package org.wso2.carbon.user.core.ldap;

import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.sql.DataSource;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.wso2.carbon.CarbonConstants;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.Tenant;
import org.wso2.carbon.user.core.Permission;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
import org.wso2.carbon.user.core.hybrid.HybridRoleManager;
import org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.util.DatabaseUtil;
import org.wso2.carbon.user.core.util.JNDIUtil;
import org.wso2.carbon.user.core.util.LDAPUtil;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:lib/org.wso2.carbon.user.core_4.0.1.jar:org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.class */
public class ReadOnlyLDAPUserStoreManager extends AbstractUserStoreManager {
    protected LDAPConnectionContext connectionSource;
    protected UserRealm realm;
    protected String adminUserName;
    protected int tenantID;
    private final int MAX_USER_CACHE = 200;
    private Map<String, String> userCache;
    protected static final String SERVER_PRINCIPAL_ATTRIBUTE_VALUE = "Service";
    private static Log log = LogFactory.getLog(ReadOnlyLDAPUserStoreManager.class);
    protected boolean readLDAPUserGroups;
    protected boolean writeLDAPUserGroups;
    protected String userSearchBase;
    protected String groupSearchBase;
    protected boolean emptyRolesAllowed;

    public ReadOnlyLDAPUserStoreManager() {
        this.connectionSource = null;
        this.realm = null;
        this.adminUserName = null;
        this.MAX_USER_CACHE = 200;
        this.userCache = new ConcurrentHashMap(200);
        this.readLDAPUserGroups = false;
        this.writeLDAPUserGroups = false;
        this.userSearchBase = null;
        this.groupSearchBase = null;
        this.emptyRolesAllowed = false;
    }

    public ReadOnlyLDAPUserStoreManager(RealmConfiguration realmConfiguration, Map<String, Object> map, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, UserRealm userRealm, Integer num) throws UserStoreException {
        this.connectionSource = null;
        this.realm = null;
        this.adminUserName = null;
        this.MAX_USER_CACHE = 200;
        this.userCache = new ConcurrentHashMap(200);
        this.readLDAPUserGroups = false;
        this.writeLDAPUserGroups = false;
        this.userSearchBase = null;
        this.groupSearchBase = null;
        this.emptyRolesAllowed = false;
        if (log.isDebugEnabled()) {
            log.debug("Started " + System.currentTimeMillis());
        }
        this.realmConfig = realmConfiguration;
        this.claimManager = claimManager;
        this.profileManager = profileConfigurationManager;
        this.userRealm = userRealm;
        this.tenantID = num.intValue();
        checkRequiredUserStoreConfigurations();
        this.dataSource = (DataSource) map.get(UserCoreConstants.DATA_SOURCE);
        if (this.dataSource == null) {
            this.dataSource = DatabaseUtil.getRealmDataSource(realmConfiguration);
        }
        if (this.dataSource == null) {
            throw new UserStoreException("Data Source is null");
        }
        map.put(UserCoreConstants.DATA_SOURCE, this.dataSource);
        this.hybridRoleManager = new HybridRoleManager(this.dataSource, num.intValue(), realmConfiguration, this.userRealm);
        this.connectionSource = (LDAPConnectionContext) map.get(UserCoreConstants.LDAP_CONNECTION_SOURCE);
        if (this.connectionSource == null) {
            this.connectionSource = new LDAPConnectionContext(realmConfiguration);
        }
        try {
            this.connectionSource.getContext();
            log.info("LDAP connection created successfully in read-only mode");
            this.realm = userRealm;
            checkInitialData();
            if (log.isDebugEnabled()) {
                log.debug("Ended " + System.currentTimeMillis());
            }
            this.adminUserName = realmConfiguration.getAdminUserName();
            initUserRolesCache();
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserStoreException("Cannot create connection to Active directory server. Error message " + e.getMessage());
        }
    }

    public ReadOnlyLDAPUserStoreManager(RealmConfiguration realmConfiguration, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager) throws UserStoreException {
        this.connectionSource = null;
        this.realm = null;
        this.adminUserName = null;
        this.MAX_USER_CACHE = 200;
        this.userCache = new ConcurrentHashMap(200);
        this.readLDAPUserGroups = false;
        this.writeLDAPUserGroups = false;
        this.userSearchBase = null;
        this.groupSearchBase = null;
        this.emptyRolesAllowed = false;
        if (log.isDebugEnabled()) {
            log.debug("Started " + System.currentTimeMillis());
        }
        this.realmConfig = realmConfiguration;
        this.claimManager = claimManager;
        this.profileManager = profileConfigurationManager;
        checkRequiredUserStoreConfigurations();
        this.connectionSource = new LDAPConnectionContext(realmConfiguration);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkRequiredUserStoreConfigurations() throws UserStoreException {
        log.debug("Checking LDAP configurations ..");
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.CONNECTION_URL);
        if (userStoreProperty == null || userStoreProperty.equals("")) {
            throw new UserStoreException("Required ConnectionURL property is not set at the LDAP configurations");
        }
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty(LDAPConstants.CONNECTION_NAME);
        if (userStoreProperty2 == null || userStoreProperty2.equals("")) {
            throw new UserStoreException("Required ConnectionNme property is not set at the LDAP configurations");
        }
        String userStoreProperty3 = this.realmConfig.getUserStoreProperty(LDAPConstants.CONNECTION_PASSWORD);
        if (userStoreProperty3 == null || userStoreProperty3.equals("")) {
            throw new UserStoreException("Required ConnectionPassword property is not set at the LDAP configurations");
        }
        this.userSearchBase = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE);
        if (this.userSearchBase == null || this.userSearchBase.equals("")) {
            throw new UserStoreException("Required UserSearchBase property is not set at the LDAP configurations");
        }
        String userStoreProperty4 = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_LIST_FILTER);
        if (userStoreProperty4 == null || userStoreProperty4.equals("")) {
            throw new UserStoreException("Required UserNameListFilter property is not set at the LDAP configurations");
        }
        String userStoreProperty5 = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE);
        if (userStoreProperty5 == null || userStoreProperty5.equals("")) {
            throw new UserStoreException("Required UserNameAttribute property is not set at the LDAP configurations");
        }
        this.readLDAPUserGroups = Boolean.parseBoolean(this.realmConfig.getUserStoreProperty(LDAPConstants.READ_LDAP_GROUPS));
        if (this.readLDAPUserGroups) {
            this.groupSearchBase = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_SEARCH_BASE);
            if (this.groupSearchBase == null || this.groupSearchBase.equals("")) {
                throw new UserStoreException("Required GroupSearchBase property is not set at the LDAP configurations");
            }
            String userStoreProperty6 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_LIST_FILTER);
            if (userStoreProperty6 == null || userStoreProperty6.equals("")) {
                throw new UserStoreException("Required GroupNameListFilter property is not set at the LDAP configurations");
            }
            String userStoreProperty7 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE);
            if (userStoreProperty7 == null || userStoreProperty7.equals("")) {
                throw new UserStoreException("Required GroupNameAttribute property is not set at the LDAP configurations");
            }
            String userStoreProperty8 = this.realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE);
            if (userStoreProperty8 == null || userStoreProperty8.equals("")) {
                throw new UserStoreException("Required MembershipAttribute property is not set at the LDAP configurations");
            }
        }
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public boolean doAuthenticate(String str, Object obj) throws UserStoreException {
        if (str == null || obj == null) {
            return false;
        }
        String replaceEscapeCharacters = replaceEscapeCharacters(str.trim());
        String trim = ((String) obj).trim();
        if (replaceEscapeCharacters.equals("") || trim.equals("")) {
            return false;
        }
        boolean z = false;
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN);
        if (userStoreProperty == null || userStoreProperty.isEmpty()) {
            String nameInSpaceForUserName = getNameInSpaceForUserName(replaceEscapeCharacters);
            if (nameInSpaceForUserName != null) {
                try {
                    z = bindAsUser(nameInSpaceForUserName, (String) obj);
                } catch (NamingException e) {
                    log.error(e.getMessage(), e);
                    throw new UserStoreException(e.getMessage(), e);
                }
            }
        } else {
            String str2 = this.userCache.get(replaceEscapeCharacters);
            if (str2 != null) {
                try {
                    z = bindAsUser(str2, (String) obj);
                } catch (NamingException e2) {
                    if (log.isDebugEnabled()) {
                        log.debug("Checking authentication with UserDN " + str2 + "failed " + e2.getStackTrace());
                    }
                }
                if (z) {
                    return z;
                }
            }
            String[] split = userStoreProperty.split("#");
            if (split.length > 0) {
                for (String str3 : split) {
                    String format = MessageFormat.format(str3, replaceEscapeCharacters);
                    if (format != null) {
                        try {
                            z = bindAsUser(format, (String) obj);
                            if (z) {
                                this.userCache.put(replaceEscapeCharacters, format);
                                break;
                            }
                            continue;
                        } catch (NamingException e3) {
                            if (log.isDebugEnabled()) {
                                log.debug("Checking authentication with UserDN " + str3 + "failed " + e3.getStackTrace());
                            }
                        }
                    }
                }
                if (!z) {
                    throw new UserStoreException("User: " + replaceEscapeCharacters + " can not be authenticated. Please try again.");
                }
            }
        }
        return z;
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public String[] getAllProfileNames() throws UserStoreException {
        return new String[]{"default"};
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public String[] getProfileNames(String str) throws UserStoreException {
        return new String[]{"default"};
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public Map<String, String> getUserPropertyValues(String str, String[] strArr, String str2) throws UserStoreException {
        HashMap hashMap = new HashMap();
        String str3 = "(&" + this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_LIST_FILTER) + "(" + this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE) + "=" + str + "))";
        DirContext context = this.connectionSource.getContext();
        NamingEnumeration<SearchResult> namingEnumeration = null;
        NamingEnumeration namingEnumeration2 = null;
        try {
            try {
                namingEnumeration = searchForUser(str3, strArr, context);
                while (namingEnumeration.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) namingEnumeration.next()).getAttributes();
                    if (attributes != null) {
                        for (String str4 : strArr) {
                            Attribute attribute = attributes.get(str4);
                            if (attribute != null) {
                                StringBuffer stringBuffer = new StringBuffer();
                                namingEnumeration2 = attribute.getAll();
                                while (namingEnumeration2.hasMore()) {
                                    String str5 = (String) namingEnumeration2.next();
                                    if (str5 != null && str5.trim().length() > 0) {
                                        stringBuffer.append(str5 + ",");
                                    }
                                }
                                String stringBuffer2 = stringBuffer.toString();
                                if (stringBuffer2 != null && stringBuffer2.trim().length() > 1) {
                                    hashMap.put(str4, stringBuffer2.substring(0, stringBuffer2.length() - 1));
                                }
                            }
                        }
                    }
                }
                JNDIUtil.closeNamingEnumeration(namingEnumeration2);
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeContext(context);
                return hashMap;
            } catch (NamingException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration2);
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            JNDIUtil.closeContext(context);
            throw th;
        }
    }

    public String[] getUserRoles(String str) throws UserStoreException {
        return new String[0];
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public boolean isExistingRole(String str) throws UserStoreException {
        boolean z = false;
        if (this.hybridRoleManager.isExistingRole(str)) {
            z = true;
        } else if ("true".equals(this.realmConfig.getUserStoreProperty(LDAPConstants.READ_LDAP_GROUPS))) {
            String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_LIST_FILTER);
            String userStoreProperty2 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE);
            String str2 = "(&" + userStoreProperty + "(" + userStoreProperty2 + "=" + str + "))";
            String userStoreProperty3 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_SEARCH_BASE);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setReturningAttributes(new String[]{userStoreProperty2});
            if (getListOfNames(userStoreProperty3, str2, searchControls, userStoreProperty2).size() > 0) {
                z = true;
            }
        }
        return z;
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public boolean isExistingUser(String str) throws UserStoreException {
        if (CarbonConstants.REGISTRY_SYSTEM_USERNAME.equals(str)) {
            return true;
        }
        boolean z = false;
        try {
            String nameInSpaceForUserName = getNameInSpaceForUserName(str);
            if (nameInSpaceForUserName != null) {
                if (nameInSpaceForUserName.length() > 0) {
                    z = true;
                }
            }
            return z;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new UserStoreException(e.getMessage(), e);
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public String[] listUsers(String str, int i) throws UserStoreException {
        String str2;
        String[] strArr = new String[0];
        if (i == 0) {
            return strArr;
        }
        int parseInt = Integer.parseInt(this.realmConfig.getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST));
        if (i < 0 || i > parseInt) {
            i = parseInt;
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setCountLimit(i);
        if (str.contains("?") || str.contains("**")) {
            throw new UserStoreException("Invalid character sequence entered for user serch. Please enter valid sequence.");
        }
        StringBuffer stringBuffer = new StringBuffer(this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_LIST_FILTER));
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE);
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE);
        StringBuffer stringBuffer2 = new StringBuffer();
        stringBuffer2.append("(&").append(stringBuffer).append("(").append(userStoreProperty2).append("=").append(str).append("))");
        searchControls.setReturningAttributes(new String[]{userStoreProperty2, "sn"});
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = this.connectionSource.getContext();
                namingEnumeration = dirContext.search(userStoreProperty, stringBuffer2.toString(), searchControls);
                ArrayList arrayList = new ArrayList();
                int i2 = 0;
                while (namingEnumeration.hasMoreElements() && i2 < i) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    if (searchResult.getAttributes() != null) {
                        Attribute attribute = searchResult.getAttributes().get(userStoreProperty2);
                        Attribute attribute2 = searchResult.getAttributes().get("sn");
                        if (attribute2 == null || (str2 = (String) attribute2.get()) == null || !str2.equals(SERVER_PRINCIPAL_ATTRIBUTE_VALUE)) {
                            if (attribute != null) {
                                arrayList.add((String) attribute.get());
                                i2++;
                            }
                        }
                    }
                }
                String[] strArr2 = (String[]) arrayList.toArray(new String[arrayList.size()]);
                Arrays.sort(strArr2);
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeContext(dirContext);
                return strArr2;
            } catch (NamingException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            JNDIUtil.closeContext(dirContext);
            throw th;
        }
    }

    protected boolean bindAsUser(String str, String str2) throws NamingException, UserStoreException {
        boolean z = false;
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", LDAPConstants.DRIVER_NAME);
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("com.sun.jndi.ldap.connect.pool", "true");
        hashtable.put(CarbonConstants.REQUEST_BASE_CONTEXT, "true");
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.CONNECTION_URL);
        String str3 = userStoreProperty.split(":")[2];
        String str4 = null;
        String str5 = null;
        if (str3.contains("${") && str3.contains("}")) {
            str5 = Integer.toString(CarbonUtils.getPortFromServerConfig(str3));
            str4 = userStoreProperty.replace(str3, str5);
        }
        if (str5 == null) {
            str4 = this.realmConfig.getUserStoreProperty(LDAPConstants.CONNECTION_URL);
        }
        hashtable.put("java.naming.provider.url", str4);
        hashtable.put("java.naming.security.authentication", BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE);
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialLdapContext(hashtable, (Control[]) null);
                z = true;
                JNDIUtil.closeContext(dirContext);
            } catch (AuthenticationException e) {
                if (log.isDebugEnabled()) {
                    log.debug(e.getMessage(), e);
                    log.debug("Authentication failed " + e.getMessage());
                }
                JNDIUtil.closeContext(dirContext);
            }
            return z;
        } catch (Throwable th) {
            JNDIUtil.closeContext(dirContext);
            throw th;
        }
    }

    protected NamingEnumeration<SearchResult> searchForUser(String str, String[] strArr, DirContext dirContext) throws UserStoreException {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE);
        if (strArr != null && strArr.length > 0) {
            searchControls.setReturningAttributes(strArr);
        }
        try {
            return dirContext.search(userStoreProperty, str, searchControls);
        } catch (NamingException e) {
            log.error("Search failed.", e);
            throw new UserStoreException(e.getMessage());
        }
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager
    public void addRole(String str, String[] strArr, Permission[] permissionArr) throws UserStoreException {
        if (isExistingRole(str)) {
            throw new UserStoreException("Duplicate role name in the system. Please pick another name");
        }
        this.hybridRoleManager.addHybridRole(str, strArr);
        if (strArr != null && strArr.length != 0) {
            clearUserRolesCacheByTenant(this.tenantID);
        }
        if (permissionArr != null) {
            for (Permission permission : permissionArr) {
                this.userRealm.getAuthorizationManager().authorizeRole(str, permission.getResourceId(), permission.getAction());
            }
        }
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager, org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public void updateRoleName(String str, String str2) throws UserStoreException {
        if (isExistingRole(str2)) {
            throw new UserStoreException("Duplicate role name in the system. Please pick another name");
        }
        this.hybridRoleManager.updateHybridRoleName(str, str2);
        clearUserRolesCacheByTenant(this.tenantID);
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager
    public boolean isBulkImportSupported() {
        return false;
    }

    @Override // org.wso2.carbon.user.api.UserStoreManager
    public boolean isMultipleProfilesAllowed() {
        return false;
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public void deleteRole(String str) throws UserStoreException {
        this.hybridRoleManager.deleteHybridRole(str);
        clearUserRolesCacheByTenant(this.tenantID);
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public String[] getRoleNames() throws UserStoreException {
        List<String> arrayList = new ArrayList();
        if ("true".equals(this.realmConfig.getUserStoreProperty(LDAPConstants.READ_LDAP_GROUPS))) {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_LIST_FILTER);
            String userStoreProperty2 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_SEARCH_BASE);
            String userStoreProperty3 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE);
            searchControls.setReturningAttributes(new String[]{userStoreProperty3});
            arrayList = getListOfNames(userStoreProperty2, userStoreProperty, searchControls, userStoreProperty3);
        }
        return UserCoreUtil.combine(this.hybridRoleManager.getHybridRoles(), arrayList);
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public String[] getUserListOfRole(String str) throws UserStoreException {
        String[] strArr = new String[0];
        if (this.hybridRoleManager.isExistingRole(str)) {
            strArr = this.hybridRoleManager.getUserListOfHybridRole(str);
        } else if ("true".equals(this.realmConfig.getUserStoreProperty(LDAPConstants.READ_LDAP_GROUPS))) {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String str2 = "(&" + this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_LIST_FILTER) + "(" + this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE) + "=" + str + "))";
            String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_SEARCH_BASE);
            searchControls.setReturningAttributes(new String[]{this.realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE)});
            List<String> attributeListOfOneElement = getAttributeListOfOneElement(userStoreProperty, str2, searchControls);
            strArr = (String[]) attributeListOfOneElement.toArray(new String[attributeListOfOneElement.size()]);
        }
        return strArr;
    }

    protected String getEffectiveSearchBase() {
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.BACK_LINKS_ENABLED);
        boolean z = false;
        if (userStoreProperty != null && !userStoreProperty.equals("")) {
            z = Boolean.parseBoolean(userStoreProperty);
        }
        return z ? this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE) : this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_SEARCH_BASE);
    }

    public List<String> getExernalRoleListOfUser(String str) throws UserStoreException {
        List<String> arrayList = new ArrayList();
        if ("true".equals(this.realmConfig.getUserStoreProperty(LDAPConstants.READ_LDAP_GROUPS)) && !str.equals("wso2.anonymous.user") && !str.equals(CarbonConstants.REGISTRY_SYSTEM_USERNAME)) {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String effectiveSearchBase = getEffectiveSearchBase();
            String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.MEMBEROF_ATTRIBUTE);
            if (userStoreProperty == null || userStoreProperty.length() <= 0) {
                String userStoreProperty2 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_LIST_FILTER);
                String userStoreProperty3 = this.realmConfig.getUserStoreProperty(LDAPConstants.MEMBERSHIP_ATTRIBUTE);
                if (userStoreProperty3 == null || userStoreProperty3.length() < 1) {
                    throw new UserStoreException("Please set member of attribute or membership attribute");
                }
                String str2 = "(&" + userStoreProperty2 + "(" + userStoreProperty3 + "=" + getNameInSpaceForUserName(str) + "))";
                String userStoreProperty4 = this.realmConfig.getUserStoreProperty(LDAPConstants.GROUP_NAME_ATTRIBUTE);
                searchControls.setReturningAttributes(new String[]{userStoreProperty4});
                arrayList = getListOfNames(effectiveSearchBase, str2, searchControls, userStoreProperty4);
            } else {
                String userStoreProperty5 = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_LIST_FILTER);
                String userStoreProperty6 = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE);
                String str3 = "(&" + userStoreProperty5 + "(" + userStoreProperty6 + "=" + str + "))";
                String userStoreProperty7 = this.realmConfig.getUserStoreProperty(LDAPConstants.LDAP_ATTRIBUTES_BINARY);
                String userStoreProperty8 = this.realmConfig.getUserStoreProperty(LDAPConstants.PRIMARY_GROUP_ID);
                String[] strArr = {userStoreProperty};
                if (userStoreProperty7 != null && userStoreProperty8 != null) {
                    strArr = new String[]{userStoreProperty, userStoreProperty7, userStoreProperty8};
                }
                searchControls.setReturningAttributes(strArr);
                arrayList = (userStoreProperty7 == null || userStoreProperty8 == null) ? getAttributeListOfOneElement(effectiveSearchBase, str3, searchControls) : getAttributeListOfOneElementWithPrimarGroup(effectiveSearchBase, str3, searchControls, userStoreProperty7, userStoreProperty8, userStoreProperty6, userStoreProperty);
            }
        } else if ("wso2.anonymous.user".equals(str)) {
            arrayList.add(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME);
        }
        return arrayList;
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public String[] getInternalRoleListOfUser(String str) throws UserStoreException {
        return this.hybridRoleManager.getHybridRoleListOfUser(str);
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public String[] getRoleListOfUser(String str) throws UserStoreException {
        try {
            String[] roleListOfUserFromCache = getRoleListOfUserFromCache(this.tenantID, str);
            if (roleListOfUserFromCache != null) {
                return roleListOfUserFromCache;
            }
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                log.debug("Roles does not exist in the cache for user " + str);
            }
        }
        String[] combine = UserCoreUtil.combine(getInternalRoleListOfUser(str), getExernalRoleListOfUser(str));
        addToUserRolesCache(this.tenantID, str, combine);
        return combine;
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public boolean isReadOnly() throws UserStoreException {
        return true;
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public String[] getHybridRoles() throws UserStoreException {
        return this.hybridRoleManager.getHybridRoles();
    }

    private void checkInitialData() throws UserStoreException {
        if (!isExistingUser(this.realmConfig.getAdminUserName())) {
            log.error("Carbon cannot function without an Admin Username");
            throw new UserStoreException("Carbon cannot function without an Admin Username");
        }
        if (!isExistingRole(this.realmConfig.getAdminRoleName())) {
            addRole(this.realmConfig.getAdminRoleName(), new String[]{this.realmConfig.getAdminUserName()}, (Permission[]) null);
        }
        if (!isExistingRole(this.realmConfig.getEveryOneRoleName())) {
            addRole(this.realmConfig.getEveryOneRoleName(), new String[]{this.realmConfig.getAdminUserName()}, (Permission[]) null);
        }
        if (isExistingRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME)) {
            return;
        }
        addRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, new String[]{"wso2.anonymous.user"}, (Permission[]) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getNameInSpaceForUserName(String str) throws UserStoreException {
        StringBuffer stringBuffer = new StringBuffer(this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_LIST_FILTER));
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE);
        StringBuffer stringBuffer2 = new StringBuffer();
        stringBuffer2.append("(&").append(stringBuffer).append("(").append(userStoreProperty).append("=").append(str).append("))");
        if (log.isDebugEnabled()) {
            log.debug("Searching for " + stringBuffer2.toString());
        }
        DirContext context = this.connectionSource.getContext();
        String str2 = null;
        try {
            try {
                String str3 = null;
                String searchForUser = searchForUser(stringBuffer2.toString(), null, context);
                int i = 0;
                SearchResult searchResult = null;
                while (searchForUser.hasMoreElements()) {
                    SearchResult searchResult2 = (SearchResult) searchForUser.next();
                    if (i > 0) {
                        log.error("More than one user exist for the same name");
                    }
                    i++;
                    searchResult = searchResult2;
                }
                if (searchResult != null) {
                    str3 = searchResult.getNameInNamespace();
                }
                return str2;
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } finally {
            JNDIUtil.closeNamingEnumeration(str2);
            JNDIUtil.closeContext(context);
        }
    }

    private List<String> parseSearchResult(SearchResult searchResult, String str) {
        ArrayList arrayList = new ArrayList();
        Attributes attributes = searchResult.getAttributes();
        if (attributes != null) {
            try {
                NamingEnumeration all = attributes.getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (str == null || str.equals(attribute.getID())) {
                        NamingEnumeration all2 = attribute.getAll();
                        while (all2.hasMore()) {
                            String obj = all2.next().toString();
                            int indexOf = obj.indexOf("=") + 1;
                            int indexOf2 = obj.indexOf(",");
                            if (indexOf > -1 && indexOf2 > -1) {
                                obj = obj.substring(indexOf, indexOf2);
                            }
                            arrayList.add(obj);
                        }
                        JNDIUtil.closeNamingEnumeration(all2);
                    }
                }
                JNDIUtil.closeNamingEnumeration(all);
            } catch (NamingException e) {
                log.error(e.getMessage(), e);
            }
        }
        return arrayList;
    }

    private List<String> getAttributeListOfOneElementWithPrimarGroup(String str, String str2, SearchControls searchControls, String str3, String str4, String str5, String str6) throws UserStoreException {
        List<String> arrayList = new ArrayList();
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = this.connectionSource.getContext();
                namingEnumeration = dirContext.search(str, str2, searchControls);
                int i = 0;
                while (namingEnumeration.hasMore()) {
                    if (i > 0) {
                        log.error("More than element user exist with name");
                        throw new UserStoreException("More than element user exist with name");
                    }
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    i++;
                    arrayList = parseSearchResult(searchResult, str6);
                    String findGroupBySID = LDAPUtil.findGroupBySID(dirContext, str, LDAPUtil.getPrimaryGroupSID(searchResult, str3, str4), str5);
                    if (findGroupBySID != null) {
                        arrayList.add(findGroupBySID);
                    }
                }
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeContext(dirContext);
                return arrayList;
            } catch (NamingException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            JNDIUtil.closeContext(dirContext);
            throw th;
        }
    }

    private List<String> getAttributeListOfOneElement(String str, String str2, SearchControls searchControls) throws UserStoreException {
        List<String> arrayList = new ArrayList();
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = this.connectionSource.getContext();
                namingEnumeration = dirContext.search(str, str2, searchControls);
                int i = 0;
                while (namingEnumeration.hasMore()) {
                    if (i > 0) {
                        log.error("More than element user exist with name");
                        throw new UserStoreException("More than element user exist with name");
                    }
                    i++;
                    arrayList = parseSearchResult((SearchResult) namingEnumeration.next(), null);
                }
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeContext(dirContext);
                return arrayList;
            } catch (NamingException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            JNDIUtil.closeContext(dirContext);
            throw th;
        }
    }

    private List<String> getListOfNames(String str, String str2, SearchControls searchControls, String str3) throws UserStoreException {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        DirContext dirContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                dirContext = this.connectionSource.getContext();
                namingEnumeration = dirContext.search(str, str2, searchControls);
                while (namingEnumeration.hasMoreElements()) {
                    SearchResult searchResult = (SearchResult) namingEnumeration.next();
                    if (searchResult.getAttributes() != null && (attribute = searchResult.getAttributes().get(str3)) != null) {
                        arrayList.add((String) attribute.get());
                    }
                }
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeContext(dirContext);
                return arrayList;
            } catch (NamingException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            JNDIUtil.closeContext(dirContext);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.api.UserStoreManager
    public Map<String, String> getProperties(Tenant tenant) throws org.wso2.carbon.user.api.UserStoreException {
        return getProperties((org.wso2.carbon.user.core.tenant.Tenant) tenant);
    }

    @Override // org.wso2.carbon.user.api.UserStoreManager
    public void addRole(String str, String[] strArr, org.wso2.carbon.user.api.Permission[] permissionArr) throws org.wso2.carbon.user.api.UserStoreException {
        addRole(str, strArr, (Permission[]) permissionArr);
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public int getTenantId() throws UserStoreException {
        return this.tenantID;
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public String[] getUserListFromProperties(String str, String str2, String str3) throws UserStoreException {
        Attribute attribute;
        ArrayList arrayList = new ArrayList();
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_LIST_FILTER);
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE);
        String str4 = "(&" + userStoreProperty + "(" + str + "=" + str2 + "))";
        DirContext context = this.connectionSource.getContext();
        NamingEnumeration<SearchResult> namingEnumeration = null;
        NamingEnumeration namingEnumeration2 = null;
        try {
            try {
                namingEnumeration = searchForUser(str4, new String[]{userStoreProperty2}, context);
                while (namingEnumeration.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) namingEnumeration.next()).getAttributes();
                    if (attributes != null && (attribute = attributes.get(userStoreProperty2)) != null) {
                        StringBuffer stringBuffer = new StringBuffer();
                        namingEnumeration2 = attribute.getAll();
                        while (namingEnumeration2.hasMore()) {
                            String str5 = (String) namingEnumeration2.next();
                            if (str5 != null && str5.trim().length() > 0) {
                                stringBuffer.append(str5 + ",");
                            }
                        }
                        String stringBuffer2 = stringBuffer.toString();
                        if (stringBuffer2 != null && stringBuffer2.trim().length() > 1) {
                            arrayList.add(stringBuffer2.substring(0, stringBuffer2.length() - 1));
                        }
                    }
                }
                JNDIUtil.closeNamingEnumeration(namingEnumeration2);
                JNDIUtil.closeNamingEnumeration(namingEnumeration);
                JNDIUtil.closeContext(context);
                return (String[]) arrayList.toArray(new String[arrayList.size()]);
            } catch (NamingException e) {
                log.error(e.getMessage(), e);
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeNamingEnumeration(namingEnumeration2);
            JNDIUtil.closeNamingEnumeration(namingEnumeration);
            JNDIUtil.closeContext(context);
            throw th;
        }
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public Date getPasswordExpirationTime(String str) throws UserStoreException {
        return null;
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public int getTenantId(String str) throws UserStoreException {
        throw new UserStoreException("Invalid operation");
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public int getUserId(String str) throws UserStoreException {
        throw new UserStoreException("Invalid operation");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doDeleteUserClaimValue(String str, String str2, String str3) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doDeleteUserClaimValues(String str, String[] strArr, String str2) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, boolean z) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doDeleteUser(String str) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doSetUserClaimValue(String str, String str2, String str3, String str4) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doSetUserClaimValues(String str, Map<String, String> map, String str2) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateCredential(String str, Object obj, Object obj2) throws UserStoreException {
        throw new UserStoreException("User store is operating in read only mode. Cannot write into the user store.");
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateCredentialByAdmin(String str, Object obj) throws UserStoreException {
        updateCredential(str, obj, null);
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateRoleListOfUser(String str, String[] strArr, String[] strArr2) throws UserStoreException {
        this.hybridRoleManager.updateHybridRoleListOfUser(str, strArr, strArr2);
        clearUserRolesCacheByTenant(this.tenantID);
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doUpdateUserListOfRole(String str, String[] strArr, String[] strArr2) throws UserStoreException {
        this.hybridRoleManager.updateUserListOfHybridRole(str, strArr, strArr2);
        clearUserRolesCacheByTenant(this.tenantID);
    }

    @Override // org.wso2.carbon.user.core.UserStoreManager
    public Map<String, String> getProperties(org.wso2.carbon.user.core.tenant.Tenant tenant) throws UserStoreException {
        return this.realmConfig.getUserStoreProperties();
    }

    @Override // org.wso2.carbon.user.api.UserStoreManager
    public void addRememberMe(String str, String str2) throws org.wso2.carbon.user.api.UserStoreException {
        new JDBCUserStoreManager(this.dataSource, this.realmConfig, this.realmConfig.getTenantId(), false).addRememberMe(str, str2);
    }

    @Override // org.wso2.carbon.user.api.UserStoreManager
    public boolean isValidRememberMeToken(String str, String str2) throws org.wso2.carbon.user.api.UserStoreException {
        try {
            if (isExistingUser(str)) {
                return new JDBCUserStoreManager(this.dataSource, this.realmConfig, this.realmConfig.getTenantId(), false).isExistingRememberMeToken(str, str2);
            }
            return false;
        } catch (Exception e) {
            log.error("Validating remember me token failed for" + str);
            return false;
        }
    }
}
