package org.jboss.seam.security.management;

import java.io.Serializable;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.management.IdentityStore;

@Name("org.jboss.seam.security.identityStore")
@Scope(ScopeType.APPLICATION)
@Install(precedence = 0, value = false)
@BypassInterceptors
/* loaded from: input_file:jboss-seam-2.2.0.CR1.jar:org/jboss/seam/security/management/LdapIdentityStore.class */
public class LdapIdentityStore implements IdentityStore, Serializable {
    private static final String LDAP_BOOLEAN_TRUE = "TRUE";
    private static final String LDAP_BOOLEAN_FALSE = "FALSE";
    private static final LogProvider log = Logging.getLogProvider(LdapIdentityStore.class);
    protected IdentityStore.FeatureSet featureSet = new IdentityStore.FeatureSet();
    private String serverAddress = "localhost";
    private int serverPort = 389;
    private String userContextDN = "ou=Person,dc=acme,dc=com";
    private String userDNPrefix = "uid=";
    private String userDNSuffix = ",ou=Person,dc=acme,dc=com";
    private String roleContextDN = "ou=Role,dc=acme,dc=com";
    private String roleDNPrefix = "cn=";
    private String roleDNSuffix = ",ou=Roles,dc=acme,dc=com";
    private String bindDN = "cn=Manager,dc=acme,dc=com";
    private String bindCredentials = "secret";
    private String userRoleAttribute = "roles";
    private boolean roleAttributeIsDN = true;
    private String userNameAttribute = "uid";
    private String userPasswordAttribute = "userPassword";
    private String firstNameAttribute = null;
    private String lastNameAttribute = "sn";
    private String fullNameAttribute = "cn";
    private String enabledAttribute = null;
    private String roleNameAttribute = "cn";
    private String objectClassAttribute = "objectClass";
    private String[] roleObjectClasses = {"organizationalRole"};
    private String[] userObjectClasses = {"person", "uidObject"};
    private int searchScope = 2;
    private int searchTimeLimit = 10000;

    public String getServerAddress() {
        return this.serverAddress;
    }

    public void setServerAddress(String str) {
        this.serverAddress = str;
    }

    public int getServerPort() {
        return this.serverPort;
    }

    public void setServerPort(int i) {
        this.serverPort = i;
    }

    public String getUserContextDN() {
        return this.userContextDN;
    }

    public void setUserContextDN(String str) {
        this.userContextDN = str;
    }

    public String getRoleContextDN() {
        return this.roleContextDN;
    }

    public void setRoleContextDN(String str) {
        this.roleContextDN = str;
    }

    public String getUserDNPrefix() {
        return this.userDNPrefix;
    }

    public void setUserDNPrefix(String str) {
        this.userDNPrefix = str;
    }

    public String getUserDNSuffix() {
        return this.userDNSuffix;
    }

    public void setUserDNSuffix(String str) {
        this.userDNSuffix = str;
    }

    public String getRoleDNPrefix() {
        return this.roleDNPrefix;
    }

    public void setRoleDNPrefix(String str) {
        this.roleDNPrefix = str;
    }

    public String getRoleDNSuffix() {
        return this.roleDNSuffix;
    }

    public void setRoleDNSuffix(String str) {
        this.roleDNSuffix = str;
    }

    public String getBindDN() {
        return this.bindDN;
    }

    public void setBindDN(String str) {
        this.bindDN = str;
    }

    public String getBindCredentials() {
        return this.bindCredentials;
    }

    public void setBindCredentials(String str) {
        this.bindCredentials = str;
    }

    public String getUserRoleAttribute() {
        return this.userRoleAttribute;
    }

    public void setUserRoleAttribute(String str) {
        this.userRoleAttribute = str;
    }

    public boolean getRoleAttributeIsDN() {
        return this.roleAttributeIsDN;
    }

    public void setRoleAttributeIsDN(boolean z) {
        this.roleAttributeIsDN = z;
    }

    public String getRoleNameAttribute() {
        return this.roleNameAttribute;
    }

    public void setRoleNameAttribute(String str) {
        this.roleNameAttribute = str;
    }

    public String getUserNameAttribute() {
        return this.userNameAttribute;
    }

    public void setUserNameAttribute(String str) {
        this.userNameAttribute = str;
    }

    public String getUserPasswordAttribute() {
        return this.userPasswordAttribute;
    }

    public void setUserPasswordAttribute(String str) {
        this.userPasswordAttribute = str;
    }

    public String getFirstNameAttribute() {
        return this.firstNameAttribute;
    }

    public void setFirstNameAttribute(String str) {
        this.firstNameAttribute = str;
    }

    public String getLastNameAttribute() {
        return this.lastNameAttribute;
    }

    public void setLastNameAttribute(String str) {
        this.lastNameAttribute = str;
    }

    public String getFullNameAttribute() {
        return this.fullNameAttribute;
    }

    public void setFullNameAttribute(String str) {
        this.fullNameAttribute = str;
    }

    public String getEnabledAttribute() {
        return this.enabledAttribute;
    }

    public void setEnabledAttribute(String str) {
        this.enabledAttribute = str;
    }

    public String getObjectClassAttribute() {
        return this.objectClassAttribute;
    }

    public void setObjectClassAttribute(String str) {
        this.objectClassAttribute = str;
    }

    public String[] getRoleObjectClasses() {
        return this.roleObjectClasses;
    }

    public void setRoleObjectClass(String[] strArr) {
        this.roleObjectClasses = strArr;
    }

    public String[] getUserObjectClasses() {
        return this.userObjectClasses;
    }

    public void setUserObjectClasses(String[] strArr) {
        this.userObjectClasses = strArr;
    }

    public int getSearchTimeLimit() {
        return this.searchTimeLimit;
    }

    public void setSearchTimeLimit(int i) {
        this.searchTimeLimit = i;
    }

    public String getSearchScope() {
        switch (this.searchScope) {
            case 0:
                return "OBJECT_SCOPE";
            case 1:
                return "ONELEVEL_SCOPE";
            case 2:
                return "SUBTREE_SCOPE";
            default:
                return "UNKNOWN";
        }
    }

    public void setSearchScope(String str) {
        if ("OBJECT_SCOPE".equals(str)) {
            this.searchScope = 0;
            return;
        }
        if ("ONELEVEL_SCOPE".equals(str)) {
            this.searchScope = 1;
            return;
        }
        this.searchScope = 2;
        if ("SUBTREE_SCOPE".equals(str)) {
            return;
        }
        log.warn("Invalid search scope specified (" + str + ") - search scope set to SUBTREE_SCOPE");
    }

    public Set<IdentityStore.Feature> getFeatures() {
        return this.featureSet.getFeatures();
    }

    public void setFeatures(Set<IdentityStore.Feature> set) {
        this.featureSet = new IdentityStore.FeatureSet(set);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean supportsFeature(IdentityStore.Feature feature) {
        return this.featureSet.supports(feature);
    }

    protected final InitialLdapContext initialiseContext() throws NamingException {
        return initialiseContext(getBindDN(), getBindCredentials());
    }

    protected final InitialLdapContext initialiseContext(String str, String str2) throws NamingException {
        Properties properties = new Properties();
        properties.setProperty("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.setProperty("java.naming.security.authentication", "simple");
        properties.setProperty("java.naming.provider.url", String.format("ldap://%s:%d", getServerAddress(), Integer.valueOf(getServerPort())));
        properties.setProperty("java.naming.security.principal", str);
        properties.setProperty("java.naming.security.credentials", str2);
        return new InitialLdapContext(properties, (Control[]) null);
    }

    protected String getUserDN(String str) {
        return String.format("%s%s%s", getUserDNPrefix(), str, getUserDNSuffix());
    }

    protected String getRoleDN(String str) {
        return String.format("%s%s%s", getRoleDNPrefix(), str, getRoleDNSuffix());
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean authenticate(String str, String str2) {
        String userDN = getUserDN(str);
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext(userDN, str2);
                if (getEnabledAttribute() == null) {
                    if (initialLdapContext != null) {
                        try {
                            initialLdapContext.close();
                        } catch (NamingException e) {
                        }
                    }
                    return true;
                }
                Attribute attribute = initialLdapContext.getAttributes(userDN, new String[]{getEnabledAttribute()}).get(getEnabledAttribute());
                if (attribute != null) {
                    for (int i = 0; i < attribute.size(); i++) {
                        if (LDAP_BOOLEAN_TRUE.equals(attribute.get(i))) {
                            if (initialLdapContext != null) {
                                try {
                                    initialLdapContext.close();
                                } catch (NamingException e2) {
                                }
                            }
                            return true;
                        }
                    }
                }
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                    }
                }
                return false;
            } catch (NamingException e4) {
                throw new IdentityManagementException("Authentication error", e4);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e5) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean changePassword(String str, String str2) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                initialLdapContext.modifyAttributes(getUserDN(str), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(getUserPasswordAttribute(), str2))});
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (NamingException e2) {
                throw new IdentityManagementException("Failed to change password", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean createRole(String str) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                BasicAttributes basicAttributes = new BasicAttributes();
                BasicAttribute basicAttribute = new BasicAttribute(getObjectClassAttribute());
                for (String str2 : getRoleObjectClasses()) {
                    basicAttribute.add(str2);
                }
                basicAttributes.put(basicAttribute);
                basicAttributes.put(new BasicAttribute(getRoleNameAttribute(), str));
                initialLdapContext.createSubcontext(getRoleDN(str), basicAttributes);
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (Throwable th) {
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e2) {
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            throw new IdentityManagementException("Failed to create role", e3);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean createUser(String str, String str2, String str3, String str4) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                BasicAttributes basicAttributes = new BasicAttributes();
                BasicAttribute basicAttribute = new BasicAttribute(getObjectClassAttribute());
                for (String str5 : getUserObjectClasses()) {
                    basicAttribute.add(str5);
                }
                basicAttributes.put(basicAttribute);
                basicAttributes.put(new BasicAttribute(getUserNameAttribute(), str));
                basicAttributes.put(new BasicAttribute(getUserPasswordAttribute(), str2));
                if (getFirstNameAttribute() != null && str3 != null) {
                    basicAttributes.put(new BasicAttribute(getFirstNameAttribute(), str3));
                }
                if (getLastNameAttribute() != null && str4 != null) {
                    basicAttributes.put(new BasicAttribute(getLastNameAttribute(), str4));
                }
                if (getFullNameAttribute() != null && str3 != null && str4 != null) {
                    basicAttributes.put(new BasicAttribute(getFullNameAttribute(), str3 + " " + str4));
                }
                if (getEnabledAttribute() != null) {
                    basicAttributes.put(new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_TRUE));
                }
                initialLdapContext.createSubcontext(String.format("%s=%s,%s", getUserNameAttribute(), str, getUserContextDN()), basicAttributes);
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (NamingException e2) {
                throw new IdentityManagementException("Failed to create user", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean createUser(String str, String str2) {
        return createUser(str, str2, null, null);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean deleteRole(String str) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                String format = String.format("%s=%s,%s", getRoleNameAttribute(), str, getRoleContextDN());
                initialLdapContext.destroySubcontext(format);
                String[] strArr = {getUserRoleAttribute()};
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(strArr);
                searchControls.setTimeLimit(10000);
                StringBuilder sb = new StringBuilder();
                Object[] objArr = new Object[getUserObjectClasses().length + 1];
                objArr[0] = format;
                sb.append("(&(");
                sb.append(getUserRoleAttribute());
                sb.append("={0})");
                for (int i = 0; i < getUserObjectClasses().length; i++) {
                    sb.append("(");
                    sb.append(getObjectClassAttribute());
                    sb.append("={");
                    sb.append(i + 1);
                    sb.append("})");
                    objArr[i + 1] = getUserObjectClasses()[i];
                }
                sb.append(")");
                NamingEnumeration search = initialLdapContext.search(getUserContextDN(), sb.toString(), objArr, searchControls);
                while (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attribute attribute = searchResult.getAttributes().get(getUserRoleAttribute());
                    attribute.remove(format);
                    initialLdapContext.modifyAttributes(searchResult.getNameInNamespace(), new ModificationItem[]{new ModificationItem(2, attribute)});
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (NamingException e2) {
                throw new IdentityManagementException("Failed to delete role", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean roleExists(String str) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                String[] strArr = {getRoleNameAttribute()};
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(strArr);
                searchControls.setTimeLimit(10000);
                NamingEnumeration search = initialLdapContext.search(getRoleContextDN(), "(&(" + getObjectClassAttribute() + "={0})(" + getRoleNameAttribute() + "={1}))", new Object[]{getRoleObjectClasses(), str}, searchControls);
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(getRoleNameAttribute());
                    for (int i = 0; i < attribute.size(); i++) {
                        if (str.equals(attribute.get(i))) {
                            if (initialLdapContext != null) {
                                try {
                                    initialLdapContext.close();
                                } catch (NamingException e) {
                                }
                            }
                            return true;
                        }
                    }
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e2) {
                    }
                }
                return false;
            } catch (Throwable th) {
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                    }
                }
                throw th;
            }
        } catch (NamingException e4) {
            throw new IdentityManagementException("Error getting roles", e4);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean deleteUser(String str) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                initialLdapContext.destroySubcontext(getUserDN(str));
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (Throwable th) {
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e2) {
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            throw new IdentityManagementException("Failed to delete user", e3);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean isUserEnabled(String str) {
        if (getEnabledAttribute() == null) {
            return true;
        }
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                Attribute attribute = initialLdapContext.getAttributes(getUserDN(str), new String[]{getEnabledAttribute()}).get(getEnabledAttribute());
                if (attribute != null) {
                    for (int i = 0; i < attribute.size(); i++) {
                        if (LDAP_BOOLEAN_TRUE.equals(attribute.get(i))) {
                            if (initialLdapContext != null) {
                                try {
                                    initialLdapContext.close();
                                } catch (NamingException e) {
                                }
                            }
                            return true;
                        }
                    }
                }
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e2) {
                    }
                }
                return false;
            } catch (Throwable th) {
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                    }
                }
                throw th;
            }
        } catch (NamingException e4) {
            throw new IdentityManagementException("Failed to delete user", e4);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean disableUser(String str) {
        if (getEnabledAttribute() == null) {
            return false;
        }
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                initialLdapContext.modifyAttributes(getUserDN(str), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_FALSE))});
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (NamingException e2) {
                throw new IdentityManagementException("Failed to disable user", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean enableUser(String str) {
        if (getEnabledAttribute() == null) {
            return false;
        }
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                initialLdapContext.modifyAttributes(getUserDN(str), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_TRUE))});
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (NamingException e2) {
                throw new IdentityManagementException("Failed to disable user", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getGrantedRoles(String str) {
        HashSet hashSet = new HashSet();
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                InitialLdapContext initialiseContext = initialiseContext();
                String str2 = "(" + getUserNameAttribute() + "={0})";
                String[] strArr = {getUserRoleAttribute()};
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this.searchScope);
                searchControls.setReturningAttributes(strArr);
                searchControls.setTimeLimit(getSearchTimeLimit());
                NamingEnumeration search = initialiseContext.search(getUserContextDN(), str2, new Object[]{str}, searchControls);
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(getUserRoleAttribute());
                    if (attribute != null) {
                        for (int i = 0; i < attribute.size(); i++) {
                            Object obj = attribute.get(i);
                            if (getRoleAttributeIsDN()) {
                                try {
                                    Attribute attribute2 = initialiseContext.getAttributes(obj.toString(), new String[]{getRoleNameAttribute()}).get(getRoleNameAttribute());
                                    if (attribute2 != null) {
                                        for (int i2 = 0; i2 < attribute2.size(); i2++) {
                                            hashSet.add((String) attribute2.get(i2));
                                        }
                                    }
                                } catch (NamingException e) {
                                    throw new IdentityManagementException("Failed to query roles", e);
                                }
                            } else {
                                hashSet.add(obj.toString());
                            }
                        }
                    }
                }
                search.close();
                ArrayList arrayList = new ArrayList(hashSet);
                if (initialiseContext != null) {
                    try {
                        initialiseContext.close();
                    } catch (NamingException e2) {
                    }
                }
                return arrayList;
            } catch (NamingException e3) {
                throw new IdentityManagementException("Error getting roles", e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e4) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getImpliedRoles(String str) {
        return getGrantedRoles(str);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean grantRole(String str, String str2) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                initialLdapContext.modifyAttributes(getUserDN(str), new ModificationItem[]{new ModificationItem(1, new BasicAttribute(getUserRoleAttribute(), getRoleAttributeIsDN() ? getRoleDN(str2) : str2))});
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return true;
            } catch (NamingException e2) {
                throw new IdentityManagementException("Failed to grant role", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean revokeRole(String str, String str2) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                String userDN = getUserDN(str);
                Attribute attribute = initialLdapContext.getAttributes(userDN, new String[]{getUserRoleAttribute()}).get(getUserRoleAttribute());
                if (attribute != null) {
                    boolean z = false;
                    for (int size = attribute.size() - 1; size >= 0; size--) {
                        if (getRoleAttributeIsDN()) {
                            Attribute attribute2 = initialLdapContext.getAttributes((String) attribute.get(size), new String[]{getRoleNameAttribute()}).get(getRoleNameAttribute());
                            for (int i = 0; i < attribute2.size(); i++) {
                                if (str2.equals(attribute2.get(i))) {
                                    z = true;
                                    attribute.remove(size);
                                }
                            }
                        } else if (str2.equals(attribute.get(size))) {
                            z = true;
                            attribute.remove(size);
                        }
                    }
                    if (z) {
                        initialLdapContext.modifyAttributes(userDN, new ModificationItem[]{new ModificationItem(2, attribute)});
                    }
                }
                if (initialLdapContext == null) {
                    return false;
                }
                try {
                    initialLdapContext.close();
                    return false;
                } catch (NamingException e) {
                    return false;
                }
            } catch (NamingException e2) {
                throw new IdentityManagementException("Failed to grant role", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listRoles() {
        ArrayList arrayList = new ArrayList();
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                String[] strArr = {getRoleNameAttribute()};
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this.searchScope);
                searchControls.setReturningAttributes(strArr);
                searchControls.setTimeLimit(getSearchTimeLimit());
                StringBuilder sb = new StringBuilder();
                Object[] objArr = new Object[getRoleObjectClasses().length];
                for (int i = 0; i < getRoleObjectClasses().length; i++) {
                    sb.append("(");
                    sb.append(getObjectClassAttribute());
                    sb.append("={");
                    sb.append(i);
                    sb.append("})");
                    objArr[i] = getRoleObjectClasses()[i];
                }
                NamingEnumeration search = initialLdapContext.search(getRoleContextDN(), sb.toString(), objArr, searchControls);
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(getRoleNameAttribute());
                    for (int i2 = 0; i2 < attribute.size(); i2++) {
                        arrayList.add(attribute.get(i2).toString());
                    }
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return arrayList;
            } catch (Throwable th) {
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e2) {
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            throw new IdentityManagementException("Error getting roles", e3);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listGrantableRoles() {
        return listRoles();
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listUsers() {
        return listUsers(null);
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> listUsers(String str) {
        ArrayList arrayList = new ArrayList();
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                initialLdapContext = initialiseContext();
                String[] strArr = {getUserNameAttribute()};
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this.searchScope);
                searchControls.setReturningAttributes(strArr);
                searchControls.setTimeLimit(getSearchTimeLimit());
                StringBuilder sb = new StringBuilder("(&");
                Object[] objArr = new Object[getUserObjectClasses().length];
                for (int i = 0; i < getUserObjectClasses().length; i++) {
                    sb.append("(");
                    sb.append(getObjectClassAttribute());
                    sb.append("={");
                    sb.append(i);
                    sb.append("})");
                    objArr[i] = getUserObjectClasses()[i];
                }
                sb.append(")");
                NamingEnumeration search = initialLdapContext.search(getUserContextDN(), sb.toString(), objArr, searchControls);
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(getUserNameAttribute());
                    for (int i2 = 0; i2 < attribute.size(); i2++) {
                        Object obj = attribute.get(i2);
                        if (str == null) {
                            arrayList.add(obj.toString());
                        } else if (obj.toString().toLowerCase().contains(str.toLowerCase())) {
                            arrayList.add(obj.toString());
                        }
                    }
                }
                search.close();
                if (initialLdapContext != null) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e) {
                    }
                }
                return arrayList;
            } catch (NamingException e2) {
                throw new IdentityManagementException("Error getting users", e2);
            }
        } catch (Throwable th) {
            if (initialLdapContext != null) {
                try {
                    initialLdapContext.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean userExists(String str) {
        InitialLdapContext initialLdapContext = null;
        try {
            try {
                InitialLdapContext initialiseContext = initialiseContext();
                String[] strArr = {getUserNameAttribute()};
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(this.searchScope);
                searchControls.setReturningAttributes(strArr);
                searchControls.setTimeLimit(getSearchTimeLimit());
                StringBuilder sb = new StringBuilder();
                Object[] objArr = new Object[getUserObjectClasses().length];
                for (int i = 0; i < getUserObjectClasses().length; i++) {
                    sb.append("(");
                    sb.append(getObjectClassAttribute());
                    sb.append("={");
                    sb.append(i);
                    sb.append("})");
                    objArr[i] = getUserObjectClasses()[i];
                }
                NamingEnumeration search = initialiseContext.search(getUserContextDN(), sb.toString(), objArr, searchControls);
                while (search.hasMore()) {
                    Attribute attribute = ((SearchResult) search.next()).getAttributes().get(getUserNameAttribute());
                    for (int i2 = 0; i2 < attribute.size(); i2++) {
                        if (str.equals(attribute.get(i2))) {
                            search.close();
                            if (initialiseContext != null) {
                                try {
                                    initialiseContext.close();
                                } catch (NamingException e) {
                                }
                            }
                            return true;
                        }
                    }
                }
                search.close();
                if (initialiseContext != null) {
                    try {
                        initialiseContext.close();
                    } catch (NamingException e2) {
                    }
                }
                return false;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        initialLdapContext.close();
                    } catch (NamingException e3) {
                    }
                }
                throw th;
            }
        } catch (NamingException e4) {
            throw new IdentityManagementException("Error getting users", e4);
        }
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<String> getRoleGroups(String str) {
        return null;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public List<Principal> listMembers(String str) {
        return null;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean addRoleToGroup(String str, String str2) {
        return false;
    }

    @Override // org.jboss.seam.security.management.IdentityStore
    public boolean removeRoleFromGroup(String str, String str2) {
        return false;
    }
}
