package org.picketlink.idm.ldap.internal;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import org.picketlink.idm.credential.Credential;
import org.picketlink.idm.credential.PasswordCredential;
import org.picketlink.idm.credential.X509CertificateCredential;
import org.picketlink.idm.internal.util.Base64;
import org.picketlink.idm.internal.util.IDMUtil;
import org.picketlink.idm.ldap.internal.LDAPObjectChangedNotification;
import org.picketlink.idm.model.DefaultMembership;
import org.picketlink.idm.model.Group;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Membership;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.GroupQuery;
import org.picketlink.idm.query.MembershipQuery;
import org.picketlink.idm.query.Range;
import org.picketlink.idm.query.RoleQuery;
import org.picketlink.idm.query.UserQuery;
import org.picketlink.idm.spi.IdentityStore;
import org.picketlink.idm.spi.IdentityStoreInvocationContext;

/* loaded from: input_file:org/picketlink/idm/ldap/internal/LDAPIdentityStore.class */
public class LDAPIdentityStore implements IdentityStore, LDAPChangeNotificationHandler, ManagedAttributeLookup {
    private static final String USER_CERTIFICATE_ATTRIBUTE = "usercertificate";
    private static final String USER_PASSWORD_ATTRIBUTE = "userpassword";
    protected String userDNSuffix;
    protected String roleDNSuffix;
    protected String groupDNSuffix;
    public final String COMMA = DirContextAdaptor.COMMA;
    public final String EQUAL = DirContextAdaptor.EQUAL;
    protected DirContext ctx = null;
    protected boolean isActiveDirectory = false;
    protected List<String> managedAttributes = new ArrayList();
    protected LDAPConfiguration ldapConfiguration = null;

    public void setConfiguration(LDAPConfiguration lDAPConfiguration) {
        this.ldapConfiguration = lDAPConfiguration;
        this.userDNSuffix = lDAPConfiguration.getUserDNSuffix();
        this.roleDNSuffix = lDAPConfiguration.getRoleDNSuffix();
        this.groupDNSuffix = lDAPConfiguration.getGroupDNSuffix();
        this.isActiveDirectory = lDAPConfiguration.isActiveDirectory();
        constructContext();
    }

    public void createUser(IdentityStoreInvocationContext identityStoreInvocationContext, User user) {
        LDAPUser lDAPUser;
        if (user.getId() == null) {
            throw new RuntimeException("No identifier was provided. You should provide one before storing the user.");
        }
        if (user instanceof LDAPUser) {
            lDAPUser = (LDAPUser) user;
        } else {
            lDAPUser = new LDAPUser();
            lDAPUser.setId(user.getId());
            lDAPUser.setFirstName(user.getFirstName());
            lDAPUser.setLastName(user.getLastName());
            lDAPUser.setEmail(user.getEmail());
            for (String str : user.getAttributes().keySet()) {
                lDAPUser.setAttribute(str, user.getAttribute(str));
            }
        }
        lDAPUser.setLookup(this);
        lDAPUser.setLDAPChangeNotificationHandler(this);
        lDAPUser.setUserDNSuffix(this.userDNSuffix);
        try {
            this.ctx.bind(lDAPUser.getDN(), lDAPUser);
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public void removeUser(IdentityStoreInvocationContext identityStoreInvocationContext, User user) {
        try {
            LDAPUser lDAPUser = (LDAPUser) getUser(identityStoreInvocationContext, user.getId());
            String str = lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN();
            try {
                this.ctx.destroySubcontext(str);
            } catch (Exception e) {
            }
            this.ctx.destroySubcontext(lDAPUser.getDN());
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public User getUser(IdentityStoreInvocationContext identityStoreInvocationContext, String str) {
        LDAPUser lDAPUser = null;
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(LDAPConstants.UID, str));
            NamingEnumeration search = this.ctx.search(this.userDNSuffix, basicAttributes);
            if (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                lDAPUser = new LDAPUser();
                lDAPUser.setLookup(this);
                lDAPUser.setUserDNSuffix(this.userDNSuffix);
                lDAPUser.addAllLDAPAttributes(attributes);
                lDAPUser.setLDAPChangeNotificationHandler(this);
                try {
                    LDAPUserCustomAttributes lDAPUserCustomAttributes = (LDAPUserCustomAttributes) this.ctx.lookup(lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN());
                    if (lDAPUserCustomAttributes != null) {
                        lDAPUser.setCustomAttributes(lDAPUserCustomAttributes);
                    }
                } catch (Exception e) {
                }
            }
            return lDAPUser;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public Group createGroup(IdentityStoreInvocationContext identityStoreInvocationContext, String str, Group group) {
        ensureGroupDNExists();
        LDAPGroup lDAPGroup = new LDAPGroup();
        lDAPGroup.setLDAPChangeNotificationHandler(this);
        lDAPGroup.setName(str);
        lDAPGroup.setGroupDNSuffix(this.groupDNSuffix);
        try {
            this.ctx.bind(lDAPGroup.getDN(), lDAPGroup);
            if (group != null) {
                lDAPGroup.setParentGroup(group);
                LDAPGroup lDAPGroup2 = (LDAPGroup) getGroup(identityStoreInvocationContext, group.getName());
                lDAPGroup.setParentGroup(lDAPGroup2);
                lDAPGroup2.addChildGroup(lDAPGroup);
                try {
                    this.ctx.rebind(lDAPGroup2.getDN(), lDAPGroup2);
                } catch (NamingException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }
            return lDAPGroup;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public void removeGroup(IdentityStoreInvocationContext identityStoreInvocationContext, Group group) {
        try {
            this.ctx.destroySubcontext(((LDAPGroup) getGroup(identityStoreInvocationContext, group.getId())).getDN());
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Group getGroup(IdentityStoreInvocationContext identityStoreInvocationContext, String str) {
        LDAPGroup lDAPGroup = null;
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(LDAPConstants.CN, str));
            NamingEnumeration search = this.ctx.search(this.groupDNSuffix, basicAttributes);
            while (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                lDAPGroup = new LDAPGroup();
                lDAPGroup.setGroupDNSuffix(this.groupDNSuffix);
                lDAPGroup.addAllLDAPAttributes(attributes);
                Group parentGroup = getParentGroup(identityStoreInvocationContext, lDAPGroup);
                if (parentGroup != null) {
                    lDAPGroup.setParentGroup(parentGroup);
                }
                lDAPGroup.setLDAPChangeNotificationHandler(this);
            }
            return lDAPGroup;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Role createRole(IdentityStoreInvocationContext identityStoreInvocationContext, String str) {
        LDAPRole lDAPRole = new LDAPRole();
        lDAPRole.setLDAPChangeNotificationHandler(this);
        lDAPRole.setName(str);
        lDAPRole.setRoleDNSuffix(this.roleDNSuffix);
        try {
            this.ctx.bind(lDAPRole.getDN(), lDAPRole);
            return lDAPRole;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public void removeRole(IdentityStoreInvocationContext identityStoreInvocationContext, Role role) {
        try {
            this.ctx.destroySubcontext(((LDAPRole) getRole(identityStoreInvocationContext, role.getName())).getDN());
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Role getRole(IdentityStoreInvocationContext identityStoreInvocationContext, String str) {
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(LDAPConstants.CN, str));
            NamingEnumeration search = this.ctx.search(this.roleDNSuffix, basicAttributes);
            if (search.hasMore()) {
                return new LDAPRole(((SearchResult) search.next()).getAttributes(), this.roleDNSuffix);
            }
            return null;
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public Membership createMembership(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityType identityType, Group group, Role role) {
        if (!(identityType instanceof User)) {
            if (identityType instanceof Group) {
                return null;
            }
            throw new IllegalArgumentException("The member parameter must be an instance of User or Group");
        }
        LDAPRole lDAPRole = (LDAPRole) getRole(identityStoreInvocationContext, role.getName());
        LDAPUser lDAPUser = (LDAPUser) getUser(identityStoreInvocationContext, ((User) identityType).getId());
        LDAPGroup lDAPGroup = (LDAPGroup) getGroup(identityStoreInvocationContext, group.getName());
        lDAPRole.addUser(lDAPUser);
        lDAPGroup.addRole(lDAPRole);
        lDAPGroup.addUser(lDAPUser);
        try {
            this.ctx.modifyAttributes(lDAPRole.getDN(), 2, lDAPRole.getAttributes(LDAPConstants.MEMBER));
            try {
                this.ctx.modifyAttributes(lDAPGroup.getDN(), 2, lDAPGroup.getAttributes(LDAPConstants.MEMBER));
                return new DefaultMembership(lDAPUser, lDAPRole, lDAPGroup);
            } catch (NamingException e) {
                throw new RuntimeException("Error while modifying members of group [" + lDAPGroup.getName() + "].", e);
            }
        } catch (NamingException e2) {
            throw new RuntimeException("Error while modifying members of role [" + lDAPRole.getName() + "].", e2);
        }
    }

    public void removeMembership(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityType identityType, Group group, Role role) {
        if (!(identityType instanceof User)) {
            if (identityType instanceof Group) {
            }
            return;
        }
        LDAPRole lDAPRole = (LDAPRole) getRole(identityStoreInvocationContext, role.getName());
        LDAPUser lDAPUser = (LDAPUser) getUser(identityStoreInvocationContext, ((User) identityType).getFullName());
        LDAPGroup lDAPGroup = (LDAPGroup) getGroup(identityStoreInvocationContext, group.getName());
        lDAPRole.removeUser(lDAPUser);
        lDAPGroup.removeRole(lDAPRole);
    }

    public Membership getMembership(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityType identityType, Group group, Role role) {
        return null;
    }

    public List<User> executeQuery(IdentityStoreInvocationContext identityStoreInvocationContext, UserQuery userQuery, Range range) {
        ArrayList arrayList = new ArrayList();
        Map<String, String[]> attributeFilters = userQuery.getAttributeFilters();
        if (attributeFilters != null) {
            Attributes managedAttributes = getManagedAttributes(attributeFilters);
            if (managedAttributes.size() == 0) {
                for (User user : getAllUsers()) {
                    if (userHasRequiredAttributes((LDAPUser) user, attributeFilters)) {
                        arrayList.add(user);
                    }
                }
                return arrayList;
            }
            try {
                NamingEnumeration search = this.ctx.search(this.userDNSuffix, managedAttributes);
                while (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    LDAPUser lDAPUser = new LDAPUser();
                    lDAPUser.setLookup(this);
                    lDAPUser.setUserDNSuffix(this.userDNSuffix);
                    lDAPUser.addAllLDAPAttributes(attributes);
                    lDAPUser.setLDAPChangeNotificationHandler(this);
                    try {
                        LDAPUserCustomAttributes lDAPUserCustomAttributes = (LDAPUserCustomAttributes) this.ctx.lookup(lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN());
                        if (lDAPUserCustomAttributes != null) {
                            lDAPUser.setCustomAttributes(lDAPUserCustomAttributes);
                        }
                    } catch (Exception e) {
                    }
                    if (userHasRequiredAttributes(lDAPUser, attributeFilters)) {
                        arrayList.add(lDAPUser);
                    }
                }
            } catch (NamingException e2) {
                throw new RuntimeException("Error executing user query.", e2);
            }
        }
        return arrayList;
    }

    public List<Group> executeQuery(IdentityStoreInvocationContext identityStoreInvocationContext, GroupQuery groupQuery, Range range) {
        Group parentGroup;
        ArrayList arrayList = new ArrayList();
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            if (groupQuery.getId() != null) {
                basicAttributes.put(LDAPConstants.CN, groupQuery.getId());
            }
            if (groupQuery.getName() != null) {
                basicAttributes.put(LDAPConstants.CN, groupQuery.getName());
            }
            if (groupQuery.getRelatedUser() != null) {
                basicAttributes.put(LDAPConstants.MEMBER, ((LDAPUser) getUser(identityStoreInvocationContext, groupQuery.getRelatedUser().getId())).getDN());
            }
            if (groupQuery.getRole() != null) {
                basicAttributes.put(LDAPConstants.MEMBER, ((LDAPRole) getRole(identityStoreInvocationContext, groupQuery.getRole().getName())).getDN());
            }
            NamingEnumeration search = this.ctx.search(this.groupDNSuffix, basicAttributes);
            while (search.hasMore()) {
                boolean z = true;
                LDAPGroup lDAPGroup = new LDAPGroup(((SearchResult) search.next()).getAttributes(), this.groupDNSuffix);
                if (groupQuery.getParentGroup() != null && ((parentGroup = getParentGroup(identityStoreInvocationContext, lDAPGroup)) == null || !groupQuery.getParentGroup().getId().equals(parentGroup.getId()))) {
                    z = false;
                }
                if (z) {
                    arrayList.add(lDAPGroup);
                }
            }
            return arrayList;
        } catch (NamingException e) {
            throw new RuntimeException("Error executing group query.", e);
        }
    }

    public List<Role> executeQuery(IdentityStoreInvocationContext identityStoreInvocationContext, RoleQuery roleQuery, Range range) {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            if (roleQuery.getName() != null) {
                basicAttributes.put(LDAPConstants.CN, roleQuery.getName());
            }
            NamingEnumeration search = this.ctx.search(this.roleDNSuffix, basicAttributes);
            while (search.hasMore()) {
                boolean z = true;
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                LDAPRole lDAPRole = new LDAPRole(attributes, this.roleDNSuffix);
                if (roleQuery.getOwner() != null) {
                    Attribute attribute2 = attributes.get(LDAPConstants.MEMBER);
                    LDAPUser lDAPUser = (LDAPUser) roleQuery.getOwner();
                    if (attribute2 == null || !attribute2.contains(lDAPUser.getDN())) {
                        z = false;
                    }
                }
                if (roleQuery.getGroup() != null && ((attribute = ((LDAPGroup) getGroup(identityStoreInvocationContext, roleQuery.getGroup().getName())).getLDAPAttributes().get(LDAPConstants.MEMBER)) == null || !attribute.contains(lDAPRole.getDN()))) {
                    z = false;
                }
                if (z) {
                    arrayList.add(lDAPRole);
                }
            }
            return arrayList;
        } catch (NamingException e) {
            throw new RuntimeException("Error executing role query.", e);
        }
    }

    public List<Membership> executeQuery(IdentityStoreInvocationContext identityStoreInvocationContext, MembershipQuery membershipQuery, Range range) {
        return null;
    }

    public void setAttribute(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityType identityType, String str, String[] strArr) {
        if (identityType instanceof User) {
            LDAPUser lDAPUser = identityType instanceof LDAPUser ? (LDAPUser) identityType : (LDAPUser) getUser(identityStoreInvocationContext, ((User) identityType).getFullName());
            if (isManaged(str)) {
                lDAPUser.setAttribute(str, strArr);
                return;
            } else {
                lDAPUser.setCustomAttribute(str, strArr);
                return;
            }
        }
        if (identityType instanceof Group) {
            (identityType instanceof LDAPGroup ? (LDAPGroup) identityType : (LDAPGroup) getGroup(identityStoreInvocationContext, ((Group) identityType).getName())).setAttribute(str, strArr);
        } else if (identityType instanceof Role) {
            (identityType instanceof LDAPGroup ? (LDAPRole) identityType : (LDAPRole) getRole(identityStoreInvocationContext, ((Role) identityType).getName())).setAttribute(str, strArr);
        }
    }

    public void removeAttribute(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityType identityType, String str) {
        if (identityType instanceof User) {
            if (!(identityType instanceof LDAPUser)) {
                throw new RuntimeException("Wrong type:" + identityType);
            }
            ((LDAPUser) identityType).removeAttribute(str);
        } else if (identityType instanceof Group) {
            (identityType instanceof LDAPGroup ? (LDAPGroup) identityType : (LDAPGroup) getGroup(identityStoreInvocationContext, ((Group) identityType).getName())).removeAttribute(str);
        } else if (identityType instanceof Role) {
            (identityType instanceof LDAPGroup ? (LDAPRole) identityType : (LDAPRole) getRole(identityStoreInvocationContext, ((Role) identityType).getName())).removeAttribute(str);
        }
    }

    public String[] getAttributeValues(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityType identityType, String str) {
        if (identityType instanceof User) {
            if (identityType instanceof LDAPUser) {
                return ((LDAPUser) identityType).getAttributeValues(str);
            }
            throw new RuntimeException("Wrong type:" + identityType);
        }
        if (identityType instanceof Group) {
            return (identityType instanceof LDAPGroup ? (LDAPGroup) identityType : (LDAPGroup) getGroup(identityStoreInvocationContext, ((Group) identityType).getName())).getAttributeValues(str);
        }
        if (identityType instanceof Role) {
            return (identityType instanceof LDAPGroup ? (LDAPRole) identityType : (LDAPRole) getRole(identityStoreInvocationContext, ((Role) identityType).getName())).getAttributeValues(str);
        }
        throw new IllegalArgumentException("identity parameter must be an instance of User, Group or Role");
    }

    public Map<String, String[]> getAttributes(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityType identityType) {
        if (identityType instanceof User) {
            if (identityType instanceof LDAPUser) {
                return ((LDAPUser) identityType).getAttributes();
            }
            throw new RuntimeException("Wrong type:" + identityType);
        }
        if (identityType instanceof Group) {
            return (identityType instanceof LDAPGroup ? (LDAPGroup) identityType : (LDAPGroup) getGroup(identityStoreInvocationContext, ((Group) identityType).getName())).getAttributes();
        }
        if (!(identityType instanceof Role)) {
            throw new IllegalArgumentException("identity parameter must be an instance of User, Group or Role");
        }
        Object obj = null;
        return (obj instanceof LDAPRole ? (LDAPRole) identityType : (LDAPRole) getRole(identityStoreInvocationContext, ((Role) identityType).getName())).getAttributes();
    }

    protected void ensureGroupDNExists() {
        try {
            if (this.ctx.lookup(this.groupDNSuffix) == null) {
                createGroupDN();
            }
        } catch (NamingException e) {
            if (!(e instanceof NameNotFoundException)) {
                throw new RuntimeException((Throwable) e);
            }
            createGroupDN();
        }
    }

    protected void createGroupDN() {
        try {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            BasicAttribute basicAttribute = new BasicAttribute(LDAPConstants.OBJECT_CLASS);
            basicAttribute.add("top");
            basicAttribute.add("organizationalUnit");
            basicAttributes.put(basicAttribute);
            this.ctx.createSubcontext(this.groupDNSuffix, basicAttributes);
        } catch (NamingException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    protected Group getParentGroup(IdentityStoreInvocationContext identityStoreInvocationContext, LDAPGroup lDAPGroup) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        basicAttributes.put(new BasicAttribute(LDAPConstants.MEMBER, "cn=" + lDAPGroup.getName() + DirContextAdaptor.COMMA + this.groupDNSuffix));
        try {
            NamingEnumeration search = this.ctx.search(this.groupDNSuffix, basicAttributes, new String[]{LDAPConstants.CN});
            if (search.hasMoreElements()) {
                return getGroup(identityStoreInvocationContext, (String) ((SearchResult) search.nextElement()).getAttributes().get(LDAPConstants.CN).get());
            }
            return null;
        } catch (NamingException e) {
            throw new RuntimeException("Error looking parent group for [" + lDAPGroup.getDN() + "]", e);
        }
    }

    @Override // org.picketlink.idm.ldap.internal.LDAPChangeNotificationHandler
    public void handle(LDAPObjectChangedNotification lDAPObjectChangedNotification) {
        DirContext lDAPObject = lDAPObjectChangedNotification.getLDAPObject();
        if (lDAPObject instanceof LDAPUser) {
            LDAPUser lDAPUser = (LDAPUser) lDAPObject;
            LDAPUserCustomAttributes customAttributes = lDAPUser.getCustomAttributes();
            try {
                String dn = lDAPUser.getDN();
                if (lDAPObjectChangedNotification.getNtype() == LDAPObjectChangedNotification.NType.ADD_ATTRIBUTE) {
                    Attribute attribute = lDAPObjectChangedNotification.getAttribute();
                    if (attribute == null) {
                        throw new RuntimeException("attrib is null");
                    }
                    this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(1, attribute)});
                }
                if (lDAPObjectChangedNotification.getNtype() == LDAPObjectChangedNotification.NType.REPLACE_ATTRIBUTE) {
                    Attribute attribute2 = lDAPObjectChangedNotification.getAttribute();
                    if (attribute2 == null) {
                        throw new RuntimeException("attrib is null");
                    }
                    this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(2, attribute2)});
                }
                if (lDAPObjectChangedNotification.getNtype() == LDAPObjectChangedNotification.NType.REMOVE_ATTRIBUTE) {
                    Attribute attribute3 = lDAPObjectChangedNotification.getAttribute();
                    if (attribute3 == null) {
                        throw new RuntimeException("attrib is null");
                    }
                    this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(3, attribute3)});
                }
                this.ctx.rebind(customAttributes.getDN() + DirContextAdaptor.COMMA + dn, customAttributes);
            } catch (NamingException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    @Override // org.picketlink.idm.ldap.internal.ManagedAttributeLookup
    public boolean isManaged(String str) {
        if (this.managedAttributes.contains(str)) {
            return true;
        }
        if (!checkDirectoryServerForAttributePresence(str)) {
            return false;
        }
        this.managedAttributes.add(str);
        return true;
    }

    private boolean checkDirectoryServerForAttributePresence(String str) {
        try {
            return ((DirContext) this.ctx.getSchema("").lookup(new StringBuilder().append("AttributeDefinition/").append(str).toString())) != null;
        } catch (Exception e) {
            return false;
        }
    }

    private Attributes getManagedAttributes(Map<String, String[]> map) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        for (String str : map.keySet()) {
            if (isManaged(str)) {
                basicAttributes.put(str, map.get(str));
            }
        }
        return basicAttributes;
    }

    private boolean userHasRequiredAttributes(LDAPUser lDAPUser, Map<String, String[]> map) {
        for (String str : map.keySet()) {
            if (!IDMUtil.arraysEqual(map.get(str), lDAPUser.getAttributeValues(str))) {
                return false;
            }
        }
        return true;
    }

    private List<User> getAllUsers() {
        ArrayList arrayList = new ArrayList();
        try {
            NamingEnumeration search = this.ctx.search(this.userDNSuffix, new BasicAttributes(true));
            while (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                LDAPUser lDAPUser = new LDAPUser();
                lDAPUser.setLookup(this);
                lDAPUser.setUserDNSuffix(this.userDNSuffix);
                lDAPUser.addAllLDAPAttributes(attributes);
                lDAPUser.setLDAPChangeNotificationHandler(this);
                try {
                    LDAPUserCustomAttributes lDAPUserCustomAttributes = (LDAPUserCustomAttributes) this.ctx.lookup(lDAPUser.getCustomAttributes().getDN() + DirContextAdaptor.COMMA + lDAPUser.getDN());
                    if (lDAPUserCustomAttributes != null) {
                        lDAPUser.setCustomAttributes(lDAPUserCustomAttributes);
                    }
                } catch (Exception e) {
                }
                arrayList.add(lDAPUser);
            }
            return arrayList;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public boolean validateCredential(IdentityStoreInvocationContext identityStoreInvocationContext, User user, Credential credential) {
        NamingEnumeration search;
        String str;
        if (!(credential instanceof PasswordCredential)) {
            throwsNotSupportedCredentialType(credential);
            return false;
        }
        PasswordCredential passwordCredential = (PasswordCredential) credential;
        boolean z = false;
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[0]);
            searchControls.setReturningObjFlag(true);
            search = this.ctx.search(this.userDNSuffix, "(&(objectClass=inetOrgPerson)(uid={0}))", new String[]{((LDAPUser) user).getId()}, searchControls);
            str = null;
            if (search.hasMore()) {
                str = ((SearchResult) search.next()).getNameInNamespace();
                System.out.println("dn: " + str);
            }
        } catch (NamingException e) {
        }
        if (str == null || search.hasMore()) {
            throw new NamingException("Authentication failed");
        }
        this.ctx.addToEnvironment("java.naming.security.principal", str);
        this.ctx.addToEnvironment("java.naming.security.credentials", passwordCredential.getPassword());
        this.ctx.lookup(str);
        z = true;
        constructContext();
        return z;
    }

    public void updateCredential(IdentityStoreInvocationContext identityStoreInvocationContext, User user, Credential credential) {
        if (credential instanceof PasswordCredential) {
            PasswordCredential passwordCredential = (PasswordCredential) credential;
            if (this.isActiveDirectory) {
                updateADPassword((LDAPUser) user, passwordCredential.getPassword());
                return;
            }
            try {
                this.ctx.modifyAttributes(((LDAPUser) user).getDN(), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(USER_PASSWORD_ATTRIBUTE, passwordCredential.getPassword()))});
                return;
            } catch (NamingException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        if (!(credential instanceof X509CertificateCredential)) {
            throwsNotSupportedCredentialType(credential);
            return;
        }
        X509CertificateCredential x509CertificateCredential = (X509CertificateCredential) credential;
        try {
            LDAPUser lDAPUser = (LDAPUser) user;
            lDAPUser.setAttribute(USER_CERTIFICATE_ATTRIBUTE, new String(Base64.encodeBytes(x509CertificateCredential.getCertificate().getEncoded())));
            this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(USER_CERTIFICATE_ATTRIBUTE, x509CertificateCredential.getCertificate().getEncoded()))});
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private void constructContext() {
        if (this.ctx != null) {
            try {
                this.ctx.close();
            } catch (NamingException e) {
            }
        }
        Properties properties = new Properties();
        properties.setProperty("java.naming.factory.initial", this.ldapConfiguration.getFactoryName());
        properties.setProperty("java.naming.security.authentication", this.ldapConfiguration.getAuthType());
        String protocol = this.ldapConfiguration.getProtocol();
        if (protocol != null) {
            properties.setProperty("java.naming.security.protocol", protocol);
        }
        String bindDN = this.ldapConfiguration.getBindDN();
        char[] charArray = this.ldapConfiguration.getBindCredential() != null ? this.ldapConfiguration.getBindCredential().toCharArray() : null;
        if (bindDN != null) {
            properties.setProperty("java.naming.security.principal", bindDN);
            properties.put("java.naming.security.credentials", charArray);
        }
        String ldapURL = this.ldapConfiguration.getLdapURL();
        if (ldapURL == null) {
            throw new RuntimeException("url");
        }
        properties.setProperty("java.naming.provider.url", ldapURL);
        Properties additionalProperties = this.ldapConfiguration.getAdditionalProperties();
        for (Object obj : additionalProperties.keySet()) {
            properties.setProperty((String) obj, additionalProperties.getProperty((String) obj));
        }
        try {
            this.ctx = new InitialLdapContext(properties, (Control[]) null);
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    private void updateADPassword(LDAPUser lDAPUser, String str) {
        try {
            this.ctx.modifyAttributes(lDAPUser.getDN(), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("unicodePwd", ("\"" + str + "\"").getBytes("UTF-16LE")))});
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void throwsNotSupportedCredentialType(Credential credential) throws IllegalArgumentException {
        throw new IllegalArgumentException("Credential type not supported: " + credential.getClass());
    }

    public Set<IdentityStore.Feature> getFeatureSet() {
        return null;
    }
}
