package org.wso2.carbon.user.core.ldap;

import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Map;
import java.util.StringTokenizer;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InvalidAttributeIdentifierException;
import javax.naming.directory.InvalidAttributeValueException;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.NoSuchAttributeException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.user.api.Properties;
import org.wso2.carbon.user.api.Property;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreConfigConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.util.JNDIUtil;
import org.wso2.carbon.utils.Secret;
import org.wso2.carbon.utils.UnsupportedSecretTypeException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.user.core-4.5.3.jar:org/wso2/carbon/user/core/ldap/ActiveDirectoryUserStoreManager.class */
public class ActiveDirectoryUserStoreManager extends ReadWriteLDAPUserStoreManager {
    private boolean isADLDSRole;
    private boolean isSSLConnection;
    private String userAccountControl;
    private String userAttributeSeparator;
    private static final String MULTI_ATTRIBUTE_SEPARATOR = "MultiAttributeSeparator";
    private static final String MULTI_ATTRIBUTE_SEPARATOR_DESCRIPTION = "This is the separator for multiple claim values";
    private static final String LDAPConnectionTimeout = "LDAPConnectionTimeout";
    private static final String LDAPConnectionTimeoutDescription = "LDAP Connection Timeout";
    private static final String BULK_IMPORT_SUPPORT = "BulkImportSupported";
    private static final String readTimeout = "ReadTimeout";
    private static final String readTimeoutDescription = "Configure this to define the read timeout for LDAP operations";
    private static final String RETRY_ATTEMPTS = "RetryAttempts";
    private static final String LDAPBinaryAttributesDescription = "Configure this to define the LDAP binary attributes seperated by a space. Ex:mpegVideo mySpecialKey";
    protected static final int MEMBERSHIP_ATTRIBUTE_RANGE_VALUE = 1500;
    private static Log logger = LogFactory.getLog(ActiveDirectoryUserStoreManager.class);
    private static final ArrayList<Property> ACTIVE_DIRECTORY_UM_ADVANCED_PROPERTIES = new ArrayList<>();

    public ActiveDirectoryUserStoreManager() {
        this.isADLDSRole = false;
        this.isSSLConnection = false;
        this.userAccountControl = "512";
        this.userAttributeSeparator = ",";
    }

    public ActiveDirectoryUserStoreManager(RealmConfiguration realmConfiguration, Map<String, Object> map, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, UserRealm userRealm, Integer num) throws UserStoreException {
        super(realmConfiguration, map, claimManager, profileConfigurationManager, userRealm, num);
        this.isADLDSRole = false;
        this.isSSLConnection = false;
        this.userAccountControl = "512";
        this.userAttributeSeparator = ",";
        checkRequiredUserStoreConfigurations();
    }

    public ActiveDirectoryUserStoreManager(RealmConfiguration realmConfiguration, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager) throws UserStoreException {
        super(realmConfiguration, claimManager, profileConfigurationManager);
        this.isADLDSRole = false;
        this.isSSLConnection = false;
        this.userAccountControl = "512";
        this.userAttributeSeparator = ",";
        checkRequiredUserStoreConfigurations();
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2) throws UserStoreException {
        addUser(str, obj, strArr, map, str2, false);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, boolean z) throws UserStoreException {
        boolean z2 = false;
        DirContext searchBaseDirectoryContext = getSearchBaseDirectoryContext();
        BasicAttributes addUserBasicAttributes = getAddUserBasicAttributes(str);
        if (!this.isADLDSRole) {
            BasicAttribute basicAttribute = new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL);
            basicAttribute.add(LDAPConstants.ACTIVE_DIRECTORY_DISABLED_NORMAL_ACCOUNT);
            addUserBasicAttributes.put(basicAttribute);
        }
        setUserClaims(map, addUserBasicAttributes, str);
        try {
            Secret secret = Secret.getSecret(obj);
            Name name = null;
            try {
                try {
                    name = searchBaseDirectoryContext.getNameParser("").parse("cn=" + escapeSpecialCharactersForDN(str));
                    searchBaseDirectoryContext.bind(name, (Object) null, addUserBasicAttributes);
                    z2 = true;
                    doUpdateRoleListOfUser(str, null, strArr);
                    if (!this.isSSLConnection) {
                        logger.warn("Unsecured connection is being used. Enabling user account operation will fail");
                    }
                    ModificationItem[] modificationItemArr = new ModificationItem[2];
                    modificationItemArr[0] = new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword(secret)));
                    if (this.isADLDSRole) {
                        modificationItemArr[1] = new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_MSDS_USER_ACCOUNT_DISSABLED, "FALSE"));
                    } else {
                        modificationItemArr[1] = new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL, this.userAccountControl));
                    }
                    searchBaseDirectoryContext.modifyAttributes(name, modificationItemArr);
                    secret.clear();
                    JNDIUtil.closeContext(searchBaseDirectoryContext);
                } catch (NamingException e) {
                    String str3 = "Error while adding the user to the Active Directory for user : " + str;
                    if (z2) {
                        try {
                            searchBaseDirectoryContext.unbind(name);
                            str3 = "Error while enabling the user account. Please check password policy at DC for user : " + str;
                        } catch (NamingException e2) {
                            throw new UserStoreException("Error while accessing the Active Directory for user : " + str, (Throwable) e);
                        }
                    }
                    throw new UserStoreException(str3, (Throwable) e);
                }
            } catch (Throwable th) {
                secret.clear();
                JNDIUtil.closeContext(searchBaseDirectoryContext);
                throw th;
            }
        } catch (UnsupportedSecretTypeException e3) {
            throw new UserStoreException("Unsupported credential type", e3);
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
    protected void setUserClaims(Map<String, String> map, BasicAttributes basicAttributes, String str) throws UserStoreException {
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (!"".equals(entry.getValue())) {
                    String key = entry.getKey();
                    if (key.equals(UserCoreConstants.PROFILE_CONFIGURATION)) {
                        continue;
                    } else {
                        try {
                            String claimAtrribute = getClaimAtrribute(key, str, null);
                            BasicAttribute basicAttribute = new BasicAttribute(claimAtrribute);
                            basicAttribute.add(map.get(entry.getKey()));
                            if (logger.isDebugEnabled()) {
                                logger.debug("AttributeName: " + claimAtrribute + " AttributeValue: " + map.get(entry.getKey()));
                            }
                            basicAttributes.put(basicAttribute);
                        } catch (org.wso2.carbon.user.api.UserStoreException e) {
                            throw new UserStoreException("Error in obtaining claim mapping.", e);
                        }
                    }
                }
            }
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateCredential(String str, Object obj, Object obj2) throws UserStoreException {
        if (!this.isSSLConnection) {
            logger.warn("Unsecured connection is being used. Password operations will fail");
        }
        DirContext context = this.connectionSource.getContext();
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace(JDBCUserStoreManager.QUERY_BINDING_SYMBOL, escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{"CN"});
        searchControls.setSearchScope(2);
        try {
            Secret secret = Secret.getSecret(obj);
            if (logger.isDebugEnabled()) {
                if (context != null) {
                    try {
                        logger.debug("Searching for user with SearchFilter: " + replace + " in SearchBase: " + context.getNameInNamespace());
                    } catch (NamingException e) {
                        logger.debug("Error while getting DN of search base", e);
                    }
                }
            }
            try {
                try {
                    NamingEnumeration search = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                    SearchResult searchResult = null;
                    int i = 0;
                    while (search.hasMoreElements()) {
                        if (i > 0) {
                            throw new UserStoreException("There are more than one result in the user store for user: " + str);
                        }
                        searchResult = (SearchResult) search.next();
                        i++;
                    }
                    if (searchResult == null) {
                        throw new UserStoreException("User :" + str + " does not Exist");
                    }
                    ModificationItem[] modificationItemArr = null;
                    if (obj2 != null && obj != null) {
                        modificationItemArr = new ModificationItem[]{new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword(secret)))};
                    }
                    DirContext dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                    dirContext.modifyAttributes(searchResult.getName(), modificationItemArr);
                    secret.clear();
                    JNDIUtil.closeNamingEnumeration(search);
                    JNDIUtil.closeContext(dirContext);
                    JNDIUtil.closeContext(context);
                } catch (NamingException e2) {
                    String str2 = "Can not access the directory service for user : " + str;
                    if (logger.isDebugEnabled()) {
                        logger.debug(str2, e2);
                    }
                    throw new UserStoreException(str2, e2);
                }
            } catch (Throwable th) {
                secret.clear();
                JNDIUtil.closeNamingEnumeration(null);
                JNDIUtil.closeContext(null);
                JNDIUtil.closeContext(context);
                throw th;
            }
        } catch (UnsupportedSecretTypeException e3) {
            throw new UserStoreException("Unsupported credential type", e3);
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateCredentialByAdmin(String str, Object obj) throws UserStoreException {
        if (!this.isSSLConnection) {
            logger.warn("Unsecured connection is being used. Password operations will fail");
        }
        DirContext context = this.connectionSource.getContext();
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace(JDBCUserStoreManager.QUERY_BINDING_SYMBOL, escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{"CN"});
        searchControls.setSearchScope(2);
        DirContext dirContext = null;
        try {
            try {
                NamingEnumeration search = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                if (logger.isDebugEnabled()) {
                    if (context != null) {
                        try {
                            logger.debug("Searching for user with SearchFilter: " + replace + " in SearchBase: " + context.getNameInNamespace());
                        } catch (NamingException e) {
                            logger.debug("Error while getting DN of search base", e);
                        }
                    }
                }
                SearchResult searchResult = null;
                int i = 0;
                while (search.hasMoreElements()) {
                    if (i > 0) {
                        throw new UserStoreException("There are more than one result in the user store for user: " + str);
                    }
                    searchResult = (SearchResult) search.next();
                    i++;
                }
                if (searchResult == null) {
                    throw new UserStoreException("User :" + str + " does not Exist");
                }
                if (obj != null) {
                    try {
                        Secret secret = Secret.getSecret(obj);
                        try {
                            ModificationItem[] modificationItemArr = {new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword(secret)))};
                            dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                            dirContext.modifyAttributes(searchResult.getName(), modificationItemArr);
                            secret.clear();
                        } catch (Throwable th) {
                            secret.clear();
                            throw th;
                        }
                    } catch (UnsupportedSecretTypeException e2) {
                        throw new UserStoreException("Unsupported credential type", e2);
                    }
                }
                JNDIUtil.closeNamingEnumeration(search);
                JNDIUtil.closeContext(dirContext);
                JNDIUtil.closeContext(context);
            } catch (NamingException e3) {
                String str2 = "Can not access the directory service for user : " + str;
                if (logger.isDebugEnabled()) {
                    logger.debug(str2, e3);
                }
                throw new UserStoreException(str2, e3);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(null);
            JNDIUtil.closeContext(null);
            JNDIUtil.closeContext(context);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
    protected void doUpdateCredentialsValidityChecks(String str, Object obj) throws UserStoreException {
        super.doUpdateCredentialsValidityChecks(str, obj);
        if (this.isSSLConnection) {
            return;
        }
        logger.warn("Unsecured connection is being used. Password operations will fail");
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
    protected void checkRequiredUserStoreConfigurations() throws UserStoreException {
        super.checkRequiredUserStoreConfigurations();
        this.isADLDSRole = Boolean.parseBoolean(this.realmConfig.getUserStoreProperty(LDAPConstants.ACTIVE_DIRECTORY_LDS_ROLE));
        if (!this.isADLDSRole) {
            this.userAccountControl = this.realmConfig.getUserStoreProperty(LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL);
            try {
                Integer.parseInt(this.userAccountControl);
            } catch (NumberFormatException e) {
                this.userAccountControl = "512";
            }
        }
        String[] split = this.realmConfig.getUserStoreProperty("ConnectionURL").split(":");
        boolean parseBoolean = Boolean.parseBoolean(this.realmConfig.getUserStoreProperty(UserStoreConfigConstants.STARTTLS_ENABLED));
        if (split[0].equals("ldaps") || parseBoolean) {
            this.isSSLConnection = true;
        } else {
            logger.warn("Connection to the Active Directory is not secure. Password involved operations such as update credentials and adduser operations will fail");
        }
    }

    private byte[] createUnicodePassword(Secret secret) {
        char[] chars = secret.getChars();
        char[] cArr = new char[chars.length + 2];
        for (int i = 0; i < cArr.length; i++) {
            if (i == 0 || i == cArr.length - 1) {
                cArr[i] = '\"';
            } else {
                cArr[i] = chars[i - 1];
            }
        }
        secret.setChars(cArr);
        return secret.getBytes(StandardCharsets.UTF_16LE);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doSetUserClaimValues(String str, Map<String, String> map, String str2) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        DirContext dirContext = null;
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty("UserNameSearchFilter");
        String[] split = str.split(CarbonConstants.DOMAIN_SEPARATOR);
        if (split.length > 1) {
            str = split[1];
        }
        String replace = userStoreProperty2.replace(JDBCUserStoreManager.QUERY_BINDING_SYMBOL, escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) null);
        NamingEnumeration namingEnumeration = null;
        boolean z = false;
        String str3 = null;
        try {
            try {
                namingEnumeration = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                String name = ((SearchResult) namingEnumeration.next()).getName();
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                if (str2 == null) {
                }
                if (map.get(UserCoreConstants.PROFILE_CONFIGURATION) == null) {
                    map.put(UserCoreConstants.PROFILE_CONFIGURATION, "default");
                }
                try {
                    try {
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        String userStoreProperty3 = str.indexOf(UserCoreConstants.DOMAIN_SEPARATOR) > -1 ? str.split(UserCoreConstants.DOMAIN_SEPARATOR)[0] : this.realmConfig.getUserStoreProperty("DomainName");
                        for (Map.Entry<String, String> entry : map.entrySet()) {
                            String key = entry.getKey();
                            if (!key.equals(UserCoreConstants.PROFILE_CONFIGURATION)) {
                                String claimAtrribute = getClaimAtrribute(key, str, null);
                                if (this.realmConfig.getUserStoreProperty("UserNameAttribute").equals(claimAtrribute)) {
                                    removeFromUserCache(str);
                                }
                                if ("CN".toLowerCase().equals(claimAtrribute.toLowerCase())) {
                                    z = true;
                                    str3 = entry.getValue();
                                } else {
                                    BasicAttribute basicAttribute = new BasicAttribute(claimAtrribute);
                                    if ("".equals(entry.getValue())) {
                                        basicAttribute.clear();
                                    } else if (entry.getValue() != null) {
                                        String userStoreProperty4 = this.realmConfig.getUserStoreProperty("MultiAttributeSeparator");
                                        if (userStoreProperty4 != null && !userStoreProperty4.trim().isEmpty()) {
                                            this.userAttributeSeparator = userStoreProperty4;
                                        }
                                        if (entry.getValue().contains(this.userAttributeSeparator)) {
                                            StringTokenizer stringTokenizer = new StringTokenizer(entry.getValue(), this.userAttributeSeparator);
                                            while (stringTokenizer.hasMoreElements()) {
                                                String obj = stringTokenizer.nextElement().toString();
                                                if (obj != null && obj.trim().length() > 0) {
                                                    basicAttribute.add(obj.trim());
                                                }
                                            }
                                        } else {
                                            basicAttribute.add(entry.getValue());
                                        }
                                    } else {
                                        basicAttribute.add(entry.getValue());
                                    }
                                    basicAttributes.put(basicAttribute);
                                }
                            }
                        }
                        dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                        dirContext.modifyAttributes(name, 2, basicAttributes);
                        if (z && str3 != null) {
                            dirContext.rename(name, "CN=" + escapeSpecialCharactersForDN(str3));
                        }
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    } catch (Exception e) {
                        handleException(e, str);
                        JNDIUtil.closeContext(dirContext);
                        JNDIUtil.closeContext(context);
                    }
                } catch (Throwable th) {
                    JNDIUtil.closeContext(dirContext);
                    JNDIUtil.closeContext(context);
                    throw th;
                }
            } catch (NamingException e2) {
                String str4 = "Results could not be retrieved from the directory context for user : " + str;
                if (logger.isDebugEnabled()) {
                    logger.debug(str4, e2);
                }
                throw new UserStoreException(str4, e2);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doSetUserClaimValue(String str, String str2, String str3, String str4) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        String userStoreProperty = this.realmConfig.getUserStoreProperty("UserSearchBase");
        String replace = this.realmConfig.getUserStoreProperty("UserNameSearchFilter").replace(JDBCUserStoreManager.QUERY_BINDING_SYMBOL, escapeSpecialCharactersForFilter(str));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) null);
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                namingEnumeration = context.search(escapeDNForSearch(userStoreProperty), replace, searchControls);
                String name = ((SearchResult) namingEnumeration.next()).getName();
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                try {
                    try {
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        String claimAtrribute = getClaimAtrribute(str2, str, null);
                        if ("CN".equals(claimAtrribute)) {
                            DirContext dirContext = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                            dirContext.rename(name, "CN=" + str3);
                            JNDIUtil.closeContext(dirContext);
                            JNDIUtil.closeContext(context);
                            return;
                        }
                        BasicAttribute basicAttribute = new BasicAttribute(claimAtrribute);
                        if ("".equals(str3)) {
                            basicAttribute.clear();
                        } else {
                            String userStoreProperty2 = this.realmConfig.getUserStoreProperty("MultiAttributeSeparator");
                            if (userStoreProperty2 != null && !userStoreProperty2.trim().isEmpty()) {
                                this.userAttributeSeparator = userStoreProperty2;
                            }
                            if (str3.contains(this.userAttributeSeparator)) {
                                StringTokenizer stringTokenizer = new StringTokenizer(str3, this.userAttributeSeparator);
                                while (stringTokenizer.hasMoreElements()) {
                                    String obj = stringTokenizer.nextElement().toString();
                                    if (obj != null && obj.trim().length() > 0) {
                                        basicAttribute.add(obj.trim());
                                    }
                                }
                            } else {
                                basicAttribute.add(str3);
                            }
                        }
                        basicAttributes.put(basicAttribute);
                        DirContext dirContext2 = (DirContext) context.lookup(escapeDNForSearch(userStoreProperty));
                        dirContext2.modifyAttributes(name, 2, basicAttributes);
                        JNDIUtil.closeContext(dirContext2);
                        JNDIUtil.closeContext(context);
                    } catch (Throwable th) {
                        JNDIUtil.closeContext(null);
                        JNDIUtil.closeContext(context);
                        throw th;
                    }
                } catch (Exception e) {
                    handleException(e, str);
                    JNDIUtil.closeContext(null);
                    JNDIUtil.closeContext(context);
                }
            } catch (NamingException e2) {
                String str5 = "Results could not be retrieved from the directory context for user : " + str;
                if (logger.isDebugEnabled()) {
                    logger.debug(str5, e2);
                }
                throw new UserStoreException(str5, e2);
            }
        } catch (Throwable th2) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            throw th2;
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public Properties getDefaultUserStoreProperties() {
        Properties properties = new Properties();
        properties.setMandatoryProperties((Property[]) ActiveDirectoryUserStoreConstants.ACTIVE_DIRECTORY_UM_PROPERTIES.toArray(new Property[ActiveDirectoryUserStoreConstants.ACTIVE_DIRECTORY_UM_PROPERTIES.size()]));
        properties.setOptionalProperties((Property[]) ActiveDirectoryUserStoreConstants.OPTIONAL_ACTIVE_DIRECTORY_UM_PROPERTIES.toArray(new Property[ActiveDirectoryUserStoreConstants.OPTIONAL_ACTIVE_DIRECTORY_UM_PROPERTIES.size()]));
        properties.setAdvancedProperties((Property[]) ACTIVE_DIRECTORY_UM_ADVANCED_PROPERTIES.toArray(new Property[ACTIVE_DIRECTORY_UM_ADVANCED_PROPERTIES.size()]));
        return properties;
    }

    private void handleException(Exception exc, String str) throws UserStoreException {
        if (exc instanceof InvalidAttributeValueException) {
            String str2 = "One or more attribute values provided are incompatible for user : " + str + "Please check and try again.";
            if (logger.isDebugEnabled()) {
                logger.debug(str2, exc);
            }
            throw new UserStoreException(str2, exc);
        }
        if (exc instanceof InvalidAttributeIdentifierException) {
            String str3 = "One or more attributes you are trying to add/update are not supported by underlying LDAP for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str3, exc);
            }
            throw new UserStoreException(str3, exc);
        }
        if (exc instanceof NoSuchAttributeException) {
            String str4 = "One or more attributes you are trying to add/update are not supported by underlying LDAP for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str4, exc);
            }
            throw new UserStoreException(str4, exc);
        }
        if (exc instanceof NamingException) {
            String str5 = "Profile information could not be updated in LDAP user store for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str5, exc);
            }
            throw new UserStoreException(str5, exc);
        }
        if (exc instanceof org.wso2.carbon.user.api.UserStoreException) {
            String str6 = "Error in obtaining claim mapping for user : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str6, exc);
            }
            throw new UserStoreException(str6, exc);
        }
    }

    private String escapeSpecialCharactersForFilter(String str) {
        boolean z = true;
        String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_REPLACE_ESCAPE_CHARACTERS_AT_USER_LOGIN);
        if (userStoreProperty != null) {
            z = Boolean.parseBoolean(userStoreProperty);
            if (logger.isDebugEnabled()) {
                logger.debug("Replace escape characters configured to: " + userStoreProperty);
            }
        }
        if (!z) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    sb.append("\\00");
                    break;
                case '(':
                    sb.append("\\28");
                    break;
                case ')':
                    sb.append("\\29");
                    break;
                case '\\':
                    sb.append("\\5c");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    private String escapeSpecialCharactersForDN(String str) {
        boolean z = true;
        String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_REPLACE_ESCAPE_CHARACTERS_AT_USER_LOGIN);
        if (userStoreProperty != null) {
            z = Boolean.parseBoolean(userStoreProperty);
            if (logger.isDebugEnabled()) {
                logger.debug("Replace escape characters configured to: " + userStoreProperty);
            }
        }
        if (!z) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        if (str.length() > 0 && (str.charAt(0) == ' ' || str.charAt(0) == '#')) {
            sb.append('\\');
        }
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\"':
                    sb.append("\\\"");
                    break;
                case '+':
                    sb.append("\\+");
                    break;
                case ',':
                    sb.append("\\,");
                    break;
                case ';':
                    sb.append("\\;");
                    break;
                case '<':
                    sb.append("\\<");
                    break;
                case '>':
                    sb.append("\\>");
                    break;
                case '\\':
                    sb.append("\\\\");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        if (str.length() > 1 && str.charAt(str.length() - 1) == ' ') {
            sb.insert(sb.length() - 1, '\\');
        }
        if (logger.isDebugEnabled()) {
            logger.debug("value after escaping special characters in " + str + " : " + sb.toString());
        }
        return sb.toString();
    }

    private static void setAdvancedProperties() {
        ACTIVE_DIRECTORY_UM_ADVANCED_PROPERTIES.clear();
        setAdvancedProperty("SCIMEnabled", "Enable SCIM", "false", UserStoreConfigConstants.SCIMEnabledDescription);
        setAdvancedProperty(BULK_IMPORT_SUPPORT, "Bulk Import Support", "true", "Bulk Import Supported");
        setAdvancedProperty("EmptyRolesAllowed", "Allow Empty Roles", "true", UserStoreConfigConstants.emptyRolesAllowedDescription);
        setAdvancedProperty("PasswordHashMethod", "Password Hashing Algorithm", UserCoreConstants.RealmConfig.PASSWORD_HASH_METHOD_PLAIN_TEXT, UserStoreConfigConstants.passwordHashMethodDescription);
        setAdvancedProperty("MultiAttributeSeparator", "Multiple Attribute Separator", ",", MULTI_ATTRIBUTE_SEPARATOR_DESCRIPTION);
        setAdvancedProperty(LDAPConstants.ACTIVE_DIRECTORY_LDS_ROLE, "Is ADLDS Role", "false", "Whether an Active Directory Lightweight Directory Services role");
        setAdvancedProperty(LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL, "User Account Control", "512", "Flags that control the behavior of the user account");
        setAdvancedProperty("MaxUserNameListLength", "Maximum User List Length", UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT, UserStoreConfigConstants.maxUserNameListLengthDescription);
        setAdvancedProperty("MaxRoleNameListLength", "Maximum Role List Length", UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT, UserStoreConfigConstants.maxRoleNameListLengthDescription);
        setAdvancedProperty(UserCoreConstants.RealmConfig.PROPERTY_KDC_ENABLED, "Enable KDC", "false", "Whether key distribution center enabled");
        setAdvancedProperty(UserCoreConstants.RealmConfig.DEFAULT_REALM_NAME, "Default Realm Name", "WSO2.ORG", "Default name for the realm");
        setAdvancedProperty("UserRolesCacheEnabled", "Enable User Role Cache", "true", UserStoreConfigConstants.userRolesCacheEnabledDescription);
        setAdvancedProperty("ConnectionPoolingEnabled", "Enable LDAP Connection Pooling", "false", UserStoreConfigConstants.connectionPoolingEnabledDescription);
        setAdvancedProperty(LDAPConnectionTimeout, LDAPConnectionTimeoutDescription, "5000", LDAPConnectionTimeoutDescription);
        setAdvancedProperty(readTimeout, "LDAP Read Timeout", "5000", readTimeoutDescription);
        setAdvancedProperty(RETRY_ATTEMPTS, "Retry Attempts", "0", "Number of retries for authentication in case ldap read timed out.");
        setAdvancedProperty("CountRetrieverClass", "Count Implementation", "", "Name of the class that implements the count functionality");
        setAdvancedProperty("java.naming.ldap.attributes.binary", "LDAP binary attributes", " ", LDAPBinaryAttributesDescription);
        setAdvancedProperty(UserStoreConfigConstants.claimOperationsSupported, UserStoreConfigConstants.getClaimOperationsSupportedDisplayName, "true", UserStoreConfigConstants.claimOperationsSupportedDescription);
        setAdvancedProperty(ActiveDirectoryUserStoreConstants.TRANSFORM_OBJECTGUID_TO_UUID, ActiveDirectoryUserStoreConstants.TRANSFORM_OBJECTGUID_TO_UUID_DESC, "true", ActiveDirectoryUserStoreConstants.TRANSFORM_OBJECTGUID_TO_UUID_DESC);
        setAdvancedProperty("MembershipAttributeRange", "Membership Attribute Range", String.valueOf(MEMBERSHIP_ATTRIBUTE_RANGE_VALUE), "Number of maximum users of role returned by the AD");
        setAdvancedProperty(LDAPConstants.USER_CACHE_EXPIRY_MILLISECONDS, "User Cache Expiry milliseconds", "", "Configure the user cache expiry in milliseconds. Values  {0: expire immediately, -1: never expire, '': i.e. empty, system default}.");
        setAdvancedProperty(LDAPConstants.USER_DN_CACHE_ENABLED, "Enable User DN Cache", "true", "Enables the user cache. Default true, Unless set to false. Empty value is interpreted as true.");
        setAdvancedProperty(UserStoreConfigConstants.STARTTLS_ENABLED, UserStoreConfigConstants.STARTTLS_ENABLED_DISPLAY_NAME, "false", UserStoreConfigConstants.STARTTLS_ENABLED_DESCRIPTION);
        setAdvancedProperty(UserStoreConfigConstants.CONNECTION_RETRY_DELAY, UserStoreConfigConstants.CONNECTION_RETRY_DELAY_DISPLAY_NAME, String.valueOf(120000), UserStoreConfigConstants.CONNECTION_RETRY_DELAY_DESCRIPTION);
    }

    private static void setAdvancedProperty(String str, String str2, String str3, String str4) {
        ACTIVE_DIRECTORY_UM_ADVANCED_PROPERTIES.add(new Property(str, str3, str2 + "#" + str4, null));
    }

    static {
        setAdvancedProperties();
    }
}
