package org.wso2.carbon.directory.server.manager.internal;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Locale;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.directory.server.manager.DirectoryServerManagerException;
import org.wso2.carbon.directory.server.manager.common.ServerPrinciple;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.ldap.LDAPConnectionContext;
import org.wso2.carbon.user.core.util.JNDIUtil;

/* loaded from: input_file:org/wso2/carbon/directory/server/manager/internal/LDAPServerStoreManager.class */
public class LDAPServerStoreManager {
    private static final Log log = LogFactory.getLog(LDAPServerStoreManager.class);
    private LDAPConnectionContext connectionSource;
    private RealmConfiguration realmConfiguration;

    public LDAPServerStoreManager(RealmConfiguration realmConfiguration) {
        this.realmConfiguration = realmConfiguration;
        try {
            this.connectionSource = new LDAPConnectionContext(realmConfiguration);
        } catch (UserStoreException e) {
            log.error("Error occurred while instantiating LDAPConnectionContext", e);
        }
    }

    protected boolean isServerNameValid(String str) {
        String userStoreProperty = this.realmConfiguration.getUserStoreProperty(LDAPServerManagerConstants.SERVICE_PRINCIPLE_NAME_REGEX_PROPERTY);
        if (userStoreProperty == null) {
            userStoreProperty = "[a-zA-Z\\d]{2,10}/[a-zA-Z]{2,30}";
        }
        log.info("Using service name format - " + userStoreProperty);
        return isFormatCorrect(userStoreProperty, str);
    }

    protected boolean isPasswordValid(String str) {
        String userStoreProperty = this.realmConfiguration.getUserStoreProperty(LDAPServerManagerConstants.SERVICE_PASSWORD_REGEX_PROPERTY);
        if (userStoreProperty == null) {
            userStoreProperty = "[\\S]{5,30}";
        }
        log.info("Using service password format - " + userStoreProperty);
        return StringUtils.isNotEmpty(str) && isFormatCorrect(userStoreProperty, str);
    }

    private boolean isFormatCorrect(String str, String str2) {
        return Pattern.compile(str).matcher(str2).matches();
    }

    public String getServiceName(String str) throws DirectoryServerManagerException {
        String[] split = str.split("/");
        if (split.length != 2) {
            throw new DirectoryServerManagerException("Invalid server name provided. Could not retrieve service component.");
        }
        return isExistingServiceUid(split[0]) ? getUniqueServiceUid(str) : split[0];
    }

    protected String getUniqueServiceUid(String str) {
        String[] split = str.split("/");
        if (split.length == 1) {
            return split[0];
        }
        StringBuilder sb = new StringBuilder(split[0]);
        for (String str2 : split[1].split("\\.")) {
            sb.append("-").append(str2);
        }
        return sb.toString();
    }

    protected String getServerPrincipleExcludeString() {
        return getServiceFilteringExpression(true);
    }

    protected String getServerPrincipleIncludeString() {
        return getServiceFilteringExpression(false);
    }

    private String getServiceFilteringExpression(boolean z) {
        return z ? "(!(sn=Service))" : "(sn=Service)";
    }

    public boolean isExistingServiceUid(String str) throws DirectoryServerManagerException {
        try {
            DirContext context = this.connectionSource.getContext();
            String userStoreProperty = this.realmConfiguration.getUserStoreProperty("UserSearchBase");
            String str2 = "(&(uid=" + str + ")" + getServerPrincipleIncludeString() + ")";
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{LDAPServerManagerConstants.LDAP_UID});
            try {
                try {
                    return context.search(userStoreProperty, str2, searchControls).hasMore();
                } catch (NamingException e) {
                    log.error("Unable to check whether service exists in directory server. UID - " + str, e);
                    throw new DirectoryServerManagerException("Can not access the directory service", e);
                }
            } finally {
                try {
                    JNDIUtil.closeContext(context);
                } catch (UserStoreException e2) {
                    log.error("Unable to close directory context.", e2);
                }
            }
        } catch (UserStoreException e3) {
            log.error("Unable to retrieve directory context.", e3);
            throw new DirectoryServerManagerException("Unable to retrieve directory context.", e3);
        }
    }

    public boolean isExistingServicePrinciple(String str) throws DirectoryServerManagerException {
        try {
            DirContext context = this.connectionSource.getContext();
            String userStoreProperty = this.realmConfiguration.getUserStoreProperty("UserSearchBase");
            String servicePrincipleFilter = getServicePrincipleFilter(str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{LDAPServerManagerConstants.LDAP_UID});
            try {
                try {
                    return context.search(userStoreProperty, servicePrincipleFilter, searchControls).hasMore();
                } catch (NamingException e) {
                    log.error("Unable to search entry with search base " + userStoreProperty + ", filter -" + servicePrincipleFilter, e);
                    throw new DirectoryServerManagerException("Can not access the directory service", e);
                }
            } finally {
                try {
                    JNDIUtil.closeContext(context);
                } catch (UserStoreException e2) {
                    log.error("Unable to close directory context.", e2);
                }
            }
        } catch (UserStoreException e3) {
            log.error("Unable to retrieve directory context.", e3);
            throw new DirectoryServerManagerException("Unable to retrieve directory context.", e3);
        }
    }

    public void addServicePrinciple(String str, String str2, Object obj) throws DirectoryServerManagerException {
        if (!(obj instanceof String)) {
            throw new DirectoryServerManagerException("Invalid credentials provided");
        }
        try {
            DirContext context = this.connectionSource.getContext();
            try {
                try {
                    context = (DirContext) context.lookup(this.realmConfiguration.getUserStoreProperty("UserSearchBase"));
                    BasicAttributes basicAttributes = new BasicAttributes(true);
                    String serviceName = getServiceName(str);
                    constructBasicAttributes(basicAttributes, serviceName, str, obj, str2, LDAPServerManagerConstants.SERVER_PRINCIPAL_ATTRIBUTE_VALUE);
                    context.bind("uid=" + serviceName, (Object) null, basicAttributes);
                    try {
                        JNDIUtil.closeContext(context);
                    } catch (UserStoreException e) {
                        log.error("Unable to close directory context.", e);
                    }
                } catch (NamingException e2) {
                    log.error("Can not access the directory context or user already exists in the system", e2);
                    throw new DirectoryServerManagerException("Can not access the directory context or user already exists in the system", e2);
                }
            } catch (Throwable th) {
                try {
                    JNDIUtil.closeContext(context);
                } catch (UserStoreException e3) {
                    log.error("Unable to close directory context.", e3);
                }
                throw th;
            }
        } catch (UserStoreException e4) {
            throw new DirectoryServerManagerException("An error occurred while retrieving LDAP connection context.", e4);
        }
    }

    private void constructBasicAttributes(BasicAttributes basicAttributes, String str, String str2, Object obj, String str3, String str4) throws DirectoryServerManagerException {
        BasicAttribute basicAttribute = new BasicAttribute(LDAPServerManagerConstants.LDAP_OBJECT_CLASS);
        basicAttribute.add(LDAPServerManagerConstants.LDAP_INTET_ORG_PERSON);
        basicAttribute.add(LDAPServerManagerConstants.LDAP_ORG_PERSON);
        basicAttribute.add(LDAPServerManagerConstants.LDAP_PERSON);
        basicAttribute.add(LDAPServerManagerConstants.LDAP_TOP);
        basicAttribute.add(LDAPServerManagerConstants.LDAP_KRB5_PRINCIPLE);
        basicAttribute.add(LDAPServerManagerConstants.LDAP_KRB5_KDC);
        basicAttribute.add(LDAPServerManagerConstants.LDAP_SUB_SCHEMA);
        basicAttributes.put(basicAttribute);
        BasicAttribute basicAttribute2 = new BasicAttribute(LDAPServerManagerConstants.LDAP_UID);
        basicAttribute2.add(str);
        basicAttributes.put(basicAttribute2);
        String fullyQualifiedPrincipalName = getFullyQualifiedPrincipalName(str2);
        BasicAttribute basicAttribute3 = new BasicAttribute(LDAPServerManagerConstants.KRB5_PRINCIPAL_NAME_ATTRIBUTE);
        basicAttribute3.add(fullyQualifiedPrincipalName);
        basicAttributes.put(basicAttribute3);
        BasicAttribute basicAttribute4 = new BasicAttribute(LDAPServerManagerConstants.KRB5_KEY_VERSION_NUMBER_ATTRIBUTE);
        basicAttribute4.add("0");
        basicAttributes.put(basicAttribute4);
        BasicAttribute basicAttribute5 = new BasicAttribute(LDAPServerManagerConstants.LDAP_PASSWORD);
        basicAttribute5.add(getPasswordToStore((String) obj, LDAPServerManagerConstants.PASSWORD_HASH_METHOD_PLAIN_TEXT).getBytes());
        basicAttributes.put(basicAttribute5);
        if (str3 == null || str3.isEmpty()) {
            str3 = str2 + " Service";
        }
        BasicAttribute basicAttribute6 = new BasicAttribute(LDAPServerManagerConstants.LDAP_COMMON_NAME);
        basicAttribute6.add(str3);
        basicAttributes.put(basicAttribute6);
        BasicAttribute basicAttribute7 = new BasicAttribute(LDAPServerManagerConstants.SERVER_PRINCIPAL_ATTRIBUTE_NAME);
        basicAttribute7.add(str4);
        basicAttributes.put(basicAttribute7);
    }

    public ServerPrinciple[] listServicePrinciples(String str) throws DirectoryServerManagerException {
        int parseInt = Integer.parseInt(this.realmConfiguration.getUserStoreProperty("MaxUserNameListLength"));
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(parseInt);
        if (str.contains("?") || str.contains("**")) {
            log.error("Invalid search character " + str);
            throw new DirectoryServerManagerException("Invalid character sequence entered for service principle search. Please enter valid sequence.");
        }
        StringBuilder sb = new StringBuilder(this.realmConfiguration.getUserStoreProperty("UserNameListFilter"));
        String userStoreProperty = this.realmConfiguration.getUserStoreProperty("UserSearchBase");
        StringBuilder sb2 = new StringBuilder();
        sb2.append("(&").append((CharSequence) sb).append("(").append(LDAPServerManagerConstants.KRB5_PRINCIPAL_NAME_ATTRIBUTE).append("=").append(str).append(")").append(getServerPrincipleIncludeString()).append(")");
        searchControls.setReturningAttributes(new String[]{LDAPServerManagerConstants.KRB5_PRINCIPAL_NAME_ATTRIBUTE, LDAPServerManagerConstants.LDAP_COMMON_NAME});
        DirContext dirContext = null;
        try {
            try {
                dirContext = this.connectionSource.getContext();
                NamingEnumeration search = dirContext.search(userStoreProperty, sb2.toString(), searchControls);
                ArrayList arrayList = new ArrayList();
                int i = 0;
                while (search.hasMoreElements() && i < parseInt) {
                    SearchResult searchResult = (SearchResult) search.next();
                    if (searchResult.getAttributes() != null) {
                        Attribute attribute = searchResult.getAttributes().get(LDAPServerManagerConstants.KRB5_PRINCIPAL_NAME_ATTRIBUTE);
                        Attribute attribute2 = searchResult.getAttributes().get(LDAPServerManagerConstants.LDAP_COMMON_NAME);
                        if (attribute != null) {
                            String str2 = (String) attribute.get();
                            if (!str2.toLowerCase(Locale.ENGLISH).contains(LDAPServerManagerConstants.KERBEROS_TGT)) {
                                String str3 = str2.contains("@") ? str2.split("@")[0] : str2;
                                arrayList.add(attribute2 != null ? new ServerPrinciple(str3, (String) attribute2.get()) : new ServerPrinciple(str3));
                                i++;
                            }
                        }
                    }
                }
                ServerPrinciple[] serverPrincipleArr = (ServerPrinciple[]) arrayList.toArray(new ServerPrinciple[arrayList.size()]);
                Arrays.sort(serverPrincipleArr);
                try {
                    JNDIUtil.closeContext(dirContext);
                } catch (UserStoreException e) {
                    log.error("Unable to close directory context.", e);
                }
                return serverPrincipleArr;
            } catch (Throwable th) {
                try {
                    JNDIUtil.closeContext(dirContext);
                } catch (UserStoreException e2) {
                    log.error("Unable to close directory context.", e2);
                }
                throw th;
            }
        } catch (UserStoreException e3) {
            log.error("Unable to retrieve LDAP connection context.", e3);
            throw new DirectoryServerManagerException("Unable to list service principles.", e3);
        } catch (NamingException e4) {
            log.error(e4.getMessage(), e4);
            throw new DirectoryServerManagerException("Unable to list service principles.", e4);
        }
    }

    private String getFullyQualifiedPrincipalName(String str) {
        return str.toLowerCase(Locale.US) + "@" + getRealmName().toUpperCase(Locale.ENGLISH);
    }

    private String getPasswordToStore(String str, String str2) throws DirectoryServerManagerException {
        String str3 = str;
        if (str2 != null) {
            try {
                if (str2.equals(LDAPServerManagerConstants.PASSWORD_HASH_METHOD_PLAIN_TEXT)) {
                    return str3;
                }
                str3 = "{" + str2 + "}" + Base64.encode(MessageDigest.getInstance(str2).digest(str.getBytes(StandardCharsets.UTF_8)));
            } catch (NoSuchAlgorithmException e) {
                throw new DirectoryServerManagerException("Invalid hashMethod", e);
            }
        }
        return str3;
    }

    private String getServicePrincipleFilter(String str) {
        return "(&(krb5PrincipalName=" + getFullyQualifiedPrincipalName(LDAPServerStoreManagerUtil.escapeSpecialCharactersForFilter(str)) + ")" + getServerPrincipleIncludeString() + ")";
    }

    private Attribute getChangePasswordAttribute(Attribute attribute, Object obj, Object obj2) throws DirectoryServerManagerException {
        String str = null;
        if (obj != null) {
            try {
                NamingEnumeration all = attribute.getAll();
                if (all.hasMore()) {
                    String str2 = new String((byte[]) all.next(), StandardCharsets.UTF_8);
                    if (str2.startsWith("{")) {
                        str = str2.substring(str2.indexOf("{") + 1, str2.indexOf("}"));
                    }
                    if (!str2.equals(getPasswordToStore((String) obj, str))) {
                        throw new DirectoryServerManagerException("Old password does not match");
                    }
                }
            } catch (NamingException e) {
                log.error("Unable to retrieve old password details.", e);
                throw new DirectoryServerManagerException("Could not find old password details");
            }
        }
        BasicAttribute basicAttribute = new BasicAttribute(LDAPServerManagerConstants.LDAP_PASSWORD);
        basicAttribute.add(getPasswordToStore((String) obj2, str));
        return basicAttribute;
    }

    public void updateServicePrinciplePassword(String str, Object obj, Object obj2) throws DirectoryServerManagerException {
        try {
            DirContext context = this.connectionSource.getContext();
            String userStoreProperty = this.realmConfiguration.getUserStoreProperty("UserSearchBase");
            String servicePrincipleFilter = getServicePrincipleFilter(str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{LDAPServerManagerConstants.LDAP_PASSWORD});
            try {
                try {
                    NamingEnumeration search = context.search(userStoreProperty, servicePrincipleFilter, searchControls);
                    while (search.hasMore()) {
                        BasicAttributes basicAttributes = new BasicAttributes(true);
                        SearchResult searchResult = (SearchResult) search.next();
                        basicAttributes.put(getChangePasswordAttribute(searchResult.getAttributes().get(LDAPServerManagerConstants.LDAP_PASSWORD), obj, obj2));
                        String name = searchResult.getName();
                        context = (DirContext) context.lookup(userStoreProperty);
                        context.modifyAttributes(name, 2, basicAttributes);
                    }
                } finally {
                    try {
                        JNDIUtil.closeContext(context);
                    } catch (UserStoreException e) {
                        log.error("Unable to close directory context.", e);
                    }
                }
            } catch (NamingException e2) {
                log.error("Unable to update server principle password details. Server name - " + str);
                throw new DirectoryServerManagerException("Can not access the directory service", e2);
            }
        } catch (UserStoreException e3) {
            throw new DirectoryServerManagerException("Unable to retrieve directory connection.", e3);
        }
    }

    public boolean isValidPassword(String str, Object obj) throws DirectoryServerManagerException {
        try {
            DirContext context = this.connectionSource.getContext();
            String userStoreProperty = this.realmConfiguration.getUserStoreProperty("UserSearchBase");
            String servicePrincipleFilter = getServicePrincipleFilter(str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{LDAPServerManagerConstants.LDAP_PASSWORD});
            try {
                try {
                    NamingEnumeration search = context.search(userStoreProperty, servicePrincipleFilter, searchControls);
                    while (search.hasMore()) {
                        NamingEnumeration all = ((SearchResult) search.next()).getAttributes().get(LDAPServerManagerConstants.LDAP_PASSWORD).getAll();
                        String str2 = null;
                        if (all.hasMore()) {
                            String str3 = new String((byte[]) all.next(), StandardCharsets.UTF_8);
                            if (str3.startsWith("{")) {
                                str2 = str3.substring(str3.indexOf("{") + 1, str3.indexOf("}"));
                            }
                            return str3.equals(getPasswordToStore((String) obj, str2));
                        }
                    }
                    try {
                        JNDIUtil.closeContext(context);
                        return false;
                    } catch (UserStoreException e) {
                        log.error("Unable to close directory context.", e);
                        return false;
                    }
                } finally {
                    try {
                        JNDIUtil.closeContext(context);
                    } catch (UserStoreException e2) {
                        log.error("Unable to close directory context.", e2);
                    }
                }
            } catch (NamingException e3) {
                log.error("Failed, validating password. Can not access the directory service", e3);
                throw new DirectoryServerManagerException("Failed, validating password. Can not access the directory service", e3);
            }
        } catch (UserStoreException e4) {
            throw new DirectoryServerManagerException("Unable to retrieve directory connection.", e4);
        }
    }

    private String lookupUserId(String str) throws DirectoryServerManagerException {
        try {
            DirContext context = this.connectionSource.getContext();
            String userStoreProperty = this.realmConfiguration.getUserStoreProperty("UserSearchBase");
            String servicePrincipleFilter = getServicePrincipleFilter(str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{LDAPServerManagerConstants.LDAP_UID});
            try {
                try {
                    NamingEnumeration search = context.search(userStoreProperty, servicePrincipleFilter, searchControls);
                    if (search.hasMore()) {
                        return (String) ((SearchResult) search.next()).getAttributes().get(LDAPServerManagerConstants.LDAP_UID).get();
                    }
                    try {
                        JNDIUtil.closeContext(context);
                    } catch (UserStoreException e) {
                        log.error("Unable to close directory context.", e);
                    }
                    return null;
                } catch (NamingException e2) {
                    log.error("Could not find user id for given server " + str, e2);
                    throw new DirectoryServerManagerException("Could not find user id for given server " + str, e2);
                }
            } finally {
                try {
                    JNDIUtil.closeContext(context);
                } catch (UserStoreException e3) {
                    log.error("Unable to close directory context.", e3);
                }
            }
        } catch (UserStoreException e4) {
            throw new DirectoryServerManagerException("Unable to retrieve directory connection.", e4);
        }
    }

    public void deleteServicePrinciple(String str) throws DirectoryServerManagerException {
        try {
            DirContext context = this.connectionSource.getContext();
            String userStoreProperty = this.realmConfiguration.getUserStoreProperty("UserSearchBase");
            String lookupUserId = lookupUserId(str);
            try {
                if (lookupUserId == null) {
                    throw new DirectoryServerManagerException("Could not find user id for given server principle " + str);
                }
                try {
                    context = (DirContext) context.lookup(userStoreProperty);
                    context.unbind("uid=" + lookupUserId);
                    try {
                        JNDIUtil.closeContext(context);
                    } catch (UserStoreException e) {
                        log.error("Unable to close directory context.", e);
                    }
                } catch (NamingException e2) {
                    log.error("Could not remove service principle " + str, e2);
                    throw new DirectoryServerManagerException("Could not remove service principle " + str, e2);
                }
            } catch (Throwable th) {
                try {
                    JNDIUtil.closeContext(context);
                } catch (UserStoreException e3) {
                    log.error("Unable to close directory context.", e3);
                }
                throw th;
            }
        } catch (UserStoreException e4) {
            throw new DirectoryServerManagerException("Unable to retrieve directory connection.", e4);
        }
    }

    private String getRealmName() {
        String userStoreProperty = this.realmConfiguration.getUserStoreProperty("defaultRealmName");
        if (userStoreProperty != null) {
            return userStoreProperty;
        }
        String[] split = this.realmConfiguration.getUserStoreProperty("UserSearchBase").split("dc=");
        StringBuilder sb = new StringBuilder();
        for (String str : split) {
            if (!str.contains("=")) {
                String trim = str.trim();
                if (trim.endsWith(",")) {
                    sb.append(trim.replace(',', '.'));
                } else {
                    sb.append(trim);
                }
            }
        }
        return sb.toString().toUpperCase(Locale.ENGLISH);
    }
}
