package org.rhq.enterprise.server.resource.group;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.naming.CompositeName;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.InvalidSearchFilterException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.common.composite.SystemSetting;
import org.rhq.core.domain.common.composite.SystemSettings;
import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.server.PersistenceUtility;
import org.rhq.core.domain.util.PageControl;
import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.auth.SubjectManagerLocal;
import org.rhq.enterprise.server.authz.RequiredPermission;
import org.rhq.enterprise.server.exception.LdapCommunicationException;
import org.rhq.enterprise.server.exception.LdapFilterException;
import org.rhq.enterprise.server.rest.reporting.CsvWriter;
import org.rhq.enterprise.server.sync.SynchronizationConstants;
import org.rhq.enterprise.server.system.SystemManagerLocal;
import org.rhq.enterprise.server.util.security.UntrustedSSLSocketFactory;

@Stateless
/* loaded from: input_file:org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.class */
public class LdapGroupManagerBean implements LdapGroupManagerLocal {
    private Log log = LogFactory.getLog(LdapGroupManagerBean.class);
    private static final String BASEDN_DELIMITER = ";";

    @PersistenceContext(unitName = RHQConstants.PERSISTENCE_UNIT_NAME)
    private EntityManager entityManager;

    @EJB
    private SubjectManagerLocal subjectManager;

    @EJB
    private SystemManagerLocal systemManager;
    private static boolean groupQueryComplete = false;
    private static int groupQueryResultCount = 0;
    private static long groupQueryStartTime = -1;
    private static long groupQueryCurrentTime = -1;
    private static int groupQueryPageCount = 0;
    private static final int LDAP_GROUP_QUERY_LIMIT = 20000;

    private void resetGroupQueryDetails() {
        groupQueryComplete = false;
        groupQueryResultCount = 0;
        groupQueryStartTime = -1L;
        groupQueryCurrentTime = -1L;
        groupQueryPageCount = 0;
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Set<Map<String, String>> findAvailableGroups() {
        Properties populateProperties = populateProperties(this.systemManager.getUnmaskedSystemSettings(true));
        resetGroupQueryDetails();
        String str = (String) populateProperties.get(SystemSetting.LDAP_GROUP_FILTER.name());
        if (str == null || str.trim().isEmpty()) {
            return new HashSet();
        }
        return buildGroup(populateProperties, (str.startsWith("(") && str.endsWith(")")) ? str : String.format("(%s)", str));
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Set<Map<String, String>> findAvailableGroupsStatus() {
        HashSet hashSet = new HashSet();
        hashSet.add(buildStatusEntry("query.complete", String.valueOf(groupQueryComplete)));
        hashSet.add(buildStatusEntry("query.results.parsed", String.valueOf(groupQueryResultCount)));
        hashSet.add(buildStatusEntry("query.start.time", String.valueOf(groupQueryStartTime)));
        hashSet.add(buildStatusEntry("query.current.time", String.valueOf(groupQueryCurrentTime)));
        hashSet.add(buildStatusEntry("query.page.count", String.valueOf(groupQueryPageCount)));
        return hashSet;
    }

    private Map<String, String> buildStatusEntry(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put(str, str2);
        return hashMap;
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Set<String> findAvailableGroupsFor(String str) {
        Properties populateProperties = populateProperties(this.systemManager.getUnmaskedSystemSettings(true));
        String property = populateProperties.getProperty(SystemSetting.LDAP_GROUP_FILTER.name(), "");
        String property2 = populateProperties.getProperty(SystemSetting.LDAP_GROUP_MEMBER.name(), "");
        String property3 = populateProperties.getProperty(SystemSetting.LDAP_GROUP_USE_POSIX.name(), "false");
        if (property3 == null) {
            property3 = Boolean.toString(false);
        }
        String userAttribute = getUserAttribute(populateProperties, str, Boolean.valueOf(property3).booleanValue());
        HashSet hashSet = new HashSet();
        if (property.trim().isEmpty() || property2.trim().isEmpty()) {
            this.log.warn("The ldap group filter defined is invalid. Group Filter: " + property + ", Group Member: " + property2);
            return hashSet;
        }
        if (userAttribute == null || userAttribute.trim().length() <= 0) {
            this.log.debug("Group lookup will not be performed due to no UserDN found for user " + str);
        } else {
            String format = String.format("(&(%s)(%s=%s))", property, property2, LDAPStringUtil.encodeForFilter(userAttribute));
            Set<Map<String, String>> buildGroup = buildGroup(populateProperties, format);
            this.log.trace("Located '" + buildGroup.size() + "' LDAP groups for user '" + str + "' using following ldap filter '" + format + "'.");
            Iterator<Map<String, String>> it = buildGroup.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().get(SynchronizationConstants.ID_ATTRIBUTE));
            }
        }
        return hashSet;
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setLdapGroupsOnRole(Subject subject, int i, Set<LdapGroup> set) {
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Role with id [" + i + "] does not exist.");
        }
        Set<LdapGroup> ldapGroups = role.getLdapGroups();
        ArrayList arrayList = new ArrayList(ldapGroups.size());
        Iterator it = ldapGroups.iterator();
        while (it.hasNext()) {
            arrayList.add(((LdapGroup) it.next()).getName());
        }
        ArrayList arrayList2 = new ArrayList(set.size());
        Iterator<LdapGroup> it2 = set.iterator();
        while (it2.hasNext()) {
            arrayList2.add(it2.next().getName());
        }
        List<String> arrayList3 = new ArrayList<>(arrayList2);
        arrayList3.removeAll(arrayList);
        addLdapGroupsToRole(subject, i, arrayList3);
        ArrayList arrayList4 = new ArrayList(arrayList);
        arrayList4.removeAll(arrayList2);
        int[] iArr = new int[arrayList4.size()];
        int i2 = 0;
        for (LdapGroup ldapGroup : ldapGroups) {
            if (arrayList4.contains(ldapGroup.getName())) {
                int i3 = i2;
                i2++;
                iArr[i3] = ldapGroup.getId();
            }
        }
        removeLdapGroupsFromRole(subject, i, iArr);
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addLdapGroupsToRole(Subject subject, int i, List<String> list) {
        if (list == null || list.size() <= 0) {
            return;
        }
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to add LDAP groups to.");
        }
        role.getLdapGroups().size();
        for (String str : list) {
            LdapGroup ldapGroup = new LdapGroup();
            ldapGroup.setName(str);
            role.addLdapGroup(ldapGroup);
        }
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeLdapGroupsFromRole(Subject subject, int i, int[] iArr) {
        if (iArr == null || iArr.length <= 0) {
            return;
        }
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to remove LDAP groups from.");
        }
        role.getLdapGroups().size();
        for (int i2 : iArr) {
            Integer valueOf = Integer.valueOf(i2);
            LdapGroup ldapGroup = (LdapGroup) this.entityManager.find(LdapGroup.class, valueOf);
            if (ldapGroup == null) {
                throw new IllegalArgumentException("Tried to remove doomedGroup[" + valueOf + "] from role[" + i + "], but doomedGroup was not found.");
            }
            role.removeLdapGroup(ldapGroup);
        }
        Query createNamedQuery = this.entityManager.createNamedQuery("LdapGroup.deleteById");
        LinkedList linkedList = new LinkedList();
        for (int i3 : iArr) {
            linkedList.add(Integer.valueOf(i3));
        }
        createNamedQuery.setParameter("ids", linkedList);
        createNamedQuery.executeUpdate();
    }

    private List<Role> findRolesByLdapGroupNames(List<String> list) {
        if (list.isEmpty()) {
            return Collections.EMPTY_LIST;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery("LdapGroup.findRolesByGroupNames");
        createNamedQuery.setParameter("names", list);
        return createNamedQuery.getResultList();
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public void assignRolesToLdapSubject(int i, List<String> list) {
        Subject subject = (Subject) this.entityManager.find(Subject.class, Integer.valueOf(i));
        List<Role> findRolesByLdapGroupNames = findRolesByLdapGroupNames(list);
        subject.getRoles().clear();
        subject.getLdapRoles().clear();
        for (Role role : findRolesByLdapGroupNames) {
            subject.addRole(role);
            subject.addLdapRole(role);
        }
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public PageList<LdapGroup> findLdapGroupsByRole(int i, PageControl pageControl) {
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to lookup ldap Groups on");
        }
        return new PageList<>(role.getLdapGroups(), role.getLdapGroups().size(), pageControl);
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public PageList<LdapGroup> findLdapGroups(PageControl pageControl) {
        pageControl.initDefaultOrderingField("g.name");
        Query createCountQuery = PersistenceUtility.createCountQuery(this.entityManager, "LdapGroup.findAll");
        return new PageList<>(PersistenceUtility.createQueryWithOrderBy(this.entityManager, "LdapGroup.findAll", pageControl).getResultList(), (int) ((Long) createCountQuery.getSingleResult()).longValue(), pageControl);
    }

    private String getUserAttribute(Properties properties, String str, boolean z) {
        return z ? str : findLdapUserDetails(str).get("dn");
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Map<String, String> findLdapUserDetails(String str) {
        String str2;
        Properties populateProperties = populateProperties(this.systemManager.getUnmaskedSystemSettings(true));
        HashMap hashMap = new HashMap();
        String str3 = (String) populateProperties.get(SystemSetting.LDAP_BASE_DN.name());
        String str4 = (String) populateProperties.get(SystemSetting.LDAP_LOGIN_PROPERTY.name());
        if (str4 == null) {
            str4 = "cn";
        }
        String str5 = (String) populateProperties.get(SystemSetting.LDAP_BIND_DN.name());
        String str6 = (String) populateProperties.get(SystemSetting.LDAP_BIND_PW.name());
        String str7 = (String) populateProperties.get(SystemSetting.LDAP_FILTER.name());
        if (str5 != null) {
            populateProperties.setProperty("java.naming.security.principal", str5);
            populateProperties.setProperty("java.naming.security.credentials", str6);
            populateProperties.setProperty("java.naming.security.authentication", "simple");
        }
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(populateProperties, (Control[]) null);
            SearchControls searchControls = getSearchControls();
            String str8 = (str7 == null || str7.length() == 0) ? "(" + str4 + "=" + str + ")" : "(&(" + str4 + "=" + str + ")(" + str7 + "))";
            this.log.debug("Using LDAP filter [" + str8 + "] to locate user details for " + str);
            String[] split = str3.split(BASEDN_DELIMITER);
            for (int i = 0; i < split.length; i++) {
                NamingEnumeration search = initialLdapContext.search(split[i], str8, searchControls);
                if (search.hasMoreElements()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    try {
                        str2 = searchResult.getNameInNamespace();
                    } catch (UnsupportedOperationException e) {
                        str2 = new CompositeName(searchResult.getName()).get(0);
                        if (searchResult.isRelative()) {
                            str2 = str2 + CsvWriter.DELIMITER + split[i];
                        }
                    }
                    hashMap.put("dn", str2);
                    NamingEnumeration iDs = searchResult.getAttributes().getIDs();
                    while (iDs.hasMore()) {
                        String str9 = (String) iDs.next();
                        Attribute attribute = searchResult.getAttributes().get(str9);
                        if (attribute != null && attribute.get() != null) {
                            hashMap.put(str9, attribute.get().toString());
                        }
                    }
                    return hashMap;
                }
                this.log.debug("User " + str + " not found for BaseDN " + split[i]);
            }
            return hashMap;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Boolean ldapServerRequiresAttention() {
        boolean z = false;
        Properties populateProperties = populateProperties(this.systemManager.getUnmaskedSystemSettings(true));
        if (((String) populateProperties.get(SystemSetting.LDAP_LOGIN_PROPERTY.name())) == null) {
        }
        String str = (String) populateProperties.get(SystemSetting.LDAP_BIND_DN.name());
        String str2 = (String) populateProperties.get(SystemSetting.LDAP_BIND_PW.name());
        if (str != null) {
            populateProperties.setProperty("java.naming.security.principal", str);
            populateProperties.setProperty("java.naming.security.credentials", str2);
            populateProperties.setProperty("java.naming.security.authentication", "simple");
        }
        try {
            new InitialLdapContext(populateProperties, (Control[]) null).close();
        } catch (NamingException e) {
            z = true;
            this.log.error("LDAP communication error: " + e.getMessage(), e);
        }
        return Boolean.valueOf(z);
    }

    protected Set<Map<String, String>> buildGroup(Properties properties, String str) {
        HashSet hashSet = new HashSet();
        String str2 = (String) properties.get(SystemSetting.LDAP_BASE_DN.name());
        if (((String) properties.get(SystemSetting.LDAP_LOGIN_PROPERTY.name())) == null) {
        }
        String str3 = (String) properties.get(SystemSetting.LDAP_BIND_DN.name());
        String str4 = (String) properties.get(SystemSetting.LDAP_BIND_PW.name());
        if (str3 != null) {
            properties.setProperty("java.naming.security.principal", str3);
            properties.setProperty("java.naming.security.credentials", str4);
            properties.setProperty("java.naming.security.authentication", "simple");
        }
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
            SearchControls searchControls = getSearchControls();
            searchControls.setReturningAttributes(new String[]{"cn", "description"});
            String property = properties.getProperty(SystemSetting.LDAP_GROUP_PAGING.name(), "false");
            if (property == null) {
                property = Boolean.toString(false);
            }
            boolean booleanValue = Boolean.valueOf(property).booleanValue();
            int i = 1000;
            if (booleanValue) {
                String property2 = properties.getProperty(SystemSetting.LDAP_GROUP_QUERY_PAGE_SIZE.name(), "1000");
                if (property2 != null && !property2.trim().isEmpty()) {
                    try {
                        int intValue = Integer.valueOf(property2.trim()).intValue();
                        if (intValue <= 0 || intValue > LDAP_GROUP_QUERY_LIMIT) {
                            this.log.debug("LDAP Group Page Size passed '" + property2 + "' was ignored. Defaulting to 1000.");
                        } else {
                            i = intValue;
                        }
                    } catch (NumberFormatException e) {
                        this.log.debug("LDAP Group Page Size passed '" + property2 + "' in is invalid. Defaulting to 1000." + e.getMessage());
                    }
                }
                initialLdapContext.setRequestControls(new Control[]{new PagedResultsControl(i, true)});
            }
            String[] split = str2.split(BASEDN_DELIMITER);
            for (int i2 = 0; i2 < split.length; i2++) {
                groupQueryStartTime = System.currentTimeMillis();
                executeGroupSearch(str, hashSet, initialLdapContext, searchControls, split, i2);
                groupQueryResultCount = hashSet.size();
                groupQueryCurrentTime = System.currentTimeMillis();
                if (booleanValue) {
                    byte[] bArr = null;
                    PagedResultsResponseControl[] responseControls = initialLdapContext.getResponseControls();
                    if (responseControls != null) {
                        for (PagedResultsResponseControl pagedResultsResponseControl : responseControls) {
                            if (pagedResultsResponseControl instanceof PagedResultsResponseControl) {
                                bArr = pagedResultsResponseControl.getCookie();
                            }
                        }
                    }
                    while (groupQueryResultCount <= LDAP_GROUP_QUERY_LIMIT && bArr != null) {
                        initialLdapContext.setRequestControls(new Control[]{new PagedResultsControl(i, bArr, true)});
                        executeGroupSearch(str, hashSet, initialLdapContext, searchControls, split, i2);
                        groupQueryResultCount = hashSet.size();
                        groupQueryPageCount++;
                        groupQueryCurrentTime = System.currentTimeMillis();
                        bArr = null;
                        PagedResultsResponseControl[] responseControls2 = initialLdapContext.getResponseControls();
                        if (responseControls2 != null) {
                            for (PagedResultsResponseControl pagedResultsResponseControl2 : responseControls2) {
                                if (pagedResultsResponseControl2 instanceof PagedResultsResponseControl) {
                                    bArr = pagedResultsResponseControl2.getCookie();
                                }
                            }
                        }
                    }
                }
            }
            groupQueryCurrentTime = System.currentTimeMillis();
            groupQueryComplete = true;
            return hashSet;
        } catch (NamingException e2) {
            if (!(e2 instanceof InvalidSearchFilterException)) {
                this.log.error("LDAP communication error: " + e2.getMessage(), e2);
                throw new LdapCommunicationException(e2);
            }
            Throwable th = (InvalidSearchFilterException) e2;
            this.log.error("The ldap group filter defined is invalid ", th);
            throw new LdapFilterException("The ldap group filter defined is invalid  " + th.getMessage());
        } catch (IOException e3) {
            this.log.error("Unexpected LDAP communciation error:" + e3.getMessage(), e3);
            throw new LdapCommunicationException(e3);
        }
    }

    private void executeGroupSearch(String str, Set<Map<String, String>> set, InitialLdapContext initialLdapContext, SearchControls searchControls, String[] strArr, int i) throws NamingException {
        NamingEnumeration search = initialLdapContext.search(strArr[i], str, searchControls);
        int i2 = 0;
        while (i2 <= LDAP_GROUP_QUERY_LIMIT && set.size() <= LDAP_GROUP_QUERY_LIMIT && 0 == 0 && search.hasMoreElements()) {
            try {
                SearchResult searchResult = (SearchResult) search.next();
                HashMap hashMap = new HashMap();
                String trim = ((String) searchResult.getAttributes().get("cn").get()).trim();
                Attribute attribute = searchResult.getAttributes().get("description");
                String trim2 = (attribute != null ? (String) attribute.get() : "").trim();
                hashMap.put(SynchronizationConstants.ID_ATTRIBUTE, trim);
                hashMap.put("name", trim);
                hashMap.put("description", trim2);
                set.add(hashMap);
                i2++;
                groupQueryResultCount = i2;
                if (groupQueryPageCount == 0) {
                    groupQueryPageCount++;
                }
                groupQueryCurrentTime = System.currentTimeMillis();
            } catch (NullPointerException e) {
                return;
            }
        }
    }

    private Properties populateProperties(SystemSettings systemSettings) {
        String str;
        Properties properties = null;
        if (systemSettings != null) {
            properties = new Properties();
            for (Map.Entry entry : systemSettings.entrySet()) {
                SystemSetting systemSetting = (SystemSetting) entry.getKey();
                if (systemSetting != null && (str = (String) entry.getValue()) != null) {
                    properties.put(systemSetting.name(), str);
                }
            }
            properties.setProperty("java.naming.factory.initial", properties.getProperty(SystemSetting.LDAP_NAMING_FACTORY.name()));
            String property = properties.getProperty(SystemSetting.USE_SSL_FOR_LDAP.name());
            boolean z = RHQConstants.LDAP_PROTOCOL_SECURED.equalsIgnoreCase(property) || "true".equalsIgnoreCase(property);
            if (z) {
                if (properties.getProperty("java.naming.ldap.factory.socket") == null) {
                    properties.put("java.naming.ldap.factory.socket", UntrustedSSLSocketFactory.class.getName());
                }
                properties.put("java.naming.security.protocol", RHQConstants.LDAP_PROTOCOL_SECURED);
            }
            String property2 = properties.getProperty(SystemSetting.LDAP_NAMING_PROVIDER_URL.name());
            if (property2 == null) {
                property2 = "ldap://localhost:" + (z ? 636 : 389);
            }
            properties.setProperty("java.naming.provider.url", property2);
        }
        return properties;
    }

    @Deprecated
    private Properties getProperties(Properties properties) {
        Properties properties2 = new Properties(properties);
        properties2.setProperty("java.naming.factory.initial", properties2.getProperty(SystemSetting.LDAP_NAMING_FACTORY.name()));
        String property = properties2.getProperty(SystemSetting.USE_SSL_FOR_LDAP.getInternalName());
        boolean z = RHQConstants.LDAP_PROTOCOL_SECURED.equalsIgnoreCase(property) || "true".equalsIgnoreCase(property);
        if (z) {
            if (properties2.getProperty("java.naming.ldap.factory.socket") == null) {
                properties2.put("java.naming.ldap.factory.socket", UntrustedSSLSocketFactory.class.getName());
            }
            properties2.put("java.naming.security.protocol", RHQConstants.LDAP_PROTOCOL_SECURED);
        }
        String property2 = properties2.getProperty(SystemSetting.LDAP_NAMING_PROVIDER_URL.name());
        if (property2 == null) {
            property2 = "ldap://localhost:" + (z ? 636 : 389);
        }
        properties2.setProperty("java.naming.provider.url", property2);
        return properties2;
    }

    private SearchControls getSearchControls() {
        return new SearchControls(2, 0L, 0, (String[]) null, false, false);
    }
}
