleImpl) it.next()).getDn());
            } catch (ClassCastException e2) {
                throw new IdentityException("Only can add LDAPRoleImpl objects", e2);
            }
        }
        String dn = isUidAttributeIsDN() ? lDAPUserImpl.getDn() : lDAPUserImpl.getUserName();
        LdapContext createInitialContext = getConnectionContext().createInitialContext();
        try {
            try {
                String concat = getMemberAttributeID().concat("=").concat(dn);
                log.debug("Search filter: " + concat);
                Iterator it2 = getRoleModule().searchRoles(concat, null).iterator();
                while (it2.hasNext()) {
                    DirContext dirContext = (DirContext) ((SearchResult) it2.next()).getObject();
                    String nameInNamespace = dirContext.getNameInNamespace();
                    dirContext.close();
                    if (linkedList.contains(nameInNamespace)) {
                        linkedList.remove(nameInNamespace);
                    } else {
                        Attributes attributes = createInitialContext.getAttributes(nameInNamespace, new String[]{getMemberAttributeID()});
                        if (attributes == null) {
                            throw new IdentityException("Cannot find Role with DN: " + nameInNamespace);
                        }
                        Attribute attribute = attributes.get(getMemberAttributeID());
                        if (attribute.size() == 1 && isMembershipAttributeRequired()) {
                            log.error("Couldn't remove user from role as it was the last member - possibly required field in ldap");
                        } else {
                            attribute.remove(dn);
                            BasicAttributes basicAttributes = new BasicAttributes(true);
                            basicAttributes.put(attribute);
                            createInitialContext.modifyAttributes(nameInNamespace, 2, basicAttributes);
                        }
                        linkedList.remove(nameInNamespace);
                    }
                }
                Iterator it3 = linkedList.iterator();
                while (it3.hasNext()) {
                    createInitialContext.modifyAttributes((String) it3.next(), new ModificationItem[]{new ModificationItem(1, new BasicAttribute(getMemberAttributeID(), dn))});
                }
                fireMembershipChangedEvent(user, set);
                try {
                    createInitialContext.close();
                } catch (NamingException e3) {
                    throw new IdentityException("Failed to close LDAP connection", e3);
                }
            } catch (NamingException e4) {
                e4.printStackTrace();
                try {
                    createInitialContext.close();
                } catch (NamingException e5) {
                    throw new IdentityException("Failed to close LDAP connection", e5);
                }
            }
        } catch (Throwable th) {
            try {
                createInitialContext.close();
                throw th;
            } catch (NamingException e6) {
                throw new IdentityException("Failed to close LDAP connection", e6);
            }
        }
    }

    @Override // org.jboss.portal.identity.MembershipModule
    public Set findRoleMembers(String str, int i, int i2, String str2) throws IdentityException {
        Role findRoleByName = getRoleModule().findRoleByName(str);
        if (findRoleByName == null) {
            throw new IdentityException("Role not found with roleName: " + str);
        }
        Set users = getUsers(findRoleByName, str2);
        int size = users.size();
        if (i == 0 && size <= i2) {
            return users;
        }
        Collections.sort(Tools.toList(users.iterator()), new LDAPUserImpl.LDAPUserComparator());
        return i + i2 <= size ? Tools.toSet(Tools.toList(users.iterator()).subList(i, i + i2).iterator()) : i >= size ? new HashSet() : Tools.toSet(Tools.toList(users.iterator()).subList(i, size).iterator());
    }
}
