package org.wso2.carbon.apacheds.impl;

import java.io.File;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.naming.NamingException;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.server.core.DirectoryService;
import org.apache.directory.server.core.factory.JdbmPartitionFactory;
import org.apache.directory.server.core.factory.PartitionFactory;
import org.apache.directory.server.core.interceptor.Interceptor;
import org.apache.directory.server.core.partition.Partition;
import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex;
import org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition;
import org.apache.directory.shared.ldap.entry.ServerEntry;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.exception.LdapInvalidDnException;
import org.apache.directory.shared.ldap.name.DN;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apacheds.AdminGroupInfo;
import org.wso2.carbon.apacheds.AdminInfo;
import org.wso2.carbon.apacheds.PartitionInfo;
import org.wso2.carbon.apacheds.PartitionManager;
import org.wso2.carbon.apacheds.PasswordAlgorithm;
import org.wso2.carbon.ldap.server.exception.DirectoryServerException;

/* loaded from: input_file:org/wso2/carbon/apacheds/impl/ApacheDirectoryPartitionManager.class */
class ApacheDirectoryPartitionManager implements PartitionManager {
    private static final int PARTITION_CACHE_SIZE = 500;
    private static final Logger logger = LoggerFactory.getLogger(ApacheDirectoryPartitionManager.class);
    private DirectoryService directoryService;
    private String workingDirectory;
    private PartitionFactory partitionFactory;

    public ApacheDirectoryPartitionManager(DirectoryService directoryService, String str) {
        this.directoryService = null;
        this.partitionFactory = null;
        this.directoryService = directoryService;
        this.workingDirectory = str;
        this.partitionFactory = new JdbmPartitionFactory();
    }

    private static void throwDirectoryServerException(String str, Throwable th) throws DirectoryServerException {
        logger.error(str, th);
        throw new DirectoryServerException(str, th);
    }

    private static void addObjectClasses(ServerEntry serverEntry, List<String> list) throws DirectoryServerException {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            try {
                serverEntry.add("objectClass", new String[]{it.next()});
            } catch (LdapException e) {
                throwDirectoryServerException("Could not add class to partition " + serverEntry.getDn().getName(), e);
            }
        }
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public void addPartition(PartitionInfo partitionInfo) throws DirectoryServerException {
        try {
            JdbmPartition createNewPartition = createNewPartition(partitionInfo.getPartitionId(), partitionInfo.getRootDN());
            this.directoryService.addPartition(createNewPartition);
            if (!this.directoryService.getAdminSession().exists(createNewPartition.getSuffixDn())) {
                addPartitionAttributes(partitionInfo.getRootDN(), partitionInfo.getObjectClasses(), partitionInfo.getRealm(), partitionInfo.getPreferredDomainComponent());
                addUserStoreToPartition(createNewPartition.getSuffix());
                addGroupStoreToPartition(createNewPartition.getSuffix());
                addSharedGroupToPartition(createNewPartition.getSuffix());
                addAdmin(partitionInfo.getPartitionAdministrator(), createNewPartition.getSuffix(), partitionInfo.getRealm(), partitionInfo.isKdcEnabled());
                addAdminGroup(partitionInfo.getPartitionAdministrator(), createNewPartition.getSuffix());
                addAdminACLEntry(partitionInfo.getPartitionAdministrator().getAdminUserName(), createNewPartition.getSuffix());
                this.directoryService.sync();
            }
        } catch (Exception e) {
            logger.error("Could not add the partition", e);
            throw new DirectoryServerException("Could not add the partition", e);
        }
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public boolean partitionDirectoryExists(String str) throws DirectoryServerException {
        boolean z = false;
        String str2 = this.workingDirectory + File.separator + str;
        if (new File(str2).exists()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Partition directory - " + str2 + " already exists.");
            }
            z = true;
        }
        return z;
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public boolean partitionInitialized(String str) {
        Iterator it = this.directoryService.getPartitions().iterator();
        while (it.hasNext()) {
            if (((Partition) it.next()).getId().equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public int getNumberOfPartitions() {
        return this.directoryService.getPartitions().size();
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public void initializeExistingPartition(PartitionInfo partitionInfo) throws DirectoryServerException {
        try {
            Partition createPartition = this.partitionFactory.createPartition(partitionInfo.getPartitionId(), partitionInfo.getRootDN(), PARTITION_CACHE_SIZE, new File(this.workingDirectory, partitionInfo.getPartitionId()));
            createPartition.setSchemaManager(this.directoryService.getSchemaManager());
            if (logger.isDebugEnabled()) {
                logger.debug("Partition" + partitionInfo.getPartitionId() + " created from existing partition directory.");
            }
            try {
                this.directoryService.addPartition(createPartition);
                this.directoryService.sync();
                if (logger.isDebugEnabled()) {
                    logger.debug("Partition" + partitionInfo.getPartitionId() + " added to directory service.");
                }
            } catch (Exception e) {
                logger.error("Error in initializing partition in directory service", e);
                throw new DirectoryServerException(e);
            }
        } catch (Exception e2) {
            logger.error("Error in creating partition from existing partition directory.", e2);
            throw new DirectoryServerException(e2);
        }
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public void removePartition(String str) throws DirectoryServerException {
        Partition partition = getPartition(str);
        if (partition == null) {
            String str2 = "Error deleting partition. Could not find a partition with suffix " + str;
            logger.error(str2);
            throw new DirectoryServerException(str2);
        }
        try {
            this.directoryService.removePartition(partition);
        } catch (Exception e) {
            logger.error("Unable to delete partition with suffix " + str, e);
            throw new DirectoryServerException("Unable to delete partition with suffix " + str, e);
        }
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public void removeAllPartitions() throws DirectoryServerException {
        for (Partition partition : this.directoryService.getPartitions()) {
            if (!"schema".equalsIgnoreCase(partition.getId())) {
                try {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Removing partition with id - " + partition.getId() + " suffix - " + partition.getSuffix());
                    }
                    this.directoryService.removePartition(partition);
                } catch (Exception e) {
                    String str = "Unable to remove partition with id " + partition.getId() + " with suffix " + partition.getSuffix();
                    logger.error(str, e);
                    throw new DirectoryServerException(str, e);
                }
            }
        }
    }

    @Override // org.wso2.carbon.apacheds.PartitionManager
    public void synchronizePartitions() throws DirectoryServerException {
        try {
            this.directoryService.sync();
            Iterator it = this.directoryService.getInterceptors().iterator();
            while (it.hasNext()) {
                ((Interceptor) it.next()).init(this.directoryService);
            }
        } catch (Exception e) {
            throw new DirectoryServerException("Unable to sync partitions. ", e);
        }
    }

    private void addAccessControlAttributes(ServerEntry serverEntry) throws LdapException {
        serverEntry.add("administrativeRole", new String[]{"accessControlSpecificArea"});
    }

    private void addPartitionAttributes(String str, List<String> list, String str2, String str3) throws DirectoryServerException {
        try {
            ServerEntry newEntry = this.directoryService.newEntry(new DN(str));
            addObjectClasses(newEntry, list);
            newEntry.add("o", new String[]{str2});
            if (str3 == null) {
                logger.warn("Domain component not found for partition with DN - " + str + ". Not setting domain component.");
            } else {
                newEntry.add(PartitionInfo.DC, new String[]{str3});
            }
            addAccessControlAttributes(newEntry);
            this.directoryService.getAdminSession().add(newEntry);
        } catch (Exception e) {
            throwDirectoryServerException("Could not add partition attributes for partition - " + str, e);
        }
    }

    private void addUserStoreToPartition(String str) throws DirectoryServerException {
        try {
            ServerEntry newEntry = this.directoryService.newEntry(new DN("ou=Users," + str));
            newEntry.add("objectClass", new String[]{"organizationalUnit", "top"});
            newEntry.add("ou", new String[]{"Users"});
            this.directoryService.getAdminSession().add(newEntry);
        } catch (Exception e) {
            throwDirectoryServerException("Could not add user store to partition admin session. - " + str, e);
        } catch (LdapInvalidDnException e2) {
            throwDirectoryServerException("Could not add user store to partition - " + str + ". Cause - partition domain name is not valid.", e2);
        } catch (LdapException e3) {
            throwDirectoryServerException("Could not add user store to partition - " + str, e3);
        } catch (NamingException e4) {
            throwDirectoryServerException("Could not add user store to partition - " + str + ". Cause - partition domain name is not valid.", e4);
        }
    }

    private void addGroupStoreToPartition(String str) throws DirectoryServerException {
        try {
            ServerEntry newEntry = this.directoryService.newEntry(new DN("ou=Groups," + str));
            newEntry.add("objectClass", new String[]{"organizationalUnit", "top"});
            newEntry.add("ou", new String[]{"Groups"});
            this.directoryService.getAdminSession().add(newEntry);
        } catch (Exception e) {
            throwDirectoryServerException("Could not add group store to partition admin session. - " + str, e);
        } catch (NamingException e2) {
            throwDirectoryServerException("Could not add group store to partition - " + str + ". Cause - partition domain name is not valid.", e2);
        } catch (LdapException e3) {
            throwDirectoryServerException("Could not add group store to partition - " + str, e3);
        }
    }

    private void addSharedGroupToPartition(String str) throws DirectoryServerException {
        try {
            ServerEntry newEntry = this.directoryService.newEntry(new DN("ou=SharedGroups," + str));
            newEntry.add("objectClass", new String[]{"organizationalUnit", "top"});
            newEntry.add("ou", new String[]{"SharedGroups"});
            this.directoryService.getAdminSession().add(newEntry);
        } catch (Exception e) {
            throwDirectoryServerException("Could not add shared group store to partition admin session. - " + str, e);
        } catch (NamingException e2) {
            throwDirectoryServerException("Could not add shared group store to partition - " + str + ". Cause - partition domain name is not valid.", e2);
        } catch (LdapException e3) {
            throwDirectoryServerException("Could not add shared group store to partition - " + str, e3);
        }
    }

    private Partition getPartition(String str) {
        for (Partition partition : this.directoryService.getPartitions()) {
            if (partition.getSuffix().equals(str)) {
                return partition;
            }
        }
        return null;
    }

    private JdbmPartition createNewPartition(String str, String str2) throws DirectoryServerException {
        try {
            JdbmPartition jdbmPartition = new JdbmPartition();
            String str3 = this.workingDirectory + File.separator + str;
            File file = new File(str3);
            jdbmPartition.setId(str);
            jdbmPartition.setSuffix(str2);
            jdbmPartition.setPartitionDir(file);
            HashSet hashSet = new HashSet();
            hashSet.add(new JdbmIndex("1.3.6.1.4.1.18060.0.4.1.2.1"));
            hashSet.add(new JdbmIndex("1.3.6.1.4.1.18060.0.4.1.2.2"));
            hashSet.add(new JdbmIndex("1.3.6.1.4.1.18060.0.4.1.2.3"));
            hashSet.add(new JdbmIndex("1.3.6.1.4.1.18060.0.4.1.2.4"));
            hashSet.add(new JdbmIndex("1.3.6.1.4.1.18060.0.4.1.2.5"));
            hashSet.add(new JdbmIndex("1.3.6.1.4.1.18060.0.4.1.2.6"));
            hashSet.add(new JdbmIndex("1.3.6.1.4.1.18060.0.4.1.2.7"));
            hashSet.add(new JdbmIndex("ou"));
            hashSet.add(new JdbmIndex(PartitionInfo.DC));
            hashSet.add(new JdbmIndex("objectClass"));
            hashSet.add(new JdbmIndex("cn"));
            hashSet.add(new JdbmIndex("uid"));
            jdbmPartition.setIndexedAttributes(hashSet);
            String format = MessageFormat.format("Partition created with following attributes, partition id - {0}, Partition domain - {1}, Partition working directory {2}", str, str2, str3);
            if (logger.isDebugEnabled()) {
                logger.debug(format);
            }
            return jdbmPartition;
        } catch (LdapInvalidDnException e) {
            String str4 = "Could not add a new partition with partition id " + str + " and suffix " + str2;
            logger.error(str4, e);
            throw new DirectoryServerException(str4, e);
        }
    }

    private void addAdminACLEntry(String str, String str2) throws DirectoryServerException {
        try {
            ServerEntry newEntry = this.directoryService.newEntry(new DN("cn=adminACLEntry," + str2));
            newEntry.add("objectClass", new String[]{"accessControlSubentry", "subentry", "top"});
            newEntry.add("cn", new String[]{"adminACLEntry"});
            newEntry.add("prescriptiveACI", new String[]{"{ identificationTag \"adminACLEntryTag\", precedence 1, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { name { \"uid=" + str + ",ou=Users," + str2 + "\" }  }, userPermissions { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse, grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename, grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove, grantExport, grantDiscloseOnError } } } } }"});
            newEntry.add("subtreeSpecification", new String[]{"{ }"});
            this.directoryService.getAdminSession().add(newEntry);
        } catch (NamingException e) {
            throwDirectoryServerException("Invalid domain name entry - cn=adminACLEntry," + str2, e);
        } catch (Exception e2) {
            throwDirectoryServerException("Unable to add ACL entry for user - " + str + " with DN - cn=adminACLEntry," + str2, e2);
        } catch (LdapException e3) {
            throwDirectoryServerException("Unable to create ACL entry for user " + str, e3);
        } catch (LdapInvalidDnException e4) {
            throwDirectoryServerException("Domain name invalid - cn=adminACLEntry," + str2, e4);
        }
    }

    /* JADX WARN: Type inference failed for: r2v1, types: [byte[], byte[][]] */
    private void addAdminPassword(ServerEntry serverEntry, String str, PasswordAlgorithm passwordAlgorithm, boolean z) throws DirectoryServerException {
        String str2;
        try {
            String str3 = "{" + passwordAlgorithm.getAlgorithmName() + "}";
            if (passwordAlgorithm == PasswordAlgorithm.PLAIN_TEXT || z) {
                if (z) {
                    logger.warn("KDC enabled. Enforcing passwords to be plain text. Cause - KDC cannot operate with hashed passwords.");
                }
                str2 = str;
            } else {
                MessageDigest messageDigest = MessageDigest.getInstance(passwordAlgorithm.getAlgorithmName());
                messageDigest.update(str.getBytes());
                str2 = str3 + Base64.encode(messageDigest.digest());
            }
            serverEntry.put("userPassword", (byte[][]) new byte[]{str2.getBytes()});
        } catch (NoSuchAlgorithmException e) {
            throwDirectoryServerException("Could not find matching hash algorithm - " + passwordAlgorithm.getAlgorithmName(), e);
        }
    }

    private void addAdminGroup(AdminInfo adminInfo, String str) throws DirectoryServerException {
        AdminGroupInfo groupInformation = adminInfo.getGroupInformation();
        if (groupInformation != null && StringUtils.contains(groupInformation.getAdminRoleName(), "/")) {
            String adminRoleName = groupInformation.getAdminRoleName();
            groupInformation.setAdminRoleName(adminRoleName.substring(adminRoleName.indexOf("/") + 1));
        }
        String str2 = "";
        if (groupInformation != null) {
            try {
                str2 = groupInformation.getGroupNameAttribute() + "=" + groupInformation.getAdminRoleName() + ",ou=Groups," + str;
                ServerEntry newEntry = this.directoryService.newEntry(new DN(str2));
                addObjectClasses(newEntry, groupInformation.getObjectClasses());
                newEntry.add(groupInformation.getGroupNameAttribute(), new String[]{groupInformation.getAdminRoleName()});
                newEntry.add(groupInformation.getMemberNameAttribute(), new String[]{adminInfo.getUsernameAttribute() + "=" + adminInfo.getAdminUserName() + ",ou=Users," + str});
                this.directoryService.getAdminSession().add(newEntry);
            } catch (Exception e) {
                throwDirectoryServerException("Could not add group entry to admin session. DN - " + str2, e);
            } catch (LdapInvalidDnException e2) {
                throwDirectoryServerException("Domain name invalid " + str2, e2);
            } catch (LdapException e3) {
                throwDirectoryServerException("Could not add group entry - " + str2, e3);
            } catch (NamingException e4) {
                throwDirectoryServerException("Domain name invalid - " + str2, e4);
            }
        }
    }

    private void addAdmin(AdminInfo adminInfo, String str, String str2, boolean z) throws DirectoryServerException {
        if (adminInfo.getAdminUserName().contains("/")) {
            String adminUserName = adminInfo.getAdminUserName();
            adminInfo.setAdminUserName(adminUserName.substring(adminUserName.indexOf("/") + 1));
        }
        String str3 = adminInfo.getUsernameAttribute() + "=" + adminInfo.getAdminUserName() + ",ou=Users," + str;
        try {
            ServerEntry newEntry = this.directoryService.newEntry(new DN(str3));
            adminInfo.getObjectClasses();
            ArrayList arrayList = new ArrayList(adminInfo.getObjectClasses());
            arrayList.add("krb5principal");
            arrayList.add("krb5kdcentry");
            addObjectClasses(newEntry, arrayList);
            newEntry.add(adminInfo.getUsernameAttribute(), new String[]{adminInfo.getAdminUserName()});
            newEntry.add("sn", new String[]{adminInfo.getAdminLastName()});
            newEntry.add("givenName", new String[]{adminInfo.getAdminCommonName()});
            newEntry.add("cn", new String[]{adminInfo.getAdminUserName()});
            if (!"mail".equals(adminInfo.getUsernameAttribute())) {
                newEntry.add("mail", new String[]{adminInfo.getAdminEmail()});
            }
            newEntry.put("krb5PrincipalName", new String[]{adminInfo.getAdminUserName() + "/carbon.super@" + str2});
            newEntry.put("krb5KeyVersionNumber", new String[]{"0"});
            addAdminPassword(newEntry, adminInfo.getAdminPassword(), adminInfo.getPasswordAlgorithm(), z);
            this.directoryService.getAdminSession().add(newEntry);
        } catch (Exception e) {
            throwDirectoryServerException("Could not add group entry to admin session. DN - " + str3, e);
        } catch (NamingException e2) {
            throwDirectoryServerException("Domain name invalid - " + str3, e2);
        } catch (LdapInvalidDnException e3) {
            throwDirectoryServerException("Domain name invalid " + str3, e3);
        } catch (LdapException e4) {
            throwDirectoryServerException("Could not add entry to partition. DN - " + str3, e4);
        }
    }
}
