package org.wso2.carbon.auth.user.store.connector.ldap;

import java.nio.charset.Charset;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.CompositeName;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.callback.PasswordCallback;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.auth.user.store.configuration.models.UserStoreConfiguration;
import org.wso2.carbon.auth.user.store.connector.Attribute;
import org.wso2.carbon.auth.user.store.connector.UserStoreConnector;
import org.wso2.carbon.auth.user.store.connector.jdbc.DefaultPasswordHandler;
import org.wso2.carbon.auth.user.store.constant.LDAPConnectorConstants;
import org.wso2.carbon.auth.user.store.constant.UserStoreConstants;
import org.wso2.carbon.auth.user.store.exception.GroupNotFoundException;
import org.wso2.carbon.auth.user.store.exception.LDAPConnectorException;
import org.wso2.carbon.auth.user.store.exception.UserNotFoundException;
import org.wso2.carbon.auth.user.store.exception.UserStoreConnectorException;
import org.wso2.carbon.auth.user.store.util.UserStoreUtil;

/* loaded from: input_file:org/wso2/carbon/auth/user/store/connector/ldap/LDAPUserStoreConnector.class */
public class LDAPUserStoreConnector implements UserStoreConnector {
    private static Logger log = LoggerFactory.getLogger(LDAPUserStoreConnector.class);
    private LDAPConnectionContext ldapConnectionContext;
    protected UserStoreConfiguration userStoreConfig;
    private String userSearchBase;
    private String groupSearchBase;
    private String usernameAttribute;
    private String groupAttribute;
    private String groupListFilter;
    private String userNameListFilter;
    private Map<String, Object> properties;

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void init(UserStoreConfiguration userStoreConfiguration) {
        this.userStoreConfig = userStoreConfiguration;
        this.ldapConnectionContext = new LDAPConnectionContext(userStoreConfiguration);
        this.properties = this.userStoreConfig.getLdapProperties();
        this.userSearchBase = (String) this.properties.get("ldap.UserSearchBase");
        this.groupSearchBase = (String) this.properties.get("ldap.GroupSearchBase");
        this.usernameAttribute = (String) this.properties.get("ldap.UserNameAttribute");
        this.groupAttribute = (String) this.properties.get("ldap.GroupAttribute");
        this.groupListFilter = (String) this.properties.get("ldap.GroupListFilter");
        this.userNameListFilter = (String) this.properties.get("ldap.UserNameListFilter");
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String getConnectorUserId(String str, String str2) throws UserNotFoundException, UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(str, str2));
            try {
                NamingEnumeration search = context.search(this.userSearchBase, basicAttributes);
                if (search.hasMoreElements()) {
                    return (String) ((SearchResult) search.next()).getAttributes().get("scimid").get();
                }
                throw new UserNotFoundException("User not found with the given attribute");
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> listConnectorUserIds(String str, String str2, int i, int i2) throws UserStoreConnectorException {
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(str, str2));
            try {
                NamingEnumeration search = context.search(this.userSearchBase, basicAttributes);
                while (search.hasMoreElements()) {
                    arrayList.add((String) ((SearchResult) search.next()).getAttributes().get(this.usernameAttribute).get());
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> listConnectorUserIds(int i, int i2) throws UserStoreConnectorException {
        if (i2 == 0) {
            return Collections.emptyList();
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(i2);
        searchControls.setTimeLimit(UserStoreConstants.MAX_SEARCH_TIME);
        StringBuilder sb = new StringBuilder(this.userNameListFilter);
        String str = this.usernameAttribute;
        StringBuilder sb2 = new StringBuilder();
        sb2.append("(&").append((CharSequence) sb).append("(").append(str).append("=").append("*").append("))");
        searchControls.setReturningAttributes(new String[]{str, "scimid"});
        ArrayList arrayList = new ArrayList();
        try {
            try {
                NamingEnumeration search = this.ldapConnectionContext.getContext().search(this.userSearchBase, sb2.toString(), searchControls);
                while (search.hasMoreElements()) {
                    arrayList.add((String) ((SearchResult) search.next()).getAttributes().get("scimid").get());
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<Attribute> getUserAttributeValues(String str) throws UserStoreConnectorException {
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            try {
                Attributes attributes = context.getAttributes(context.getNameParser("").parse(this.usernameAttribute + "=" + getUserName(str) + "," + this.userSearchBase));
                NamingEnumeration iDs = attributes.getIDs();
                while (iDs.hasMoreElements()) {
                    String str2 = (String) iDs.next();
                    arrayList.add(new Attribute(str2, (String) attributes.get(str2).get()));
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<Attribute> getUserAttributeValues(String str, List<String> list) throws UserStoreConnectorException {
        javax.naming.directory.Attribute attribute;
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            StringBuilder sb = new StringBuilder();
            sb.append("(&").append(this.userNameListFilter).append("(").append("scimid").append("=?))");
            String replace = sb.toString().replace("?", str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String[] strArr = new String[0];
            if (list != null && list.size() > 0) {
                strArr = (String[]) list.toArray(new String[list.size()]);
                searchControls.setReturningAttributes(strArr);
            }
            try {
                NamingEnumeration search = context.search(context.getNameParser("").parse(this.userSearchBase), replace, searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null) {
                        for (String str2 : strArr) {
                            if (str2 != null && (attribute = attributes.get(str2)) != null) {
                                StringBuilder sb2 = new StringBuilder();
                                NamingEnumeration all = attribute.getAll();
                                while (all.hasMore()) {
                                    Object next = all.next();
                                    String str3 = next instanceof String ? (String) next : null;
                                    if (str3 != null && str3.trim().length() > 0) {
                                        sb2.append(str3).append(",");
                                    }
                                    String sb3 = sb2.toString();
                                    if (!StringUtils.isBlank(sb3) && sb3.trim().length() > ",".length()) {
                                        arrayList.add(new Attribute(str2, sb3.substring(0, sb3.length() - ",".length())));
                                    }
                                }
                            }
                        }
                    }
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String getConnectorGroupId(String str, String str2) throws GroupNotFoundException, UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(str, str2));
            try {
                NamingEnumeration search = context.search(this.groupSearchBase, basicAttributes);
                if (search.hasMoreElements()) {
                    return (String) ((SearchResult) search.next()).getAttributes().get("scimid").get();
                }
                throw new GroupNotFoundException("User not found with the given attribute");
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> listConnectorGroupIds(String str, String str2, int i, int i2) throws UserStoreConnectorException {
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put(new BasicAttribute(str, str2));
            try {
                NamingEnumeration search = context.search(this.groupSearchBase, basicAttributes);
                while (search.hasMoreElements()) {
                    arrayList.add((String) ((SearchResult) search.next()).getAttributes().get("scimid").get());
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> listConnectorGroupIds(int i, int i2) throws UserStoreConnectorException {
        if (i2 == 0) {
            return Collections.emptyList();
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(i2);
        searchControls.setTimeLimit(UserStoreConstants.MAX_SEARCH_TIME);
        StringBuilder sb = new StringBuilder(this.groupListFilter);
        StringBuilder sb2 = new StringBuilder();
        sb2.append("(&").append((CharSequence) sb).append("(").append(this.groupAttribute).append("=").append("*").append("))");
        searchControls.setReturningAttributes(new String[]{"scimid"});
        ArrayList arrayList = new ArrayList();
        try {
            try {
                NamingEnumeration search = this.ldapConnectionContext.getContext().search(this.groupSearchBase, sb2.toString(), searchControls);
                while (search.hasMoreElements()) {
                    arrayList.add((String) ((SearchResult) search.next()).getAttributes().get("scimid").get());
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<Attribute> getGroupAttributeValues(String str) throws UserStoreConnectorException {
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            try {
                Attributes attributes = context.getAttributes(context.getNameParser("").parse(this.groupAttribute + "=" + getGroupName(str) + "," + this.groupSearchBase));
                NamingEnumeration iDs = attributes.getIDs();
                while (iDs.hasMoreElements()) {
                    String str2 = (String) iDs.next();
                    arrayList.add(new Attribute(str2, (String) attributes.get(str2).get()));
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<Attribute> getGroupAttributeValues(String str, List<String> list) throws UserStoreConnectorException {
        javax.naming.directory.Attribute attribute;
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            StringBuilder sb = new StringBuilder();
            sb.append("(&").append(this.groupListFilter).append("(").append("scimid").append("=?))");
            String replace = sb.toString().replace("?", str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String[] strArr = new String[0];
            if (list != null && list.size() > 0) {
                strArr = (String[]) list.toArray(new String[list.size()]);
                searchControls.setReturningAttributes(strArr);
            }
            try {
                NamingEnumeration search = context.search(context.getNameParser("").parse(this.groupSearchBase), replace, searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null) {
                        for (String str2 : strArr) {
                            if (str2 != null && (attribute = attributes.get(str2)) != null) {
                                StringBuilder sb2 = new StringBuilder();
                                NamingEnumeration all = attribute.getAll();
                                while (all.hasMore()) {
                                    Object next = all.next();
                                    String str3 = next instanceof String ? (String) next : null;
                                    if (!StringUtils.isBlank(str3) && str3.trim().length() > 0) {
                                        sb2.append(str3).append(",");
                                    }
                                    String sb3 = sb2.toString();
                                    if (sb3.trim().length() > ",".length()) {
                                        arrayList.add(new Attribute(str2, sb3.substring(0, sb3.length() - ",".length())));
                                    }
                                }
                            }
                        }
                    }
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public boolean isUserInGroup(String str, String str2) throws UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            try {
                NameParser nameParser = context.getNameParser("");
                String userName = getUserName(str);
                Name parse = nameParser.parse(this.groupAttribute + "=" + getGroupName(str2) + "," + this.groupSearchBase);
                Name parse2 = nameParser.parse(this.usernameAttribute + "=" + userName + "," + this.userSearchBase);
                Attributes attributes = context.getAttributes(parse);
                NamingEnumeration iDs = attributes.getIDs();
                while (iDs.hasMoreElements()) {
                    String str3 = (String) iDs.next();
                    if ("member".equals(str3)) {
                        javax.naming.directory.Attribute attribute = attributes.get(str3);
                        for (int i = 0; i < attribute.size(); i++) {
                            if (attribute.get(i).equals(parse2.toString())) {
                                return true;
                            }
                        }
                        return false;
                    }
                }
                return false;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public UserStoreConfiguration getUserStoreConfig() {
        return this.userStoreConfig;
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> getUsers(List<Attribute> list, int i, int i2) throws UserStoreConnectorException {
        throw new UserStoreConnectorException(UserStoreConstants.OPERATION_NOT_SUPPORTED_IN_LDAP);
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String addUser(List<Attribute> list) throws UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            String str = null;
            String str2 = null;
            for (Attribute attribute : list) {
                if (this.usernameAttribute.equalsIgnoreCase(attribute.getAttributeUri())) {
                    str = attribute.getAttributeValue();
                } else if ("scimid".equalsIgnoreCase(attribute.getAttributeUri())) {
                    str2 = attribute.getAttributeValue();
                }
            }
            BasicAttributes userBasicAttributes = getUserBasicAttributes(str);
            setClaims(list, userBasicAttributes, str);
            try {
                context.createSubcontext(context.getNameParser("").parse(this.usernameAttribute + "=" + str + "," + this.userSearchBase), userBasicAttributes);
                return str2;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error adding user to LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String updateUserAttributes(String str, List<Attribute> list) throws UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            ModificationItem[] modificationItemArr = new ModificationItem[list.size()];
            for (int i = 0; i < list.size(); i++) {
                Attribute attribute = list.get(i);
                modificationItemArr[i] = new ModificationItem(2, new BasicAttribute(attribute.getAttributeUri(), attribute.getAttributeValue()));
            }
            try {
                context.modifyAttributes(context.getNameParser("").parse(this.usernameAttribute + "=" + getUserName(str) + "," + this.userSearchBase), modificationItemArr);
                return str;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error users of group", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void deleteUser(String str) throws UserStoreConnectorException {
        try {
            try {
                this.ldapConnectionContext.getContext().destroySubcontext(this.usernameAttribute + "=" + getUserName(str) + "," + this.userSearchBase);
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while deleting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void updateGroupsOfUser(String str, List<String> list) throws UserStoreConnectorException {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            updateUsersOfGroup(it.next(), Arrays.asList(str));
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void removeGroupsOfUser(String str) throws UserStoreConnectorException {
        throw new UserStoreConnectorException(UserStoreConstants.OPERATION_NOT_SUPPORTED_IN_LDAP);
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> getUserIdsOfGroup(String str) throws UserStoreConnectorException {
        javax.naming.directory.Attribute attribute;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(100);
        searchControls.setTimeLimit(UserStoreConstants.MAX_SEARCH_TIME);
        StringBuilder sb = new StringBuilder(this.groupListFilter);
        StringBuilder sb2 = new StringBuilder();
        sb2.append("(&").append((CharSequence) sb).append("(").append("scimid").append("=").append(str).append("))");
        searchControls.setReturningAttributes(new String[]{"member"});
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            ArrayList<String> arrayList2 = new ArrayList();
            try {
                NamingEnumeration search = context.search(this.groupSearchBase, sb2.toString(), searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null) {
                        NamingEnumeration all = attributes.getAll();
                        while (all.hasMore()) {
                            javax.naming.directory.Attribute attribute2 = (javax.naming.directory.Attribute) all.next();
                            if ("member".equals(attribute2.getID())) {
                                NamingEnumeration all2 = attribute2.getAll();
                                while (all2.hasMore()) {
                                    String obj = all2.next().toString();
                                    if (!StringUtils.isBlank(obj)) {
                                        arrayList2.add(obj);
                                    }
                                }
                            }
                        }
                    }
                }
                String[] strArr = {this.usernameAttribute, "scimid"};
                for (String str2 : arrayList2) {
                    try {
                        Attributes attributes2 = context.getAttributes(new CompositeName().add(str2), strArr);
                        if (attributes2 != null && (attribute = attributes2.get("scimid")) != null) {
                            arrayList.add((String) attribute.get());
                        }
                    } catch (NamingException e) {
                        String str3 = "Error in reading user information in the user store for the user " + str2;
                        if (log.isDebugEnabled()) {
                            log.debug(str3, e);
                        }
                        throw new UserStoreConnectorException(str3, (Throwable) e);
                    }
                }
                return arrayList;
            } catch (NamingException e2) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e2);
            }
        } catch (LDAPConnectorException e3) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e3);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> getGroupIdsOfUser(String str) throws UserStoreConnectorException {
        javax.naming.directory.Attribute attribute;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(100);
        searchControls.setTimeLimit(UserStoreConstants.MAX_SEARCH_TIME);
        StringBuilder sb = new StringBuilder(this.groupListFilter);
        StringBuilder sb2 = new StringBuilder();
        sb2.append("(&").append((CharSequence) sb).append("(").append("member").append("=").append(getUserDN(str)).append("))");
        searchControls.setReturningAttributes(new String[]{"member", "scimid"});
        ArrayList arrayList = new ArrayList();
        try {
            try {
                NamingEnumeration search = this.ldapConnectionContext.getContext().search(this.groupSearchBase, sb2.toString(), searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null && (attribute = attributes.get("scimid")) != null) {
                        arrayList.add((String) attribute.get());
                    }
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public List<String> getGroupsOfUser(String str) throws UserStoreConnectorException {
        ArrayList arrayList = new ArrayList();
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            try {
                String str2 = "(&" + this.groupListFilter + "(member=" + context.getNameParser("").parse(this.usernameAttribute + "=" + str + "," + this.userSearchBase) + "))";
                String[] strArr = {this.groupAttribute};
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                searchControls.setReturningAttributes(strArr);
                NamingEnumeration search = context.search(this.groupSearchBase, str2, searchControls);
                while (search.hasMoreElements()) {
                    javax.naming.directory.Attribute attribute = ((SearchResult) search.next()).getAttributes().get(this.groupAttribute);
                    if (attribute != null) {
                        NamingEnumeration all = attribute.getAll();
                        while (all.hasMoreElements()) {
                            arrayList.add((String) all.nextElement());
                        }
                    }
                }
                return arrayList;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error getting LDAP context ", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String addGroup(List<Attribute> list) throws UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            String str = null;
            String str2 = null;
            for (Attribute attribute : list) {
                if (LDAPConnectorConstants.DISPLAY_NAME_ATTRIBUTE_NAME.equalsIgnoreCase(attribute.getAttributeUri())) {
                    str = attribute.getAttributeValue();
                } else if ("scimid".equalsIgnoreCase(attribute.getAttributeUri())) {
                    str2 = attribute.getAttributeValue();
                }
            }
            BasicAttributes groupBasicAttributes = getGroupBasicAttributes(str);
            setClaims(list, groupBasicAttributes, str);
            try {
                context.createSubcontext(context.getNameParser("").parse(this.groupAttribute + "=" + str + "," + this.groupSearchBase), groupBasicAttributes);
                return str2;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error adding user to LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public Map<String, String> addGroups(Map<String, List<Attribute>> map) throws UserStoreConnectorException {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, List<Attribute>> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), addGroup(entry.getValue()));
        }
        return hashMap;
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String updateGroupAttributes(String str, List<Attribute> list) throws UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            ModificationItem[] modificationItemArr = new ModificationItem[list.size()];
            for (Attribute attribute : list) {
                modificationItemArr[0] = new ModificationItem(2, new BasicAttribute(attribute.getAttributeUri(), attribute.getAttributeValue()));
            }
            try {
                context.modifyAttributes(context.getNameParser("").parse(this.groupAttribute + "=" + getGroupName(str) + "," + this.groupSearchBase), modificationItemArr);
                return str;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error users of group", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void deleteGroup(String str) throws UserStoreConnectorException {
        try {
            try {
                this.ldapConnectionContext.getContext().destroySubcontext(this.groupAttribute + "=" + getGroupName(str) + "," + this.groupSearchBase);
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void updateUsersOfGroup(String str, List<String> list) throws UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            try {
                NameParser nameParser = context.getNameParser("");
                Name parse = nameParser.parse(this.groupAttribute + "=" + getGroupName(str) + "," + this.groupSearchBase);
                BasicAttributes basicAttributes = new BasicAttributes(true);
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    Name parse2 = nameParser.parse(this.usernameAttribute + "=" + getUserName(it.next()) + "," + this.userSearchBase);
                    BasicAttribute basicAttribute = new BasicAttribute("member");
                    basicAttribute.add(parse2.toString());
                    basicAttributes.put(basicAttribute);
                }
                context.modifyAttributes(parse, 2, basicAttributes);
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error users of group", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void removeUsersOfGroup(String str) throws UserStoreConnectorException {
        throw new UserStoreConnectorException(UserStoreConstants.OPERATION_NOT_SUPPORTED_IN_LDAP);
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String addCredential(String str, PasswordCallback passwordCallback) throws UserStoreConnectorException {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute(LDAPConnectorConstants.USER_PASSWORD_ATTRIBUTE_NAME);
        BasicAttribute basicAttribute2 = new BasicAttribute(LDAPConnectorConstants.USER_PASSWORD_SALT_ATTRIBUTE_NAME);
        String hashAlgo = getHashAlgo();
        int iterationCount = getIterationCount();
        int keyLength = getKeyLength();
        String generateUUID = UserStoreUtil.generateUUID();
        DefaultPasswordHandler defaultPasswordHandler = new DefaultPasswordHandler();
        defaultPasswordHandler.setIterationCount(iterationCount);
        defaultPasswordHandler.setKeyLength(keyLength);
        try {
            basicAttribute.add(defaultPasswordHandler.hashPassword(passwordCallback.getPassword(), generateUUID, hashAlgo));
            basicAttribute2.add(generateUUID);
            basicAttributes.put(basicAttribute);
            basicAttributes.put(basicAttribute2);
            try {
                DirContext context = this.ldapConnectionContext.getContext();
                try {
                    context.modifyAttributes(context.getNameParser("").parse(this.usernameAttribute + "=" + getUserName(str) + "," + this.userSearchBase), 1, basicAttributes);
                    return str;
                } catch (NamingException e) {
                    throw new UserStoreConnectorException("Error adding user credentials to LDAP", (Throwable) e);
                }
            } catch (LDAPConnectorException e2) {
                throw new UserStoreConnectorException("Error getting LDAP context ", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new UserStoreConnectorException("Error while hashing the password.", e3);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public String updateCredentials(String str, PasswordCallback passwordCallback) throws UserStoreConnectorException {
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            char[] password = passwordCallback.getPassword();
            String generateUUID = UserStoreUtil.generateUUID();
            String hashAlgo = getHashAlgo();
            int iterationCount = getIterationCount();
            int keyLength = getKeyLength();
            DefaultPasswordHandler defaultPasswordHandler = new DefaultPasswordHandler();
            defaultPasswordHandler.setIterationCount(iterationCount);
            defaultPasswordHandler.setKeyLength(keyLength);
            try {
                try {
                    context.modifyAttributes(context.getNameParser("").parse(this.usernameAttribute + "=" + getUserName(str) + "," + this.userSearchBase), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(LDAPConnectorConstants.USER_PASSWORD_ATTRIBUTE_NAME, defaultPasswordHandler.hashPassword(password, generateUUID, hashAlgo))), new ModificationItem(2, new BasicAttribute(LDAPConnectorConstants.USER_PASSWORD_SALT_ATTRIBUTE_NAME, generateUUID))});
                    return str;
                } catch (NamingException e) {
                    throw new UserStoreConnectorException("Error users of group", (Throwable) e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new UserStoreConnectorException("Error while hashing the password.", e2);
            }
        } catch (LDAPConnectorException e3) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e3);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public void deleteCredential(String str) throws UserStoreConnectorException {
        try {
            try {
                this.ldapConnectionContext.getContext().destroySubcontext(this.usernameAttribute + "=" + getUserName(str) + "," + this.userSearchBase);
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    @Override // org.wso2.carbon.auth.user.store.connector.UserStoreConnector
    public Map getUserPasswordInfo(String str) throws UserStoreConnectorException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(100);
        searchControls.setTimeLimit(UserStoreConstants.MAX_SEARCH_TIME);
        StringBuilder sb = new StringBuilder(this.userNameListFilter);
        StringBuilder sb2 = new StringBuilder();
        String[] strArr = {LDAPConnectorConstants.USER_PASSWORD_SALT_ATTRIBUTE_NAME, LDAPConnectorConstants.USER_PASSWORD_ATTRIBUTE_NAME};
        sb2.append("(&").append((CharSequence) sb).append("(").append("scimid").append("=").append(str).append("))");
        searchControls.setReturningAttributes(strArr);
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            new BasicAttributes(true).put(new BasicAttribute(this.usernameAttribute, str));
            try {
                NamingEnumeration search = context.search(this.userSearchBase, sb2.toString(), searchControls);
                if (!search.hasMoreElements()) {
                    return null;
                }
                HashMap hashMap = new HashMap();
                SearchResult searchResult = (SearchResult) search.next();
                String str2 = new String((byte[]) searchResult.getAttributes().get(LDAPConnectorConstants.USER_PASSWORD_ATTRIBUTE_NAME).get(), Charset.defaultCharset());
                String str3 = (String) searchResult.getAttributes().get(LDAPConnectorConstants.USER_PASSWORD_SALT_ATTRIBUTE_NAME).get();
                hashMap.put("password", str2);
                hashMap.put("password_salt", str3);
                hashMap.put("hash_algo", getHashAlgo());
                hashMap.put("iteration_count", Integer.valueOf(getIterationCount()));
                hashMap.put("key_length", Integer.valueOf(getKeyLength()));
                return hashMap;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    private BasicAttributes getUserBasicAttributes(String str) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        String str2 = (String) this.properties.get("ldap.UserEntryObjectClass");
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        for (String str3 : str2.split("/")) {
            if (str3 != null && !str3.trim().equals("")) {
                basicAttribute.add(str3.trim());
            }
        }
        basicAttribute.add(UserStoreConstants.LDAP_EXTENSIBLEOBJECT_ATTRIBUTE);
        basicAttributes.put(basicAttribute);
        BasicAttribute basicAttribute2 = new BasicAttribute(this.usernameAttribute);
        basicAttribute2.add(str);
        basicAttributes.put(basicAttribute2);
        return basicAttributes;
    }

    private BasicAttributes getGroupBasicAttributes(String str) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        String str2 = (String) this.properties.get("ldap.GroupEntryObjectClass");
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        for (String str3 : str2.split("/")) {
            if (str3 != null && !str3.trim().equals("")) {
                basicAttribute.add(str3.trim());
            }
        }
        basicAttribute.add(UserStoreConstants.LDAP_EXTENSIBLEOBJECT_ATTRIBUTE);
        basicAttributes.put(basicAttribute);
        BasicAttribute basicAttribute2 = new BasicAttribute(this.groupAttribute);
        basicAttribute2.add(str);
        basicAttributes.put(basicAttribute2);
        BasicAttribute basicAttribute3 = new BasicAttribute("member");
        basicAttribute3.add("");
        basicAttributes.put(basicAttribute3);
        return basicAttributes;
    }

    private void setClaims(List<Attribute> list, BasicAttributes basicAttributes, String str) {
        log.debug("Processing user claims");
        boolean z = false;
        boolean z2 = false;
        for (Attribute attribute : list) {
            if ("cn".equals(attribute.getAttributeUri())) {
                z2 = true;
            } else if ("sn".equals(attribute.getAttributeUri())) {
                z = true;
            } else if ("scimid".equals(attribute.getAttributeUri())) {
                BasicAttribute basicAttribute = new BasicAttribute("scimid");
                basicAttribute.add(attribute.getAttributeValue());
                basicAttributes.put(basicAttribute);
            }
            if (!"ref".equals(attribute.getAttributeUri())) {
                BasicAttribute basicAttribute2 = new BasicAttribute(attribute.getAttributeUri());
                basicAttribute2.add(attribute.getAttributeValue());
                basicAttributes.put(basicAttribute2);
            }
        }
        if (!z2) {
            BasicAttribute basicAttribute3 = new BasicAttribute("cn");
            basicAttribute3.add(str);
            basicAttributes.put(basicAttribute3);
        }
        if (z) {
            return;
        }
        BasicAttribute basicAttribute4 = new BasicAttribute("sn");
        basicAttribute4.add(str);
        basicAttributes.put(basicAttribute4);
    }

    private String getHashAlgo() {
        return this.userStoreConfig.getHashAlgo();
    }

    private int getIterationCount() {
        return this.userStoreConfig.getIterationCount();
    }

    private int getKeyLength() {
        return this.userStoreConfig.getKeyLength();
    }

    private String getUserName(String str) throws UserStoreConnectorException {
        javax.naming.directory.Attribute attribute;
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            StringBuilder sb = new StringBuilder();
            sb.append("(&").append(this.userNameListFilter).append("(").append("scimid").append("=?))");
            String replace = sb.toString().replace("?", str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{this.usernameAttribute});
            try {
                NamingEnumeration search = context.search(context.getNameParser("").parse(this.userSearchBase), replace, searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null && (attribute = attributes.get(this.usernameAttribute)) != null) {
                        return (String) attribute.get();
                    }
                }
                return null;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting user from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }

    private String getUserDN(String str) throws UserStoreConnectorException {
        return this.usernameAttribute + "=" + getUserName(str) + "," + this.userSearchBase;
    }

    private String getGroupName(String str) throws UserStoreConnectorException {
        javax.naming.directory.Attribute attribute;
        try {
            DirContext context = this.ldapConnectionContext.getContext();
            StringBuilder sb = new StringBuilder();
            sb.append("(&").append(this.groupListFilter).append("(").append("scimid").append("=?))");
            String replace = sb.toString().replace("?", str);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{this.groupAttribute});
            try {
                NamingEnumeration search = context.search(context.getNameParser("").parse(this.groupSearchBase), replace, searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    if (attributes != null && (attribute = attributes.get(this.groupAttribute)) != null) {
                        return (String) attribute.get();
                    }
                }
                return null;
            } catch (NamingException e) {
                throw new UserStoreConnectorException("Error while getting group from LDAP", (Throwable) e);
            }
        } catch (LDAPConnectorException e2) {
            throw new UserStoreConnectorException("Error getting LDAP context ", e2);
        }
    }
}
