package org.picketlink.idm.internal;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.picketlink.idm.internal.config.LDAPConfiguration;
import org.picketlink.idm.internal.ldap.DirContextAdaptor;
import org.picketlink.idm.internal.ldap.LDAPChangeNotificationHandler;
import org.picketlink.idm.internal.ldap.LDAPConstants;
import org.picketlink.idm.internal.ldap.LDAPGroup;
import org.picketlink.idm.internal.ldap.LDAPObjectChangedNotification;
import org.picketlink.idm.internal.ldap.LDAPRole;
import org.picketlink.idm.internal.ldap.LDAPUser;
import org.picketlink.idm.internal.ldap.LDAPUserCustomAttributes;
import org.picketlink.idm.internal.ldap.ManagedAttributeLookup;
import org.picketlink.idm.internal.util.Base64;
import org.picketlink.idm.internal.util.IDMUtil;
import org.picketlink.idm.model.DefaultMembership;
import org.picketlink.idm.model.Group;
import org.picketlink.idm.model.Membership;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.GroupQuery;
import org.picketlink.idm.query.MembershipQuery;
import org.picketlink.idm.query.Range;
import org.picketlink.idm.query.RoleQuery;
import org.picketlink.idm.query.UserQuery;
import org.picketlink.idm.spi.IdentityStore;

/* loaded from: input_file:org/picketlink/idm/internal/LDAPIdentityStore.class */
public class LDAPIdentityStore implements IdentityStore, LDAPChangeNotificationHandler, ManagedAttributeLookup {
    protected String userDNSuffix;
    protected String roleDNSuffix;
    protected String groupDNSuffix;
    public final String COMMA = DirContextAdaptor.COMMA;
    public final String EQUAL = DirContextAdaptor.EQUAL;
    protected DirContext ctx = null;
    protected boolean isActiveDirectory = false;
    protected List<String> managedAttributes = new ArrayList();
    protected LDAPConfiguration ldapConfiguration = null;

    public void setConfiguration(LDAPConfiguration lDAPConfiguration) {
        this.ldapConfiguration = lDAPConfiguration;
        this.userDNSuffix = lDAPConfiguration.getUserDNSuffix();
        this.roleDNSuffix = lDAPConfiguration.getRoleDNSuffix();
        this.groupDNSuffix = lDAPConfiguration.getGroupDNSuffix();
        this.isActiveDirectory = lDAPConfiguration.isActiveDirectory();
        constructContext();
    }

    public User createUser(String str) {
        LDAPUser lDAPUser = new LDAPUser(str, this);
        lDAPUser.setLookup(this);
        lDAPUser.setLDAPChangeNotificationHandler(this);
        lDAPUser.setUserDNSuffix(this.userDNSuffix);
        try {
            this.ctx.bind(lDAPUser.getDN(), lDAPUser);
            return lDAPUser;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public User createUser(User user) {
        if (user.getId() == null) {
            throw new RuntimeException("No identifier was provided. You should provide one before storing the user.");
        }
        LDAPUser lDAPUser = (LDAPUser) user;
        lDAPUser.setLookup(this);
        lDAPUser.setLDAPChangeNotificationHandler(this);
        lDAPUser.setUserDNSuffix(this.userDNSuffix);
        try {
            this.ctx.bind(lDAPUser.getDN(), lDAPUser);
            return lDAPUser;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public void removeUser(User user) {
        try {
            LDAPUser lDAPUser = (LDAPUser) getUser(user.getId());
            String str = lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN();
            try {
                this.ctx.destroySubcontext(str);
            } catch (Exception e) {
            }
            this.ctx.destroySubcontext(lDAPUser.getDN());
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public User getUser(String str) {
        LDAPUser lDAPUser = null;
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(LDAPConstants.UID, str));
            NamingEnumeration search = this.ctx.search(this.userDNSuffix, basicAttributes);
            if (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                lDAPUser = new LDAPUser();
                lDAPUser.setLookup(this);
                lDAPUser.setUserDNSuffix(this.userDNSuffix);
                lDAPUser.addAllLDAPAttributes(attributes);
                lDAPUser.setLDAPChangeNotificationHandler(this);
                try {
                    LDAPUserCustomAttributes lDAPUserCustomAttributes = (LDAPUserCustomAttributes) this.ctx.lookup(lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN());
                    if (lDAPUserCustomAttributes != null) {
                        lDAPUser.setCustomAttributes(lDAPUserCustomAttributes);
                    }
                } catch (Exception e) {
                }
            }
            return lDAPUser;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public Group createGroup(String str, Group group) {
        ensureGroupDNExists();
        LDAPGroup lDAPGroup = new LDAPGroup();
        lDAPGroup.setLDAPChangeNotificationHandler(this);
        lDAPGroup.setName(str);
        lDAPGroup.setGroupDNSuffix(this.groupDNSuffix);
        try {
            this.ctx.bind(lDAPGroup.getDN(), lDAPGroup);
            if (group != null) {
                lDAPGroup.setParentGroup(group);
                LDAPGroup lDAPGroup2 = (LDAPGroup) getGroup(group.getName());
                lDAPGroup.setParentGroup(lDAPGroup2);
                lDAPGroup2.addChildGroup(lDAPGroup);
                try {
                    this.ctx.rebind(lDAPGroup2.getDN(), lDAPGroup2);
                } catch (NamingException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }
            return lDAPGroup;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public void removeGroup(Group group) {
        try {
            this.ctx.destroySubcontext(((LDAPGroup) getGroup(group.getId())).getDN());
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Group getGroup(String str) {
        LDAPGroup lDAPGroup = null;
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(LDAPConstants.CN, str));
            NamingEnumeration search = this.ctx.search(this.groupDNSuffix, basicAttributes);
            while (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                lDAPGroup = new LDAPGroup();
                lDAPGroup.setGroupDNSuffix(this.groupDNSuffix);
                lDAPGroup.addAllLDAPAttributes(attributes);
                Group parentGroup = getParentGroup(lDAPGroup);
                if (parentGroup != null) {
                    lDAPGroup.setParentGroup(parentGroup);
                }
                lDAPGroup.setLDAPChangeNotificationHandler(this);
            }
            return lDAPGroup;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Role createRole(String str) {
        LDAPRole lDAPRole = new LDAPRole();
        lDAPRole.setLDAPChangeNotificationHandler(this);
        lDAPRole.setName(str);
        lDAPRole.setRoleDNSuffix(this.roleDNSuffix);
        try {
            this.ctx.bind(lDAPRole.getDN(), lDAPRole);
            return lDAPRole;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public void removeRole(Role role) {
        try {
            this.ctx.destroySubcontext(((LDAPRole) getRole(role.getName())).getDN());
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Role getRole(String str) {
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(LDAPConstants.CN, str));
            NamingEnumeration search = this.ctx.search(this.roleDNSuffix, basicAttributes);
            if (search.hasMore()) {
                return new LDAPRole(((SearchResult) search.next()).getAttributes(), this.roleDNSuffix);
            }
            return null;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Membership createMembership(Role role, User user, Group group) {
        LDAPRole lDAPRole = (LDAPRole) getRole(role.getName());
        LDAPUser lDAPUser = (LDAPUser) getUser(user.getId());
        LDAPGroup lDAPGroup = (LDAPGroup) getGroup(group.getName());
        lDAPRole.addUser(lDAPUser);
        lDAPGroup.addRole(lDAPRole);
        lDAPGroup.addUser(lDAPUser);
        try {
            DirContext dirContext = this.ctx;
            String dn = lDAPRole.getDN();
            DirContext dirContext2 = this.ctx;
            dirContext.modifyAttributes(dn, 2, lDAPRole.getAttributes(LDAPConstants.MEMBER));
            try {
                DirContext dirContext3 = this.ctx;
                String dn2 = lDAPGroup.getDN();
                DirContext dirContext4 = this.ctx;
                dirContext3.modifyAttributes(dn2, 2, lDAPGroup.getAttributes(LDAPConstants.MEMBER));
                return new DefaultMembership(lDAPUser, lDAPRole, lDAPGroup);
            } catch (NamingException e) {
                throw new RuntimeException("Error while modifying members of group [" + lDAPGroup.getName() + "].", e);
            }
        } catch (NamingException e2) {
            throw new RuntimeException("Error while modifying members of role [" + lDAPRole.getName() + "].", e2);
        }
    }

    public void removeMembership(Role role, User user, Group group) {
        LDAPRole lDAPRole = (LDAPRole) getRole(role.getName());
        LDAPUser lDAPUser = (LDAPUser) getUser(user.getFullName());
        LDAPGroup lDAPGroup = (LDAPGroup) getGroup(group.getName());
        lDAPRole.removeUser(lDAPUser);
        lDAPGroup.removeRole(lDAPRole);
    }

    public Membership getMembership(Role role, User user, Group group) {
        return null;
    }

    public List<User> executeQuery(UserQuery userQuery, Range range) {
        ArrayList arrayList = new ArrayList();
        Map<String, String[]> attributeFilters = userQuery.getAttributeFilters();
        if (attributeFilters != null) {
            Attributes managedAttributes = getManagedAttributes(attributeFilters);
            if (managedAttributes.size() == 0) {
                for (User user : getAllUsers()) {
                    if (userHasRequiredAttributes((LDAPUser) user, attributeFilters)) {
                        arrayList.add(user);
                    }
                }
                return arrayList;
            }
            try {
                NamingEnumeration search = this.ctx.search(this.userDNSuffix, managedAttributes);
                while (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    LDAPUser lDAPUser = new LDAPUser();
                    lDAPUser.setLookup(this);
                    lDAPUser.setUserDNSuffix(this.userDNSuffix);
                    lDAPUser.addAllLDAPAttributes(attributes);
                    lDAPUser.setLDAPChangeNotificationHandler(this);
                    try {
                        LDAPUserCustomAttributes lDAPUserCustomAttributes = (LDAPUserCustomAttributes) this.ctx.lookup(lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN());
                        if (lDAPUserCustomAttributes != null) {
                            lDAPUser.setCustomAttributes(lDAPUserCustomAttributes);
                        }
                    } catch (Exception e) {
                    }
                    if (userHasRequiredAttributes(lDAPUser, attributeFilters)) {
                        arrayList.add(lDAPUser);
                    }
                }
            } catch (NamingException e2) {
                throw new RuntimeException("Error executing user query.", e2);
            }
        }
        return arrayList;
    }

    public List<Group> executeQuery(GroupQuery groupQuery, Range range) {
        Group parentGroup;
        ArrayList arrayList = new ArrayList();
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            if (groupQuery.getId() != null) {
                basicAttributes.put(LDAPConstants.CN, groupQuery.getId());
            }
            if (groupQuery.getName() != null) {
                basicAttributes.put(LDAPConstants.CN, groupQuery.getName());
            }
            if (groupQuery.getRelatedUser() != null) {
                basicAttributes.put(LDAPConstants.MEMBER, ((LDAPUser) getUser(groupQuery.getRelatedUser().getId())).getDN());
            }
            if (groupQuery.getRole() != null) {
                basicAttributes.put(LDAPConstants.MEMBER, ((LDAPRole) getRole(groupQuery.getRole().getName())).getDN());
            }
            NamingEnumeration search = this.ctx.search(this.groupDNSuffix, basicAttributes);
            while (search.hasMore()) {
                boolean z = true;
                LDAPGroup lDAPGroup = new LDAPGroup(((SearchResult) search.next()).getAttributes(), this.groupDNSuffix);
                if (groupQuery.getParentGroup() != null && ((parentGroup = getParentGroup(lDAPGroup)) == null || !groupQuery.getParentGroup().getId().equals(parentGroup.getId()))) {
                    z = false;
                }
                if (z) {
                    arrayList.add(lDAPGroup);
                }
            }
            return arrayList;
        } catch (NamingException e) {
            throw new RuntimeException("Error executing group query.", e);
        }
    }

    public List<Role> executeQuery(RoleQuery roleQuery, Range range) {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            if (roleQuery.getName() != null) {
                basicAttributes.put(LDAPConstants.CN, roleQuery.getName());
            }
            NamingEnumeration search = this.ctx.search(this.roleDNSuffix, basicAttributes);
            while (search.hasMore()) {
                boolean z = true;
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                LDAPRole lDAPRole = new LDAPRole(attributes, this.roleDNSuffix);
                if (roleQuery.getOwner() != null) {
                    Attribute attribute2 = attributes.get(LDAPConstants.MEMBER);
                    LDAPUser lDAPUser = (LDAPUser) roleQuery.getOwner();
                    if (attribute2 == null || !attribute2.contains(lDAPUser.getDN())) {
                        z = false;
                    }
                }
                if (roleQuery.getGroup() != null && ((attribute = ((LDAPGroup) getGroup(roleQuery.getGroup().getName())).getLDAPAttributes().get(LDAPConstants.MEMBER)) == null || !attribute.contains(lDAPRole.getDN()))) {
                    z = false;
                }
                if (z) {
                    arrayList.add(lDAPRole);
                }
            }
            return arrayList;
        } catch (NamingException e) {
            throw new RuntimeException("Error executing role query.", e);
        }
    }

    public List<Membership> executeQuery(MembershipQuery membershipQuery, Range range) {
        return null;
    }

    public void setAttribute(User user, String str, String[] strArr) {
        LDAPUser lDAPUser = user instanceof LDAPUser ? (LDAPUser) user : (LDAPUser) getUser(user.getFullName());
        if (isManaged(str)) {
            lDAPUser.setAttribute(str, strArr);
        } else {
            lDAPUser.setCustomAttribute(str, strArr);
        }
    }

    public void removeAttribute(User user, String str) {
        if (!(user instanceof LDAPUser)) {
            throw new RuntimeException("Wrong type:" + user);
        }
        ((LDAPUser) user).removeAttribute(str);
    }

    public String[] getAttributeValues(User user, String str) {
        if (user instanceof LDAPUser) {
            return ((LDAPUser) user).getAttributeValues(str);
        }
        throw new RuntimeException("Wrong type:" + user);
    }

    public Map<String, String[]> getAttributes(User user) {
        if (user instanceof LDAPUser) {
            return ((LDAPUser) user).getAttributes();
        }
        throw new RuntimeException("Wrong type:" + user);
    }

    public void setAttribute(Group group, String str, String[] strArr) {
        (group instanceof LDAPGroup ? (LDAPGroup) group : (LDAPGroup) getGroup(group.getName())).setAttribute(str, strArr);
    }

    public void removeAttribute(Group group, String str) {
        (group instanceof LDAPGroup ? (LDAPGroup) group : (LDAPGroup) getGroup(group.getName())).removeAttribute(str);
    }

    public String[] getAttributeValues(Group group, String str) {
        return (group instanceof LDAPGroup ? (LDAPGroup) group : (LDAPGroup) getGroup(group.getName())).getAttributeValues(str);
    }

    public Map<String, String[]> getAttributes(Group group) {
        return (group instanceof LDAPGroup ? (LDAPGroup) group : (LDAPGroup) getGroup(group.getName())).getAttributes();
    }

    public void setAttribute(Role role, String str, String[] strArr) {
        (role instanceof LDAPGroup ? (LDAPRole) role : (LDAPRole) getRole(role.getName())).setAttribute(str, strArr);
    }

    public void removeAttribute(Role role, String str) {
        (role instanceof LDAPGroup ? (LDAPRole) role : (LDAPRole) getRole(role.getName())).removeAttribute(str);
    }

    public String[] getAttributeValues(Role role, String str) {
        return (role instanceof LDAPGroup ? (LDAPRole) role : (LDAPRole) getRole(role.getName())).getAttributeValues(str);
    }

    public Map<String, String[]> getAttributes(Role role) {
        Object obj = null;
        return (obj instanceof LDAPRole ? (LDAPRole) role : (LDAPRole) getRole(role.getName())).getAttributes();
    }

    protected void ensureGroupDNExists() {
        try {
            if (this.ctx.lookup(this.groupDNSuffix) == null) {
                createGroupDN();
            }
        } catch (NamingException e) {
            if (!(e instanceof NameNotFoundException)) {
                throw new RuntimeException((Throwable) e);
            }
            createGroupDN();
        }
    }

    protected void createGroupDN() {
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            BasicAttribute basicAttribute = new BasicAttribute(LDAPConstants.OBJECT_CLASS);
            basicAttribute.add("top");
            basicAttribute.add("organizationalUnit");
            basicAttributes.put(basicAttribute);
            this.ctx.createSubcontext(this.groupDNSuffix, basicAttributes);
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    protected Group getParentGroup(LDAPGroup lDAPGroup) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        basicAttributes.put(new BasicAttribute(LDAPConstants.MEMBER, "cn=" + lDAPGroup.getName() + DirContextAdaptor.COMMA + this.groupDNSuffix));
        try {
            NamingEnumeration search = this.ctx.search(this.groupDNSuffix, basicAttributes, new String[]{LDAPConstants.CN});
            if (search.hasMoreElements()) {
                return getGroup((String) ((SearchResult) search.nextElement()).getAttributes().get(LDAPConstants.CN).get());
            }
            return null;
        } catch (NamingException e) {
            throw new RuntimeException("Error looking parent group for [" + lDAPGroup.getDN() + "]", e);
        }
    }

    @Override // org.picketlink.idm.internal.ldap.LDAPChangeNotificationHandler
    public void handle(LDAPObjectChangedNotification lDAPObjectChangedNotification) {
        DirContext lDAPObject = lDAPObjectChangedNotification.getLDAPObject();
        if (lDAPObject instanceof LDAPUser) {
            LDAPUser lDAPUser = (LDAPUser) lDAPObject;
            LDAPUserCustomAttributes customAttributes = lDAPUser.getCustomAttributes();
            try {
                String dn = lDAPUser.getDN();
                if (lDAPObjectChangedNotification.getNtype() == LDAPObjectChangedNotification.NType.ADD_ATTRIBUTE) {
                    Attribute attribute = lDAPObjectChangedNotification.getAttribute();
                    if (attribute == null) {
                        throw new RuntimeException("attrib is null");
                    }
                    this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(1, attribute)});
                }
                if (lDAPObjectChangedNotification.getNtype() == LDAPObjectChangedNotification.NType.REPLACE_ATTRIBUTE) {
                    Attribute attribute2 = lDAPObjectChangedNotification.getAttribute();
                    if (attribute2 == null) {
                        throw new RuntimeException("attrib is null");
                    }
                    this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(2, attribute2)});
                }
                if (lDAPObjectChangedNotification.getNtype() == LDAPObjectChangedNotification.NType.REMOVE_ATTRIBUTE) {
                    Attribute attribute3 = lDAPObjectChangedNotification.getAttribute();
                    if (attribute3 == null) {
                        throw new RuntimeException("attrib is null");
                    }
                    this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(3, attribute3)});
                }
                this.ctx.rebind(customAttributes.getDN() + DirContextAdaptor.COMMA + dn, customAttributes);
            } catch (NamingException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    @Override // org.picketlink.idm.internal.ldap.ManagedAttributeLookup
    public boolean isManaged(String str) {
        if (this.managedAttributes.contains(str)) {
            return true;
        }
        if (!checkDirectoryServerForAttributePresence(str)) {
            return false;
        }
        this.managedAttributes.add(str);
        return true;
    }

    private boolean checkDirectoryServerForAttributePresence(String str) {
        try {
            return ((DirContext) this.ctx.getSchema("").lookup(new StringBuilder().append("AttributeDefinition/").append(str).toString())) != null;
        } catch (Exception e) {
            return false;
        }
    }

    private Attributes getManagedAttributes(Map<String, String[]> map) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        for (String str : map.keySet()) {
            if (isManaged(str)) {
                basicAttributes.put(str, map.get(str));
            }
        }
        return basicAttributes;
    }

    private boolean userHasRequiredAttributes(LDAPUser lDAPUser, Map<String, String[]> map) {
        for (String str : map.keySet()) {
            if (!IDMUtil.arraysEqual(map.get(str), lDAPUser.getAttributeValues(str))) {
                return false;
            }
        }
        return true;
    }

    private List<User> getAllUsers() {
        ArrayList arrayList = new ArrayList();
        try {
            NamingEnumeration search = this.ctx.search(this.userDNSuffix, new BasicAttributes(true));
            while (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                LDAPUser lDAPUser = new LDAPUser();
                lDAPUser.setLookup(this);
                lDAPUser.setUserDNSuffix(this.userDNSuffix);
                lDAPUser.addAllLDAPAttributes(attributes);
                lDAPUser.setLDAPChangeNotificationHandler(this);
                try {
                    LDAPUserCustomAttributes lDAPUserCustomAttributes = (LDAPUserCustomAttributes) this.ctx.lookup(lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN());
                    if (lDAPUserCustomAttributes != null) {
                        lDAPUser.setCustomAttributes(lDAPUserCustomAttributes);
                    }
                } catch (Exception e) {
                }
                arrayList.add(lDAPUser);
            }
            return arrayList;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public MembershipQuery createMembershipQuery() {
        throw new RuntimeException();
    }

    public boolean validatePassword(User user, String str) {
        NamingEnumeration search;
        String str2;
        boolean z = false;
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[0]);
            searchControls.setReturningObjFlag(true);
            search = this.ctx.search(this.userDNSuffix, "(&(objectClass=inetOrgPerson)(uid={0}))", new String[]{((LDAPUser) user).getId()}, searchControls);
            str2 = null;
            if (search.hasMore()) {
                str2 = ((SearchResult) search.next()).getNameInNamespace();
                System.out.println("dn: " + str2);
            }
        } catch (NamingException e) {
        }
        if (str2 == null || search.hasMore()) {
            throw new NamingException("Authentication failed");
        }
        this.ctx.addToEnvironment("java.naming.security.principal", str2);
        this.ctx.addToEnvironment("java.naming.security.credentials", str);
        this.ctx.lookup(str2);
        z = true;
        constructContext();
        return z;
    }

    public void updatePassword(User user, String str) {
        if (this.isActiveDirectory) {
            updateADPassword((LDAPUser) user, str);
            return;
        }
        try {
            this.ctx.modifyAttributes(((LDAPUser) user).getDN(), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("userpassword", str))});
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public boolean validateCertificate(User user, X509Certificate x509Certificate) {
        return false;
    }

    public boolean updateCertificate(User user, X509Certificate x509Certificate) {
        try {
            LDAPUser lDAPUser = (LDAPUser) user;
            lDAPUser.setAttribute("usercertificate", new String(Base64.encodeBytes(x509Certificate.getEncoded())));
            this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("usercertificate", x509Certificate.getEncoded()))});
            return true;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void constructContext() {
        if (this.ctx != null) {
            try {
                this.ctx.close();
            } catch (NamingException e) {
            }
        }
        Properties properties = new Properties();
        properties.setProperty("java.naming.factory.initial", this.ldapConfiguration.getFactoryName());
        properties.setProperty("java.naming.security.authentication", this.ldapConfiguration.getAuthType());
        String protocol = this.ldapConfiguration.getProtocol();
        if (protocol != null) {
            properties.setProperty("java.naming.security.protocol", protocol);
        }
        String bindDN = this.ldapConfiguration.getBindDN();
        char[] charArray = this.ldapConfiguration.getBindCredential() != null ? this.ldapConfiguration.getBindCredential().toCharArray() : null;
        if (bindDN != null) {
            properties.setProperty("java.naming.security.principal", bindDN);
            properties.put("java.naming.security.credentials", charArray);
        }
        String ldapURL = this.ldapConfiguration.getLdapURL();
        if (ldapURL == null) {
            throw new RuntimeException("url");
        }
        properties.setProperty("java.naming.provider.url", ldapURL);
        Properties additionalProperties = this.ldapConfiguration.getAdditionalProperties();
        for (Object obj : additionalProperties.keySet()) {
            properties.setProperty((String) obj, additionalProperties.getProperty((String) obj));
        }
        try {
            this.ctx = new InitialLdapContext(properties, (Control[]) null);
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    private void updateADPassword(LDAPUser lDAPUser, String str) {
        try {
            this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("unicodePwd", ("\"" + str + "\"").getBytes("UTF-16LE")))});
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
