package org.wso2.carbon.user.core.tenant;

import java.util.Locale;
import java.util.Map;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.sql.DataSource;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.TenantMgtConfiguration;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.ldap.LDAPConnectionContext;
import org.wso2.carbon.user.core.ldap.LDAPConstants;
import org.wso2.carbon.user.core.util.JNDIUtil;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:lib/org.wso2.carbon.user.core-4.6.1-m5.jar:org/wso2/carbon/user/core/tenant/CommonHybridLDAPTenantManager.class */
public class CommonHybridLDAPTenantManager extends JDBCTenantManager {
    private static final String USER_PASSWORD_ATTRIBUTE_NAME = "userPassword";
    private static final String EMAIL_ATTRIBUTE_NAME = "mail";
    private static final String SN_ATTRIBUTE_NAME = "sn";
    private static final String CN_ATTRIBUTE_NAME = "cn";
    private static Log logger = LogFactory.getLog(CommonHybridLDAPTenantManager.class);
    private LDAPConnectionContext ldapConnectionSource;
    private TenantMgtConfiguration tenantMgtConfig;
    private RealmConfiguration realmConfig;

    public CommonHybridLDAPTenantManager(OMElement oMElement, Map<String, Object> map) throws Exception {
        super(oMElement, map);
        this.tenantMgtConfig = null;
        this.realmConfig = null;
        this.tenantMgtConfig = (TenantMgtConfiguration) map.get(UserCoreConstants.TENANT_MGT_CONFIGURATION);
        this.realmConfig = (RealmConfiguration) map.get(UserCoreConstants.REALM_CONFIGURATION);
        if (this.realmConfig == null) {
            throw new UserStoreException("Tenant Manager can not function without a bootstrap realm config");
        }
        if (this.ldapConnectionSource == null) {
            this.ldapConnectionSource = new LDAPConnectionContext(this.realmConfig);
        }
    }

    public CommonHybridLDAPTenantManager(DataSource dataSource, String str) {
        super(dataSource, str);
        this.tenantMgtConfig = null;
        this.realmConfig = null;
    }

    @Override // org.wso2.carbon.user.core.tenant.JDBCTenantManager, org.wso2.carbon.user.api.TenantManager
    public int addTenant(org.wso2.carbon.user.api.Tenant tenant) throws UserStoreException {
        int addTenant = super.addTenant(tenant);
        tenant.setId(addTenant);
        try {
            DirContext context = this.ldapConnectionSource.getContext();
            if (isOrganizationalUnitCreated(tenant.getDomain(), context)) {
                logger.warn("Organizational unit for tenant domain:" + tenant.getDomain() + " is already created.");
            } else {
                createOrganizationalUnit(tenant.getDomain(), (Tenant) tenant, context);
                addSharedGroupForTenant((Tenant) tenant, context);
            }
            closeContext(context);
            return addTenant;
        } catch (Throwable th) {
            closeContext(null);
            throw th;
        }
    }

    protected boolean isOrganizationalUnitCreated(String str, DirContext dirContext) throws UserStoreException {
        String str2 = this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ROOT_PARTITION);
        String str3 = "(&(objectClass=" + this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORGANIZATIONAL_OBJECT_CLASS) + ")(" + this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORGANIZATIONAL_ATTRIBUTE) + "=" + str + "))";
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(1);
        try {
            return dirContext.search(str2, str3, searchControls).hasMore();
        } catch (NamingException e) {
            String str4 = "Error occurred while searching in root partition for organization : " + str;
            if (logger.isDebugEnabled()) {
                logger.debug(str4, e);
            }
            throw new UserStoreException(str4, e);
        }
    }

    protected void createOrganizationalUnit(String str, Tenant tenant, DirContext dirContext) throws UserStoreException {
        String str2 = this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ROOT_PARTITION);
        createOrganizationalContext(str2, str, dirContext);
        String str3 = this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORGANIZATIONAL_ATTRIBUTE) + "=" + str + "," + str2;
        String str4 = this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORG_SUB_CONTEXT_USER_CONTEXT_VALUE);
        if (str4 == null) {
            str4 = "users";
        }
        createOrganizationalSubContext(str3, str4, dirContext);
        String str5 = this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORG_SUB_CONTEXT_GROUP_CONTEXT_VALUE);
        if (str5 == null) {
            str5 = LDAPConstants.GROUP_CONTEXT_NAME;
        }
        createOrganizationalSubContext(str3, str5, dirContext);
    }

    protected void createOrganizationalContext(String str, String str2, DirContext dirContext) throws UserStoreException {
        DirContext dirContext2 = null;
        DirContext dirContext3 = null;
        try {
            try {
                dirContext2 = (DirContext) dirContext.lookup(str);
                BasicAttributes basicAttributes = new BasicAttributes(true);
                BasicAttribute basicAttribute = new BasicAttribute("objectClass");
                basicAttribute.add(this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORGANIZATIONAL_OBJECT_CLASS));
                basicAttributes.put(basicAttribute);
                String str3 = this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORGANIZATIONAL_ATTRIBUTE);
                BasicAttribute basicAttribute2 = new BasicAttribute(str3);
                basicAttribute2.add(str2);
                basicAttributes.put(basicAttribute2);
                String str4 = str3 + "=" + str2;
                if (logger.isDebugEnabled()) {
                    logger.debug("Adding sub context: " + str4 + " under " + str + " ...");
                }
                dirContext3 = dirContext2.createSubcontext(str4, basicAttributes);
                if (logger.isDebugEnabled()) {
                    logger.debug("Sub context: " + str4 + " was added under " + str + " successfully.");
                }
                closeContext(dirContext3);
                closeContext(dirContext2);
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Error occurred while adding the organizational unit sub context.", e);
                }
                throw new UserStoreException("Error occurred while adding the organizational unit sub context.", e);
            }
        } catch (Throwable th) {
            closeContext(dirContext3);
            closeContext(dirContext2);
            throw th;
        }
    }

    protected void closeContext(DirContext dirContext) {
        if (dirContext != null) {
            try {
                dirContext.close();
            } catch (NamingException e) {
                logger.error("Error closing sub context.", e);
            }
        }
    }

    protected void createOrganizationalSubContext(String str, String str2, DirContext dirContext) throws UserStoreException {
        DirContext dirContext2 = null;
        DirContext dirContext3 = null;
        try {
            try {
                dirContext2 = (DirContext) dirContext.lookup(str);
                BasicAttributes basicAttributes = new BasicAttributes(true);
                BasicAttribute basicAttribute = new BasicAttribute("objectClass");
                basicAttribute.add(this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORG_SUB_CONTEXT_OBJ_CLASS));
                basicAttributes.put(basicAttribute);
                String str3 = this.tenantMgtConfig.getTenantStoreProperties().get(UserCoreConstants.TenantMgtConfig.PROPERTY_ORG_SUB_CONTEXT_ATTRIBUTE);
                BasicAttribute basicAttribute2 = new BasicAttribute(str3);
                basicAttribute2.add(str2);
                basicAttributes.put(basicAttribute2);
                String str4 = str3 + "=" + str2;
                if (logger.isDebugEnabled()) {
                    logger.debug("Adding sub context: " + str4 + " under " + str + " ...");
                }
                dirContext3 = dirContext2.createSubcontext(str4, basicAttributes);
                if (logger.isDebugEnabled()) {
                    logger.debug("Sub context: " + str4 + " was added under " + str + " successfully.");
                }
                closeContext(dirContext3);
                closeContext(dirContext2);
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Error occurred while adding the organizational unit sub context.", e);
                }
                throw new UserStoreException("Error occurred while adding the organizational unit sub context.", e);
            }
        } catch (Throwable th) {
            closeContext(dirContext3);
            closeContext(dirContext2);
            throw th;
        }
    }

    @Deprecated
    protected String createAdminEntry(String str, Tenant tenant, DirContext dirContext) throws UserStoreException {
        DirContext dirContext2 = null;
        try {
            try {
                dirContext2 = (DirContext) dirContext.lookup(str);
                BasicAttributes basicAttributes = new BasicAttributes(true);
                BasicAttribute basicAttribute = new BasicAttribute("objectClass");
                basicAttribute.add(this.realmConfig.getUserStoreProperty("UserEntryObjectClass"));
                if (UserCoreUtil.isKdcEnabled(this.realmConfig)) {
                    basicAttribute.add("krb5principal");
                    basicAttribute.add("krb5kdcentry");
                    basicAttribute.add("subschema");
                    String str2 = tenant.getAdminName() + "_" + tenant.getDomain() + "@" + getRealmName();
                    BasicAttribute basicAttribute2 = new BasicAttribute("krb5PrincipalName");
                    basicAttribute2.add(str2);
                    BasicAttribute basicAttribute3 = new BasicAttribute("krb5KeyVersionNumber");
                    basicAttribute3.add("0");
                    basicAttributes.put(basicAttribute2);
                    basicAttributes.put(basicAttribute3);
                }
                basicAttributes.put(basicAttribute);
                BasicAttribute basicAttribute4 = new BasicAttribute(USER_PASSWORD_ATTRIBUTE_NAME);
                String userStoreProperty = this.realmConfig.getUserStoreProperty("PasswordHashMethod");
                if (userStoreProperty == null) {
                    userStoreProperty = this.realmConfig.getUserStoreProperty("passwordHashMethod");
                }
                basicAttribute4.add(UserCoreUtil.getPasswordToStore(tenant.getAdminPassword(), userStoreProperty, isKDCEnabled()));
                basicAttributes.put(basicAttribute4);
                BasicAttribute basicAttribute5 = new BasicAttribute(EMAIL_ATTRIBUTE_NAME);
                basicAttribute5.add(tenant.getEmail());
                basicAttributes.put(basicAttribute5);
                BasicAttribute basicAttribute6 = new BasicAttribute("sn");
                basicAttribute6.add(tenant.getAdminLastName());
                basicAttributes.put(basicAttribute6);
                String userStoreProperty2 = this.realmConfig.getUserStoreProperty("UserNameAttribute");
                if (!"cn".equals(userStoreProperty2)) {
                    BasicAttribute basicAttribute7 = new BasicAttribute("cn");
                    basicAttribute7.add(tenant.getAdminFirstName());
                    basicAttributes.put(basicAttribute7);
                }
                String str3 = userStoreProperty2 + "=" + tenant.getAdminName();
                dirContext2.bind(str3, (Object) null, basicAttributes);
                String str4 = str3 + "," + str;
                closeContext(dirContext2);
                return str4;
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Error occurred while creating Admin entry", e);
                }
                throw new UserStoreException("Error occurred while creating Admin entry", e);
            }
        } catch (Throwable th) {
            closeContext(dirContext2);
            throw th;
        }
    }

    @Deprecated
    protected void createAdminGroup(String str, String str2, DirContext dirContext) throws UserStoreException {
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttribute.add(this.realmConfig.getUserStoreProperty("GroupEntryObjectClass"));
        basicAttributes.put(basicAttribute);
        String userStoreProperty = this.realmConfig.getUserStoreProperty("GroupNameAttribute");
        BasicAttribute basicAttribute2 = new BasicAttribute(userStoreProperty);
        String adminRoleName = this.realmConfig.getAdminRoleName();
        basicAttribute2.add(UserCoreUtil.removeDomainFromName(adminRoleName));
        basicAttributes.put(basicAttribute2);
        BasicAttribute basicAttribute3 = new BasicAttribute(this.realmConfig.getUserStoreProperty("MembershipAttribute"));
        basicAttribute3.add(str2);
        basicAttributes.put(basicAttribute3);
        DirContext dirContext2 = null;
        try {
            try {
                dirContext2 = (DirContext) dirContext.lookup(str);
                dirContext2.bind(userStoreProperty + "=" + UserCoreUtil.removeDomainFromName(adminRoleName), (Object) null, basicAttributes);
                closeContext(dirContext2);
            } catch (NamingException e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Error occurred while creating the admin group.", e);
                }
                throw new UserStoreException("Error occurred while creating the admin group.", e);
            }
        } catch (Throwable th) {
            closeContext(dirContext2);
            throw th;
        }
    }

    private boolean isKDCEnabled() {
        return UserCoreUtil.isKdcEnabled(this.realmConfig);
    }

    public boolean isSharedGroupEnabled() {
        return this.realmConfig.isPrimary() && "true".equalsIgnoreCase(this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.SHARED_GROUPS_ENABLED));
    }

    public void addSharedGroupForTenant(Tenant tenant, DirContext dirContext) throws UserStoreException {
        if (isSharedGroupEnabled()) {
            BasicAttributes basicAttributes = new BasicAttributes(true);
            String domain = tenant.getDomain();
            String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.SHARED_TENANT_NAME_ATTRIBUTE);
            BasicAttribute basicAttribute = new BasicAttribute("objectClass");
            basicAttribute.add(this.realmConfig.getUserStoreProperty(LDAPConstants.SHARED_TENANT_OBJECT_CLASS));
            basicAttributes.put(basicAttribute);
            DirContext dirContext2 = null;
            try {
                try {
                    dirContext2 = (DirContext) dirContext.lookup(this.realmConfig.getUserStoreProperties().get(LDAPConstants.SHARED_GROUP_SEARCH_BASE));
                    dirContext2.bind(dirContext2.getNameParser("").parse(userStoreProperty + "=" + domain), (Object) null, basicAttributes);
                    JNDIUtil.closeContext(dirContext2);
                } catch (Exception e) {
                    String str = "Shared tenant: " + domain + "could not be added.";
                    if (logger.isDebugEnabled()) {
                        logger.debug(str, e);
                    }
                    throw new UserStoreException(str, e);
                }
            } catch (Throwable th) {
                JNDIUtil.closeContext(dirContext2);
                throw th;
            }
        }
    }

    protected String getRealmName() {
        String userStoreProperty = this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.DEFAULT_REALM_NAME);
        if (userStoreProperty != null) {
            return userStoreProperty;
        }
        String[] split = this.realmConfig.getUserStoreProperty("UserSearchBase").split("dc=");
        StringBuilder sb = new StringBuilder();
        for (String str : split) {
            if (!str.contains("=")) {
                String trim = str.trim();
                if (trim.endsWith(",")) {
                    sb.append(trim.replace(',', '.'));
                } else {
                    sb.append(trim);
                }
            }
        }
        return sb.toString().toUpperCase(Locale.ENGLISH);
    }
}
