package org.picketlink.idm.ldap.internal;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SearchResult;
import org.apache.commons.lang.StringUtils;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.internal.AbstractIdentityStore;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.model.Group;
import org.picketlink.idm.model.GroupRole;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.Role;
import org.picketlink.idm.model.SimpleGroupRole;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.QueryParameter;
import org.picketlink.idm.spi.IdentityStoreInvocationContext;

/* loaded from: input_file:WEB-INF/lib/picketlink-idm-impl-3.0-2013Jan04.jar:org/picketlink/idm/ldap/internal/LDAPIdentityStore.class */
public class LDAPIdentityStore extends AbstractIdentityStore<LDAPConfiguration> {
    private LDAPConfiguration configuration;
    private IdentityStoreInvocationContext context;

    @Override // org.picketlink.idm.spi.IdentityStore
    public void setup(LDAPConfiguration lDAPConfiguration, IdentityStoreInvocationContext identityStoreInvocationContext) {
        this.configuration = lDAPConfiguration;
        this.context = identityStoreInvocationContext;
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public LDAPConfiguration getConfig() {
        return this.configuration;
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public IdentityStoreInvocationContext getContext() {
        return this.context;
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public Agent getAgent(String str) {
        return getUser(str);
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public User getUser(String str) {
        final String userDNSuffix = this.configuration.getUserDNSuffix();
        List searchByAttribute = getLdapManager().searchByAttribute(userDNSuffix, LDAPConstants.UID, str, new LDAPSearchCallback<User>() { // from class: org.picketlink.idm.ldap.internal.LDAPIdentityStore.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.picketlink.idm.ldap.internal.LDAPSearchCallback
            public User processResult(SearchResult searchResult) {
                LDAPUser lDAPUser = new LDAPUser(userDNSuffix, searchResult.getAttributes());
                lDAPUser.setCustomAttributes(LDAPIdentityStore.this.getCustomAttributes(lDAPUser.getDN()));
                return lDAPUser;
            }
        });
        if (searchByAttribute.isEmpty()) {
            return null;
        }
        return (User) searchByAttribute.get(0);
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public Group getGroup(String str) {
        final String groupDNSuffix = this.configuration.getGroupDNSuffix();
        List searchByAttribute = getLdapManager().searchByAttribute(groupDNSuffix, LDAPConstants.CN, str, new LDAPSearchCallback<Group>() { // from class: org.picketlink.idm.ldap.internal.LDAPIdentityStore.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.picketlink.idm.ldap.internal.LDAPSearchCallback
            public Group processResult(SearchResult searchResult) {
                LDAPGroup lDAPGroup = new LDAPGroup(searchResult.getAttributes(), groupDNSuffix);
                lDAPGroup.setCustomAttributes(LDAPIdentityStore.this.getCustomAttributes(lDAPGroup.getDN()));
                Group parentGroup = LDAPIdentityStore.this.getParentGroup(lDAPGroup);
                if (parentGroup != null) {
                    lDAPGroup.setParentGroup(parentGroup);
                }
                return lDAPGroup;
            }
        });
        if (searchByAttribute.isEmpty()) {
            return null;
        }
        return (Group) searchByAttribute.get(0);
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public Role getRole(String str) {
        final String roleDNSuffix = this.configuration.getRoleDNSuffix();
        List searchByAttribute = getLdapManager().searchByAttribute(roleDNSuffix, LDAPConstants.CN, str, new LDAPSearchCallback<Role>() { // from class: org.picketlink.idm.ldap.internal.LDAPIdentityStore.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.picketlink.idm.ldap.internal.LDAPSearchCallback
            public Role processResult(SearchResult searchResult) {
                LDAPRole lDAPRole = new LDAPRole(searchResult.getAttributes(), roleDNSuffix);
                lDAPRole.setCustomAttributes(LDAPIdentityStore.this.getCustomAttributes(lDAPRole.getDN()));
                return lDAPRole;
            }
        });
        if (searchByAttribute.isEmpty()) {
            return null;
        }
        return (Role) searchByAttribute.get(0);
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public Group getGroup(String str, Group group) {
        Group group2 = getGroup(str);
        Group parentGroup = group2.getParentGroup();
        if (group == null || group2 == null || parentGroup == null || !parentGroup.getName().equals(group.getName())) {
            return null;
        }
        return group2;
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public GroupRole createMembership(IdentityType identityType, Group group, Role role) {
        if (!(identityType instanceof User)) {
            if (identityType instanceof Group) {
                return null;
            }
            throw new IllegalArgumentException("The member parameter must be an instance of User or Group");
        }
        User user = getUser(((User) identityType).getId());
        LDAPRole lDAPRole = null;
        if (role != null) {
            lDAPRole = (LDAPRole) getRole(role.getName());
        }
        LDAPUser lDAPUser = null;
        if (user != null) {
            lDAPUser = (LDAPUser) getUser(user.getId());
        }
        LDAPGroup lDAPGroup = null;
        if (group != null) {
            lDAPGroup = (LDAPGroup) getGroup(group.getName());
        }
        if (lDAPRole == null || lDAPGroup == null) {
            if (lDAPUser != null && lDAPRole != null) {
                addMember(lDAPRole, lDAPUser);
            }
            if (lDAPGroup != null && lDAPRole != null) {
                addMember(lDAPGroup, lDAPRole);
            }
            if (lDAPGroup != null && lDAPUser != null) {
                addMember(lDAPGroup, lDAPUser);
            }
        } else {
            storeMembershipEntry(new LDAPGroupRole(lDAPUser, lDAPGroup, lDAPRole), lDAPRole);
        }
        return new SimpleGroupRole(lDAPUser, lDAPRole, lDAPGroup);
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public void removeMembership(IdentityType identityType, Group group, Role role) {
        if (!(identityType instanceof User)) {
            if (identityType instanceof Group) {
            }
            return;
        }
        LDAPUser lDAPUser = (LDAPUser) getUser(((User) identityType).getId());
        LDAPRole lDAPRole = null;
        if (role != null) {
            lDAPRole = (LDAPRole) getRole(role.getName());
        }
        LDAPGroup lDAPGroup = null;
        if (group != null) {
            lDAPGroup = (LDAPGroup) getGroup(group.getName());
        }
        if (group != null && role != null) {
            removeMemberShipEntry(new LDAPGroupRole(lDAPUser, lDAPGroup, lDAPRole), lDAPRole);
            return;
        }
        if (lDAPRole != null) {
            removeMember(lDAPRole, lDAPUser);
        }
        if (lDAPGroup != null) {
            removeMember(lDAPGroup, lDAPUser);
        }
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public GroupRole getMembership(IdentityType identityType, Group group, Role role) {
        GroupRole groupRole = null;
        LDAPUser lDAPUser = (LDAPUser) getUser(((User) identityType).getId());
        if (group == null || role == null) {
            if (role != null && ((LDAPRole) getRole(role.getName())).isMember(lDAPUser)) {
                groupRole = new SimpleGroupRole(lDAPUser, getRole(role.getName()), null);
            }
            if (group != null && ((LDAPGroup) getGroup(group.getName())).isMember(lDAPUser)) {
                groupRole = new SimpleGroupRole(lDAPUser, null, group);
            }
        } else {
            LDAPRole lDAPRole = (LDAPRole) getRole(role.getName());
            groupRole = (GroupRole) getLdapManager().lookup(new LDAPGroupRole(lDAPUser, (LDAPGroup) getGroup(group.getName()), lDAPRole).getDN());
            LDAPGroupRole lDAPGroupRole = (LDAPGroupRole) groupRole;
            if (groupRole == null || !lDAPGroupRole.isMember(lDAPRole)) {
                groupRole = null;
            }
        }
        return groupRole;
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public <T extends IdentityType> List<T> fetchQueryResults(IdentityQuery<T> identityQuery) {
        ArrayList arrayList = new ArrayList();
        String searchFilter = getSearchFilter(identityQuery);
        Class<? extends IdentityType> identityType = identityQuery.getIdentityType();
        NamingEnumeration<SearchResult> namingEnumeration = null;
        if (searchFilter == null) {
            return arrayList;
        }
        LDAPQuery lDAPQuery = new LDAPQuery(identityQuery.getParameters());
        String idAttribute = getIdAttribute(identityType);
        String baseDN = getBaseDN(identityType);
        try {
            try {
                namingEnumeration = getLdapManager().search(baseDN, searchFilter);
                while (namingEnumeration.hasMoreElements()) {
                    String str = (String) ((SearchResult) namingEnumeration.nextElement()).getAttributes().get(idAttribute).get();
                    LDAPCustomAttributes customAttributes = getCustomAttributes(idAttribute + LDAPConstants.EQUAL + str + "," + baseDN);
                    if (!lDAPQuery.hasCustomAttributes() || customAttributes != null) {
                        if (identityQuery.getParameters().containsKey(IdentityType.ENABLED)) {
                            if (!String.valueOf(customAttributes.getAttribute(LDAPConstants.CUSTOM_ATTRIBUTE_ENABLED)).equals(identityQuery.getParameters().get(IdentityType.ENABLED)[0].toString())) {
                            }
                        }
                        if (identityQuery.getParameters().containsKey(IdentityType.CREATED_DATE)) {
                            if (Long.valueOf(customAttributes.getAttribute(LDAPConstants.CUSTOM_ATTRIBUTE_CREATE_DATE).toString()).longValue() != ((Date) identityQuery.getParameters().get(IdentityType.CREATED_DATE)[0]).getTime()) {
                            }
                        }
                        if (identityQuery.getParameters().containsKey(IdentityType.CREATED_BEFORE)) {
                            if (Long.valueOf(customAttributes.getAttribute(LDAPConstants.CUSTOM_ATTRIBUTE_CREATE_DATE).toString()).longValue() > ((Date) identityQuery.getParameters().get(IdentityType.CREATED_BEFORE)[0]).getTime()) {
                            }
                        }
                        if (identityQuery.getParameters().containsKey(IdentityType.CREATED_AFTER)) {
                            if (Long.valueOf(customAttributes.getAttribute(LDAPConstants.CUSTOM_ATTRIBUTE_CREATE_DATE).toString()).longValue() < ((Date) identityQuery.getParameters().get(IdentityType.CREATED_AFTER)[0]).getTime()) {
                            }
                        }
                        if (identityQuery.getParameters().containsKey(IdentityType.EXPIRY_DATE) || identityQuery.getParameters().containsKey(IdentityType.EXPIRY_BEFORE) || identityQuery.getParameters().containsKey(IdentityType.EXPIRY_AFTER)) {
                            Object attribute = customAttributes.getAttribute(LDAPConstants.CUSTOM_ATTRIBUTE_EXPIRY_DATE);
                            if (attribute != null) {
                                if (identityQuery.getParameters().containsKey(IdentityType.EXPIRY_DATE)) {
                                    if (Long.valueOf(attribute.toString()).longValue() != ((Date) identityQuery.getParameters().get(IdentityType.EXPIRY_DATE)[0]).getTime()) {
                                    }
                                }
                                if (identityQuery.getParameters().containsKey(IdentityType.EXPIRY_BEFORE)) {
                                    if (Long.valueOf(attribute.toString()).longValue() > ((Date) identityQuery.getParameters().get(IdentityType.EXPIRY_BEFORE)[0]).getTime()) {
                                    }
                                }
                                if (identityQuery.getParameters().containsKey(IdentityType.EXPIRY_AFTER)) {
                                    if (Long.valueOf(attribute.toString()).longValue() < ((Date) identityQuery.getParameters().get(IdentityType.EXPIRY_AFTER)[0]).getTime()) {
                                    }
                                }
                            }
                        }
                        boolean z = true;
                        for (Map.Entry<QueryParameter, Object[]> entry : identityQuery.getParameters().entrySet()) {
                            QueryParameter key = entry.getKey();
                            Object[] value = entry.getValue();
                            if (key instanceof IdentityType.AttributeParameter) {
                                z = false;
                                Object attribute2 = customAttributes.getAttribute(((IdentityType.AttributeParameter) key).getName());
                                if (attribute2 != null) {
                                    int length = value.length;
                                    for (Object obj : value) {
                                        if (attribute2.getClass().isArray()) {
                                            for (Object obj2 : (Object[]) attribute2) {
                                                if (obj2.equals(obj)) {
                                                    length--;
                                                }
                                            }
                                        } else if (obj.equals(attribute2)) {
                                            length--;
                                        }
                                    }
                                    if (length <= 0) {
                                        z = true;
                                    }
                                }
                            }
                        }
                        if (z) {
                            if (isUserType(identityType)) {
                                arrayList.add(getUser(str));
                            } else if (isRoleType(identityType)) {
                                arrayList.add(getRole(str));
                            } else if (isGroupType(identityType)) {
                                arrayList.add(getGroup(str));
                            }
                        }
                    }
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e) {
                    }
                }
                return arrayList;
            } catch (Throwable th) {
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e2) {
                    }
                }
                throw th;
            }
        } catch (NamingException e3) {
            throw new RuntimeException((Throwable) e3);
        }
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public <T extends IdentityType> int countQueryResults(IdentityQuery<T> identityQuery) {
        throw createNotImplementedYetException();
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public <T extends Serializable> Attribute<T> getAttribute(IdentityType identityType, String str) {
        throw createNotImplementedYetException();
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public void setAttribute(IdentityType identityType, Attribute<? extends Serializable> attribute) {
        throw createNotImplementedYetException();
    }

    @Override // org.picketlink.idm.spi.IdentityStore
    public void removeAttribute(IdentityType identityType, String str) {
        throw createNotImplementedYetException();
    }

    private LDAPUser convert(User user) {
        LDAPUser lDAPUser;
        if (user instanceof LDAPUser) {
            lDAPUser = (LDAPUser) user;
        } else {
            lDAPUser = new LDAPUser(this.configuration.getUserDNSuffix());
            lDAPUser.setId(user.getId());
            lDAPUser.setFirstName(LDAPConstants.SPACE_STRING);
            lDAPUser.setLastName(LDAPConstants.SPACE_STRING);
            if (user.getFirstName() != null) {
                lDAPUser.setFirstName(user.getFirstName());
            }
            if (user.getLastName() != null) {
                lDAPUser.setLastName(user.getLastName());
            }
            if (user.getEmail() != null) {
                lDAPUser.setEmail(user.getEmail());
            }
            if (user.getExpirationDate() != null) {
                lDAPUser.setExpirationDate(user.getExpirationDate());
            }
            Iterator<Attribute<? extends Serializable>> it = user.getAttributes().iterator();
            while (it.hasNext()) {
                lDAPUser.setAttribute(it.next());
            }
        }
        return lDAPUser;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LDAPCustomAttributes getCustomAttributes(String str) {
        LDAPCustomAttributes lDAPCustomAttributes = null;
        try {
            lDAPCustomAttributes = (LDAPCustomAttributes) getLdapManager().lookup(getCustomAttributesDN(str));
        } catch (Exception e) {
        }
        return lDAPCustomAttributes;
    }

    private String getCustomAttributesDN(String str) {
        return "cn=custom-attributes," + str;
    }

    private void store(LDAPEntry lDAPEntry) {
        getLdapManager().bind(lDAPEntry.getDN(), lDAPEntry);
        getLdapManager().bind(getCustomAttributesDN(lDAPEntry.getDN()), lDAPEntry.getCustomAttributes());
    }

    private void addMember(LDAPEntry lDAPEntry, LDAPEntry lDAPEntry2) {
        lDAPEntry.addMember(lDAPEntry2);
        getLdapManager().modifyAttribute(lDAPEntry.getDN(), lDAPEntry.getLDAPAttributes().get(LDAPConstants.MEMBER));
    }

    private void removeMember(LDAPEntry lDAPEntry, LDAPEntry lDAPEntry2) {
        lDAPEntry.removeMember(lDAPEntry2);
        getLdapManager().modifyAttribute(lDAPEntry.getDN(), lDAPEntry.getLDAPAttributes().get(LDAPConstants.MEMBER));
    }

    private void removeEntry(LDAPEntry lDAPEntry) {
        getLdapManager().destroySubcontext(lDAPEntry.getDN());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Group getParentGroup(LDAPGroup lDAPGroup) {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        basicAttributes.put(new BasicAttribute(LDAPConstants.MEMBER, "cn=" + lDAPGroup.getName() + "," + this.configuration.getGroupDNSuffix()));
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                namingEnumeration = getLdapManager().search(this.configuration.getGroupDNSuffix(), basicAttributes, new String[]{LDAPConstants.CN});
                if (namingEnumeration.hasMoreElements()) {
                    Group group = getGroup((String) ((SearchResult) namingEnumeration.nextElement()).getAttributes().get(LDAPConstants.CN).get());
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e) {
                        }
                    }
                    return group;
                }
                if (namingEnumeration == null) {
                    return null;
                }
                try {
                    namingEnumeration.close();
                    return null;
                } catch (NamingException e2) {
                    return null;
                }
            } catch (NamingException e3) {
                throw new RuntimeException("Error looking parent group for [" + lDAPGroup.getDN() + "]", e3);
            }
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e4) {
                }
            }
            throw th;
        }
    }

    private void updateAttributes(LDAPEntry lDAPEntry, LDAPEntry lDAPEntry2) {
        try {
            NamingEnumeration all = lDAPEntry2.getLDAPAttributes().getAll();
            while (all.hasMore()) {
                javax.naming.directory.Attribute attribute = (javax.naming.directory.Attribute) all.next();
                javax.naming.directory.Attribute attribute2 = lDAPEntry.getLDAPAttributes().get(attribute.getID());
                if (attribute2 != null) {
                    getLdapManager().modifyAttribute(lDAPEntry2.getDN(), attribute2);
                } else {
                    getLdapManager().removeAttribute(lDAPEntry2.getDN(), attribute);
                }
            }
            NamingEnumeration all2 = lDAPEntry.getLDAPAttributes().getAll();
            while (all2.hasMore()) {
                javax.naming.directory.Attribute attribute3 = (javax.naming.directory.Attribute) all2.next();
                if (lDAPEntry2.getLDAPAttributes().get(attribute3.getID()) == null && getLdapManager().isManagedAttribute(attribute3.getID())) {
                    getLdapManager().addAttribute(lDAPEntry2.getDN(), attribute3);
                }
            }
            getLdapManager().rebind(getCustomAttributesDN(lDAPEntry.getDN()), lDAPEntry.getCustomAttributes());
        } catch (NamingException e) {
            throw new IdentityManagementException("Error updating custom attributes for IdentityType [" + lDAPEntry2 + "].", e);
        }
    }

    private NamingEnumeration<SearchResult> findParentEntries(String str, LDAPEntry lDAPEntry) {
        return getLdapManager().search(str, "(member=" + lDAPEntry.getDN() + ")");
    }

    private void removeFromParent(String str, LDAPEntry lDAPEntry) {
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                namingEnumeration = findParentEntries(str, lDAPEntry);
                while (namingEnumeration.hasMoreElements()) {
                    javax.naming.directory.Attribute attribute = ((SearchResult) namingEnumeration.nextElement()).getAttributes().get(LDAPConstants.MEMBER);
                    if (attribute != null) {
                        attribute.remove(lDAPEntry.getDN());
                    }
                    if (!attribute.getAll().hasMoreElements()) {
                        attribute.add(LDAPConstants.SPACE_STRING);
                    }
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e) {
                    }
                }
            } catch (NamingException e2) {
                throw new IdentityManagementException((Throwable) e2);
            }
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    private void storeMembershipEntry(LDAPEntry lDAPEntry, LDAPEntry lDAPEntry2) {
        String dn = lDAPEntry.getDN();
        LDAPEntry lDAPEntry3 = (LDAPEntry) getLdapManager().lookup(dn);
        if (lDAPEntry3 == null) {
            getLdapManager().bind(dn, lDAPEntry);
            return;
        }
        javax.naming.directory.Attribute attribute = lDAPEntry3.getLDAPAttributes().get(LDAPConstants.MEMBER);
        if (attribute.contains(lDAPEntry2.getDN())) {
            return;
        }
        attribute.add(lDAPEntry2.getDN());
        getLdapManager().modifyAttribute(dn, attribute);
        getLdapManager().rebind(dn, lDAPEntry3);
    }

    private void removeMemberShipEntry(LDAPEntry lDAPEntry, LDAPEntry lDAPEntry2) {
        String dn = lDAPEntry.getDN();
        LDAPEntry lDAPEntry3 = (LDAPEntry) getLdapManager().lookup(dn);
        if (lDAPEntry3 != null) {
            javax.naming.directory.Attribute attribute = lDAPEntry3.getLDAPAttributes().get(LDAPConstants.MEMBER);
            if (attribute.contains(lDAPEntry2.getDN())) {
                attribute.remove(lDAPEntry2.getDN());
                attribute.add(LDAPConstants.SPACE_STRING);
                getLdapManager().modifyAttribute(dn, attribute);
                getLdapManager().rebind(dn, lDAPEntry3);
            }
        }
    }

    public LDAPOperationManager getLdapManager() {
        return this.configuration.getLdapManager();
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected Role addRole(Role role) {
        if (role.getName() == null) {
            throw new IdentityManagementException("No identifier was provided.");
        }
        LDAPRole lDAPRole = new LDAPRole(this.configuration.getRoleDNSuffix());
        lDAPRole.setName(role.getName());
        store(lDAPRole);
        return lDAPRole;
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected Group addGroup(Group group) {
        if (group.getName() == null) {
            throw new IdentityManagementException("No identifier was provided.");
        }
        LDAPGroup lDAPGroup = new LDAPGroup(this.configuration.getGroupDNSuffix());
        lDAPGroup.setName(group.getName());
        if (group.getParentGroup() != null) {
            String name = group.getParentGroup().getName();
            LDAPGroup lDAPGroup2 = (LDAPGroup) getGroup(name);
            if (lDAPGroup2 == null) {
                throw new RuntimeException("Parent group [" + name + "] does not exists.");
            }
            lDAPGroup2.addChildGroup(lDAPGroup);
            lDAPGroup.setParentGroup(lDAPGroup2);
            getLdapManager().modifyAttribute(lDAPGroup2.getDN(), lDAPGroup2.getLDAPAttributes().get(LDAPConstants.MEMBER));
        }
        store(lDAPGroup);
        return lDAPGroup;
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected User addUser(User user) {
        if (user.getId() == null) {
            throw new IdentityManagementException("No identifier was provided.");
        }
        LDAPUser convert = !(user instanceof LDAPUser) ? convert(user) : (LDAPUser) user;
        convert.setFullName(convert.getUserCN());
        store(convert);
        return convert;
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected Group updateGroup(Group group, Group group2) {
        updateAttributes((LDAPGroup) group, (LDAPGroup) group2);
        return group;
    }

    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected Role updateRole(Role role, Role role2) {
        updateAttributes((LDAPRole) role, (LDAPRole) role2);
        return role;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected User updateUser(User user, User user2) {
        LDAPUser convert = convert(user);
        convert.setFullName(convert.getUserCN());
        updateAttributes(convert, (LDAPEntry) user2);
        return convert;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected Role removeRole(Role role) {
        removeEntry((LDAPEntry) role);
        removeFromParent(this.configuration.getGroupDNSuffix(), (LDAPEntry) role);
        return role;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected Group removeGroup(Group group) {
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            namingEnumeration = getLdapManager().search(this.configuration.getUserDNSuffix(), "(&(cn= " + group.getName() + "*))");
            while (namingEnumeration.hasMoreElements()) {
                getLdapManager().destroySubcontext(((SearchResult) namingEnumeration.nextElement()).getNameInNamespace());
            }
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e) {
                }
            }
            removeEntry((LDAPEntry) group);
            return group;
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e2) {
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.internal.AbstractIdentityStore
    protected User removeUser(User user) {
        removeFromParent(this.configuration.getRoleDNSuffix(), (LDAPEntry) user);
        removeFromParent(this.configuration.getGroupDNSuffix(), (LDAPEntry) user);
        removeEntry((LDAPEntry) user);
        return user;
    }

    private String getSearchFilter(IdentityQuery<IdentityType> identityQuery) {
        Class<IdentityType> identityType = identityQuery.getIdentityType();
        StringBuffer stringBuffer = new StringBuffer();
        if (isUserType(identityType)) {
            if (identityQuery.getParameters().containsKey(User.HAS_ROLE)) {
                Object[] objArr = identityQuery.getParameters().get(User.HAS_ROLE);
                LDAPEntry[] lDAPEntryArr = new LDAPEntry[objArr.length];
                for (int i = 0; i < objArr.length; i++) {
                    lDAPEntryArr[i] = (LDAPEntry) getRole(objArr[i].toString());
                }
                String usersFilterMemberOf = getUsersFilterMemberOf(lDAPEntryArr);
                if (usersFilterMemberOf.length() == 0) {
                    return null;
                }
                stringBuffer.append(usersFilterMemberOf);
            }
            if (identityQuery.getParameters().containsKey(User.MEMBER_OF)) {
                Object[] objArr2 = identityQuery.getParameters().get(User.MEMBER_OF);
                LDAPEntry[] lDAPEntryArr2 = new LDAPEntry[objArr2.length];
                for (int i2 = 0; i2 < objArr2.length; i2++) {
                    lDAPEntryArr2[i2] = (LDAPEntry) getGroup(objArr2[i2].toString());
                }
                String usersFilterMemberOf2 = getUsersFilterMemberOf(lDAPEntryArr2);
                if (usersFilterMemberOf2.length() == 0) {
                    return null;
                }
                stringBuffer.append(usersFilterMemberOf2);
            }
            if (identityQuery.getParameters().containsKey(IdentityType.HAS_GROUP_ROLE)) {
                NamingEnumeration<SearchResult> namingEnumeration = null;
                try {
                    try {
                        for (Object obj : identityQuery.getParameters().get(User.HAS_GROUP_ROLE)) {
                            GroupRole groupRole = (GroupRole) obj;
                            namingEnumeration = getLdapManager().search(this.configuration.getUserDNSuffix(), "(cn=" + groupRole.getGroup().getName() + ")");
                            if (namingEnumeration.hasMoreElements()) {
                                while (namingEnumeration.hasMoreElements()) {
                                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                                    String str = searchResult.getNameInNamespace().split(",")[1];
                                    if (searchResult.getAttributes().get(LDAPConstants.MEMBER).contains("cn=" + groupRole.getRole().getName() + "," + this.configuration.getRoleDNSuffix())) {
                                        stringBuffer.append("(").append(str).append(")");
                                    }
                                }
                            }
                        }
                        if (stringBuffer.length() == 0) {
                            return null;
                        }
                        if (namingEnumeration != null) {
                            try {
                                namingEnumeration.close();
                            } catch (NamingException e) {
                            }
                        }
                    } finally {
                        if (namingEnumeration != null) {
                            try {
                                namingEnumeration.close();
                            } catch (NamingException e2) {
                            }
                        }
                    }
                } catch (Exception e3) {
                    throw new IdentityManagementException(e3);
                }
            }
        } else if (isRoleType(identityType)) {
            if (identityQuery.getParameters().containsKey(Role.ROLE_OF)) {
                Object[] objArr3 = identityQuery.getParameters().get(Role.ROLE_OF);
                Agent[] agentArr = new Agent[objArr3.length];
                for (int i3 = 0; i3 < objArr3.length; i3++) {
                    agentArr[i3] = (Agent) objArr3[i3];
                }
                String entryFilterForMembers = getEntryFilterForMembers(agentArr, this.configuration.getRoleDNSuffix());
                if (entryFilterForMembers.length() == 0) {
                    return null;
                }
                stringBuffer.append(entryFilterForMembers);
            }
        } else if (isGroupType(identityType)) {
            if (identityQuery.getParameters().containsKey(Group.HAS_MEMBER)) {
                Object[] objArr4 = identityQuery.getParameters().get(Group.HAS_MEMBER);
                Agent[] agentArr2 = new Agent[objArr4.length];
                for (int i4 = 0; i4 < objArr4.length; i4++) {
                    agentArr2[i4] = (Agent) objArr4[i4];
                }
                String entryFilterForMembers2 = getEntryFilterForMembers(agentArr2, this.configuration.getGroupDNSuffix());
                if (entryFilterForMembers2.length() == 0) {
                    return null;
                }
                stringBuffer.append(entryFilterForMembers2);
            }
            if (identityQuery.getParameters().containsKey(Group.PARENT)) {
                NamingEnumeration namingEnumeration2 = null;
                try {
                    try {
                        namingEnumeration2 = ((LDAPGroup) getGroup(identityQuery.getParameters().get(Group.PARENT)[0].toString())).getLDAPAttributes().get(LDAPConstants.MEMBER).getAll();
                        while (namingEnumeration2.hasMoreElements()) {
                            String str2 = (String) namingEnumeration2.nextElement();
                            if (!str2.toString().trim().isEmpty()) {
                                stringBuffer.append("(").append(str2.split(",")[0]).append(")");
                            }
                        }
                        if (namingEnumeration2 != null) {
                            try {
                                namingEnumeration2.close();
                            } catch (NamingException e4) {
                            }
                        }
                    } finally {
                        if (namingEnumeration2 != null) {
                            try {
                                namingEnumeration2.close();
                            } catch (NamingException e5) {
                            }
                        }
                    }
                } catch (NamingException e6) {
                    throw new IdentityManagementException((Throwable) e6);
                }
            }
        }
        if (stringBuffer.length() > 0) {
            stringBuffer.insert(0, "(|");
            stringBuffer.insert(stringBuffer.length() - 1, ")");
        }
        StringBuffer createManagedAttributesFilter = new LDAPQuery(identityQuery.getParameters()).createManagedAttributesFilter();
        if (createManagedAttributesFilter == null) {
            createManagedAttributesFilter = new StringBuffer("(&(objectClass=*)(" + getIdAttribute(identityType) + "=*)(!(cn=custom-attributes)))");
        }
        createManagedAttributesFilter.insert(createManagedAttributesFilter.length() - 1, stringBuffer.toString());
        return createManagedAttributesFilter.toString();
    }

    private String getIdAttribute(Class<? extends IdentityType> cls) {
        String str = null;
        if (isUserType(cls)) {
            str = LDAPConstants.UID;
        } else if (isRoleType(cls)) {
            str = LDAPConstants.CN;
        } else if (isGroupType(cls)) {
            str = LDAPConstants.CN;
        }
        return str;
    }

    private String getBaseDN(Class<? extends IdentityType> cls) {
        String str = null;
        if (isUserType(cls)) {
            str = this.configuration.getUserDNSuffix();
        } else if (isRoleType(cls)) {
            str = this.configuration.getRoleDNSuffix();
        } else if (isGroupType(cls)) {
            str = this.configuration.getGroupDNSuffix();
        }
        return str;
    }

    private String getEntryFilterForMembers(Agent[] agentArr, String str) {
        StringBuffer stringBuffer = new StringBuffer();
        String str2 = StringUtils.EMPTY;
        for (Agent agent : agentArr) {
            str2 = str2 + "(member=" + ((LDAPUser) getUser(agent.getId())).getDN() + ")";
        }
        NamingEnumeration<SearchResult> namingEnumeration = null;
        try {
            try {
                namingEnumeration = getLdapManager().search(str, str2.toString());
                while (namingEnumeration.hasMoreElements()) {
                    stringBuffer.append("(").append(LDAPConstants.CN).append(LDAPConstants.EQUAL).append(((SearchResult) namingEnumeration.next()).getAttributes().get(LDAPConstants.CN).get().toString()).append(")");
                }
                if (namingEnumeration != null) {
                    try {
                        namingEnumeration.close();
                    } catch (NamingException e) {
                    }
                }
                return stringBuffer.toString();
            } catch (Exception e2) {
                throw new IdentityManagementException(e2);
            }
        } catch (Throwable th) {
            if (namingEnumeration != null) {
                try {
                    namingEnumeration.close();
                } catch (NamingException e3) {
                }
            }
            throw th;
        }
    }

    private String getUsersFilterMemberOf(LDAPEntry[] lDAPEntryArr) {
        StringBuffer stringBuffer = new StringBuffer();
        HashMap hashMap = new HashMap();
        for (LDAPEntry lDAPEntry : lDAPEntryArr) {
            NamingEnumeration namingEnumeration = null;
            try {
                try {
                    namingEnumeration = lDAPEntry.getLDAPAttributes().get(LDAPConstants.MEMBER).getAll();
                    while (namingEnumeration.hasMoreElements()) {
                        String str = (String) namingEnumeration.nextElement();
                        if (!str.trim().isEmpty()) {
                            String str2 = str.split(",")[0];
                            if (hashMap.containsKey(str2)) {
                                hashMap.put(str2, Integer.valueOf(((Integer) hashMap.get(str2)).intValue() + 1));
                            } else {
                                hashMap.put(str2, 1);
                            }
                            stringBuffer.append("(").append(str2).append(")");
                        }
                    }
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e) {
                        }
                    }
                } catch (Throwable th) {
                    if (namingEnumeration != null) {
                        try {
                            namingEnumeration.close();
                        } catch (NamingException e2) {
                        }
                    }
                    throw th;
                }
            } catch (NamingException e3) {
                throw new IdentityManagementException((Throwable) e3);
            }
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            if (!((Integer) entry.getValue()).equals(Integer.valueOf(lDAPEntryArr.length))) {
                stringBuffer = new StringBuffer(stringBuffer.toString().replaceAll("\\(" + ((String) entry.getKey()) + "\\)", StringUtils.EMPTY));
            }
        }
        return stringBuffer.toString();
    }
}
