package org.rhq.enterprise.server.resource.group;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.InvalidSearchFilterException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.common.composite.SystemSetting;
import org.rhq.core.domain.resource.group.LdapGroup;
import org.rhq.core.domain.util.PageControl;
import org.rhq.core.domain.util.PageList;
import org.rhq.core.server.PersistenceUtility;
import org.rhq.enterprise.server.RHQConstants;
import org.rhq.enterprise.server.auth.SubjectManagerLocal;
import org.rhq.enterprise.server.authz.RequiredPermission;
import org.rhq.enterprise.server.exception.LdapCommunicationException;
import org.rhq.enterprise.server.exception.LdapFilterException;
import org.rhq.enterprise.server.system.SystemManagerLocal;
import org.rhq.enterprise.server.util.security.UntrustedSSLSocketFactory;

@Stateless
/* loaded from: input_file:lib/rhq-enterprise-server-4.2.0.jar:org/rhq/enterprise/server/resource/group/LdapGroupManagerBean.class */
public class LdapGroupManagerBean implements LdapGroupManagerLocal {
    private Log log = LogFactory.getLog(LdapGroupManagerBean.class);
    private static final String BASEDN_DELIMITER = ";";

    @PersistenceContext(unitName = RHQConstants.PERSISTENCE_UNIT_NAME)
    private EntityManager entityManager;

    @EJB
    private SubjectManagerLocal subjectManager;

    @EJB
    private SystemManagerLocal systemManager;

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Set<Map<String, String>> findAvailableGroups() {
        Properties systemConfiguration = this.systemManager.getSystemConfiguration(this.subjectManager.getOverlord());
        HashSet hashSet = new HashSet();
        String str = (String) systemConfiguration.get(RHQConstants.LDAPGroupFilter);
        return (str == null || str.trim().isEmpty()) ? hashSet : buildGroup(systemConfiguration, String.format("(%s)", str));
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Set<String> findAvailableGroupsFor(String str) {
        Properties systemConfiguration = this.systemManager.getSystemConfiguration(this.subjectManager.getOverlord());
        String property = systemConfiguration.getProperty(RHQConstants.LDAPGroupFilter, "");
        String property2 = systemConfiguration.getProperty(RHQConstants.LDAPGroupMember, "");
        String userDN = getUserDN(systemConfiguration, str);
        HashSet hashSet = new HashSet();
        if (userDN == null || userDN.trim().length() <= 0) {
            this.log.debug("Group lookup will not be performed due to no UserDN found for user " + str);
        } else {
            String format = String.format("(&(%s)(%s=%s))", property, property2, LDAPStringUtil.encodeForFilter(userDN));
            Set<Map<String, String>> buildGroup = buildGroup(systemConfiguration, format);
            this.log.trace("Located '" + buildGroup.size() + "' LDAP groups for user '" + str + "' using following ldap filter '" + format + "'.");
            Iterator<Map<String, String>> it = buildGroup.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().get("id"));
            }
        }
        return hashSet;
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void setLdapGroupsOnRole(Subject subject, int i, Set<LdapGroup> set) {
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Role with id [" + i + "] does not exist.");
        }
        Set<LdapGroup> ldapGroups = role.getLdapGroups();
        ArrayList arrayList = new ArrayList(ldapGroups.size());
        Iterator<LdapGroup> it = ldapGroups.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        ArrayList arrayList2 = new ArrayList(set.size());
        Iterator<LdapGroup> it2 = set.iterator();
        while (it2.hasNext()) {
            arrayList2.add(it2.next().getName());
        }
        List<String> arrayList3 = new ArrayList<>(arrayList2);
        arrayList3.removeAll(arrayList);
        addLdapGroupsToRole(subject, i, arrayList3);
        ArrayList arrayList4 = new ArrayList(arrayList);
        arrayList4.removeAll(arrayList2);
        int[] iArr = new int[arrayList4.size()];
        int i2 = 0;
        for (LdapGroup ldapGroup : ldapGroups) {
            if (arrayList4.contains(ldapGroup.getName())) {
                int i3 = i2;
                i2++;
                iArr[i3] = ldapGroup.getId();
            }
        }
        removeLdapGroupsFromRole(subject, i, iArr);
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void addLdapGroupsToRole(Subject subject, int i, List<String> list) {
        if (list == null || list.size() <= 0) {
            return;
        }
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to add LDAP groups to.");
        }
        role.getLdapGroups().size();
        for (String str : list) {
            LdapGroup ldapGroup = new LdapGroup();
            ldapGroup.setName(str);
            role.addLdapGroup(ldapGroup);
        }
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    @RequiredPermission(Permission.MANAGE_SECURITY)
    public void removeLdapGroupsFromRole(Subject subject, int i, int[] iArr) {
        if (iArr == null || iArr.length <= 0) {
            return;
        }
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to remove LDAP groups from.");
        }
        role.getLdapGroups().size();
        for (int i2 : iArr) {
            Integer valueOf = Integer.valueOf(i2);
            LdapGroup ldapGroup = (LdapGroup) this.entityManager.find(LdapGroup.class, valueOf);
            if (ldapGroup == null) {
                throw new IllegalArgumentException("Tried to remove doomedGroup[" + valueOf + "] from role[" + i + "], but doomedGroup was not found.");
            }
            role.removeLdapGroup(ldapGroup);
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(LdapGroup.DELETE_BY_ID);
        LinkedList linkedList = new LinkedList();
        for (int i3 : iArr) {
            linkedList.add(Integer.valueOf(i3));
        }
        createNamedQuery.setParameter("ids", linkedList);
        createNamedQuery.executeUpdate();
    }

    private List<Role> findRolesByLdapGroupNames(List<String> list) {
        if (list.isEmpty()) {
            return Collections.EMPTY_LIST;
        }
        Query createNamedQuery = this.entityManager.createNamedQuery(LdapGroup.FIND_BY_ROLES_GROUP_NAMES);
        createNamedQuery.setParameter("names", list);
        return createNamedQuery.getResultList();
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public void assignRolesToLdapSubject(int i, List<String> list) {
        Subject subject = (Subject) this.entityManager.find(Subject.class, Integer.valueOf(i));
        List<Role> findRolesByLdapGroupNames = findRolesByLdapGroupNames(list);
        subject.getRoles().clear();
        subject.getLdapRoles().clear();
        for (Role role : findRolesByLdapGroupNames) {
            subject.addRole(role);
            subject.addLdapRole(role);
        }
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public PageList<LdapGroup> findLdapGroupsByRole(int i, PageControl pageControl) {
        Role role = (Role) this.entityManager.find(Role.class, Integer.valueOf(i));
        if (role == null) {
            throw new IllegalArgumentException("Could not find role[" + i + "] to lookup ldap Groups on");
        }
        return new PageList<>(role.getLdapGroups(), role.getLdapGroups().size(), pageControl);
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public PageList<LdapGroup> findLdapGroups(PageControl pageControl) {
        pageControl.initDefaultOrderingField("g.name");
        Query createCountQuery = PersistenceUtility.createCountQuery(this.entityManager, LdapGroup.QUERY_FIND_ALL);
        return new PageList<>(PersistenceUtility.createQueryWithOrderBy(this.entityManager, LdapGroup.QUERY_FIND_ALL, pageControl).getResultList(), (int) ((Long) createCountQuery.getSingleResult()).longValue(), pageControl);
    }

    private String getUserDN(Properties properties, String str) {
        return findLdapUserDetails(str).get("dn");
    }

    @Override // org.rhq.enterprise.server.resource.group.LdapGroupManagerLocal
    public Map<String, String> findLdapUserDetails(String str) {
        String str2;
        Properties systemConfiguration = this.systemManager.getSystemConfiguration(this.subjectManager.getOverlord());
        HashMap hashMap = new HashMap();
        Properties properties = getProperties(systemConfiguration);
        String str3 = (String) systemConfiguration.get(RHQConstants.LDAPBaseDN);
        String str4 = (String) systemConfiguration.get(RHQConstants.LDAPLoginProperty);
        if (str4 == null) {
            str4 = "cn";
        }
        String str5 = (String) systemConfiguration.get(RHQConstants.LDAPBindDN);
        String str6 = (String) systemConfiguration.get(RHQConstants.LDAPBindPW);
        String str7 = (String) systemConfiguration.get(RHQConstants.LDAPFilter);
        if (str5 != null) {
            properties.setProperty("java.naming.security.principal", str5);
            properties.setProperty("java.naming.security.credentials", str6);
            properties.setProperty("java.naming.security.authentication", "simple");
        }
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(properties, (Control[]) null);
            SearchControls searchControls = getSearchControls();
            String str8 = (str7 == null || str7.length() == 0) ? "(" + str4 + "=" + str + ")" : "(&(" + str4 + "=" + str + ")(" + str7 + "))";
            this.log.debug("Using LDAP filter [" + str8 + "] to locate user details for " + str);
            String[] split = str3.split(BASEDN_DELIMITER);
            for (int i = 0; i < split.length; i++) {
                NamingEnumeration search = initialLdapContext.search(split[i], str8, searchControls);
                if (search.hasMoreElements()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    try {
                        str2 = searchResult.getNameInNamespace();
                    } catch (UnsupportedOperationException e) {
                        String name = searchResult.getName();
                        if (name.startsWith("\"")) {
                            name = name.substring(1, name.length());
                        }
                        if (name.endsWith("\"")) {
                            name = name.substring(0, name.length() - 1);
                        }
                        str2 = name + "," + split[i];
                    }
                    hashMap.put("dn", str2);
                    NamingEnumeration iDs = searchResult.getAttributes().getIDs();
                    while (iDs.hasMore()) {
                        String str9 = (String) iDs.next();
                        Attribute attribute = searchResult.getAttributes().get(str9);
                        if (attribute != null) {
                            hashMap.put(str9, attribute.get() + "");
                        }
                    }
                    return hashMap;
                }
                this.log.debug("User " + str + " not found for BaseDN " + split[i]);
            }
            return hashMap;
        } catch (NamingException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    protected Set<Map<String, String>> buildGroup(Properties properties, String str) {
        HashSet hashSet = new HashSet();
        Properties properties2 = getProperties(properties);
        String str2 = (String) properties.get(RHQConstants.LDAPBaseDN);
        if (((String) properties.get(RHQConstants.LDAPLoginProperty)) == null) {
        }
        String str3 = (String) properties.get(RHQConstants.LDAPBindDN);
        String str4 = (String) properties.get(RHQConstants.LDAPBindPW);
        if (str3 != null) {
            properties2.setProperty("java.naming.security.principal", str3);
            properties2.setProperty("java.naming.security.credentials", str4);
            properties2.setProperty("java.naming.security.authentication", "simple");
        }
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(properties2, (Control[]) null);
            SearchControls searchControls = getSearchControls();
            for (String str5 : str2.split(BASEDN_DELIMITER)) {
                NamingEnumeration search = initialLdapContext.search(str5, str, searchControls);
                while (0 == 0 && search.hasMoreElements()) {
                    try {
                        SearchResult searchResult = (SearchResult) search.next();
                        HashMap hashMap = new HashMap();
                        String trim = ((String) searchResult.getAttributes().get("cn").get()).trim();
                        Attribute attribute = searchResult.getAttributes().get("description");
                        String trim2 = (attribute != null ? (String) attribute.get() : "").trim();
                        hashMap.put("id", trim);
                        hashMap.put("name", trim);
                        hashMap.put("description", trim2);
                        hashSet.add(hashMap);
                    } catch (NullPointerException e) {
                    }
                }
            }
            return hashSet;
        } catch (NamingException e2) {
            if (!(e2 instanceof InvalidSearchFilterException)) {
                this.log.error("LDAP communication error: " + e2.getMessage(), e2);
                throw new LdapCommunicationException(e2);
            }
            Throwable th = (InvalidSearchFilterException) e2;
            this.log.error("The ldap group filter defined is invalid ", th);
            throw new LdapFilterException("The ldap group filter defined is invalid  " + th.getMessage());
        }
    }

    private Properties getProperties(Properties properties) {
        Properties properties2 = new Properties(properties);
        properties2.setProperty("java.naming.factory.initial", properties2.getProperty(RHQConstants.LDAPFactory));
        boolean equals = Boolean.TRUE.toString().equals(properties2.getProperty(SystemSetting.USE_SSL_FOR_LDAP.getInternalName()));
        if (equals) {
            if (properties2.getProperty("java.naming.ldap.factory.socket") == null) {
                properties2.put("java.naming.ldap.factory.socket", UntrustedSSLSocketFactory.class.getName());
            }
            properties2.put("java.naming.security.protocol", RHQConstants.LDAP_PROTOCOL_SECURED);
        }
        String property = properties2.getProperty(RHQConstants.LDAPUrl);
        if (property == null) {
            property = "ldap://localhost:" + (equals ? 636 : 389);
        }
        properties2.setProperty("java.naming.provider.url", property);
        properties2.setProperty("java.naming.referral", "ignore");
        return properties2;
    }

    private SearchControls getSearchControls() {
        return new SearchControls(2, 0L, 0, (String[]) null, false, false);
    }
}
