package org.wso2.carbon.user.core.ldap;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.axiom.om.util.Base64;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.claim.ClaimMapping;
import org.wso2.carbon.user.core.config.RealmConfiguration;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.tenant.Tenant;

/* loaded from: input_file:org/wso2/carbon/user/core/ldap/ApacheDSUserStoreManager.class */
public class ApacheDSUserStoreManager extends LDAPUserStoreManager {
    public static final String PASSWORD_HASH_METHOD = "passwordHashMethod";
    public static final String PASSWORD_HASH_METHOD_SHA = "SHA";
    public static final String PASSWORD_HASH_METHOD_MD5 = "MD5";

    public ApacheDSUserStoreManager(RealmConfiguration realmConfiguration, Map<String, Object> map, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, UserRealm userRealm, Integer num) throws UserStoreException {
        super(realmConfiguration, map, claimManager, profileConfigurationManager, userRealm, num);
    }

    public ApacheDSUserStoreManager(RealmConfiguration realmConfiguration, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, String str) throws UserStoreException {
        super(realmConfiguration, claimManager, profileConfigurationManager);
    }

    @Override // org.wso2.carbon.user.core.ldap.LDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager
    public void addUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2) throws UserStoreException {
        addUser(str, obj, strArr, map, str2, false);
    }

    @Override // org.wso2.carbon.user.core.ldap.LDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager
    public void addUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, boolean z) throws UserStoreException {
        if (!checkUserNamePasswordValid(str, obj)) {
            throw new UserStoreException("User name and password does not match");
        }
        try {
            DirContext dirContext = (DirContext) this.connectionSource.getContext().lookup(this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE));
            BasicAttributes basicAttributes = new BasicAttributes(true);
            BasicAttribute basicAttribute = new BasicAttribute("objectClass");
            basicAttribute.add("inetOrgPerson");
            basicAttribute.add("organizationalPerson");
            basicAttribute.add("person");
            basicAttribute.add("top");
            basicAttributes.put(basicAttribute);
            BasicAttribute basicAttribute2 = new BasicAttribute("uid");
            basicAttribute2.add(str);
            basicAttributes.put(basicAttribute2);
            BasicAttribute basicAttribute3 = new BasicAttribute("userPassword");
            basicAttribute3.add(getPasswordToStore((String) obj, this.realmConfig.getUserStoreProperty(PASSWORD_HASH_METHOD)));
            basicAttributes.put(basicAttribute3);
            for (String str3 : strArr) {
                this.hybridRoleManager.addHybridRole(str3, new String[]{str});
            }
            for (Map.Entry<String, String> entry : map.entrySet()) {
                BasicAttribute basicAttribute4 = new BasicAttribute(entry.getKey());
                basicAttribute4.add(map.get(entry.getKey()));
                basicAttributes.put(basicAttribute4);
            }
            new BasicAttribute("requirePasswordChange").add(Boolean.valueOf(z));
            BasicAttribute basicAttribute5 = new BasicAttribute("cn");
            basicAttribute5.add(str);
            basicAttributes.put(basicAttribute5);
            BasicAttribute basicAttribute6 = new BasicAttribute("sn");
            basicAttribute6.add(str);
            basicAttributes.put(basicAttribute6);
            dirContext.bind("uid=" + str, (Object) null, basicAttributes);
        } catch (NamingException e) {
            throw new UserStoreException("Can not access the directory context or user already exists in the system", (Throwable) e);
        }
    }

    private String getPasswordToStore(String str, String str2) throws UserStoreException {
        String str3 = str;
        if (str2 != null) {
            try {
                str3 = "{" + str2 + "}" + Base64.encode(MessageDigest.getInstance(str2).digest(str.getBytes()));
            } catch (NoSuchAlgorithmException e) {
                throw new UserStoreException("Invalid hashMethod", e);
            }
        }
        return str3;
    }

    @Override // org.wso2.carbon.user.core.ldap.LDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager
    public void deleteUser(String str) throws UserStoreException {
        if (this.realmConfig.getAdminUserName().equals(str)) {
            throw new UserStoreException("Cannot delete admin user");
        }
        if ("wso2.anonymous.user".equals(str)) {
            throw new UserStoreException("Cannot delete anonymous user");
        }
        this.hybridRoleManager.deleteUser(str);
        DirContext context = this.connectionSource.getContext();
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE);
        String replace = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_FILTER).replace("?", str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        try {
            NamingEnumeration search = context.search(userStoreProperty, replace, searchControls);
            DirContext dirContext = (DirContext) context.lookup(userStoreProperty);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                String name = searchResult.getName();
                if (searchResult.getAttributes().get(this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE_NAME)).get().equals(str)) {
                    dirContext.destroySubcontext(name);
                }
            }
        } catch (NamingException e) {
            throw new UserStoreException("Can not access the directory serviece", (Throwable) e);
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.LDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager
    public void updateCredential(String str, Object obj, Object obj2) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE);
        String replace = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_FILTER).replace("?", str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{"userPassword"});
        try {
            NamingEnumeration search = context.search(userStoreProperty, replace, searchControls);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                Attribute attribute = searchResult.getAttributes().get("userPassword");
                String str2 = null;
                if (obj2 != null) {
                    NamingEnumeration all = attribute.getAll();
                    if (all.hasMore()) {
                        String str3 = new String((byte[]) all.next());
                        if (str3.startsWith("{")) {
                            str2 = str3.substring(str3.indexOf("{") + 1, str3.indexOf("}"));
                        }
                        if (!str3.equals(getPasswordToStore((String) obj2, str2))) {
                            throw new UserStoreException("Old password does not match");
                        }
                    } else {
                        continue;
                    }
                }
                String name = searchResult.getName();
                context = (DirContext) context.lookup(userStoreProperty);
                BasicAttribute basicAttribute = new BasicAttribute("userPassword");
                basicAttribute.add(getPasswordToStore((String) obj, str2));
                BasicAttributes basicAttributes = new BasicAttributes(true);
                basicAttributes.put(basicAttribute);
                context.modifyAttributes(name, 2, basicAttributes);
            }
            if (str.equals(this.adminUserName)) {
                this.connectionSource.updateCredential((String) obj);
            }
        } catch (NamingException e) {
            throw new UserStoreException("Can not access the directory serviece", (Throwable) e);
        }
    }

    @Override // org.wso2.carbon.user.core.ldap.LDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager
    public Map<String, String> getProperties(Tenant tenant) throws UserStoreException {
        Map<String, String> userStoreProperties = this.realmConfig.getUserStoreProperties();
        String tenantSuffix = getTenantSuffix(tenant.getDomain());
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : userStoreProperties.entrySet()) {
            String key = entry.getKey();
            if (key.equals(LDAPConstants.USER_SEARCH_BASE)) {
                hashMap.put(key, tenantSuffix);
            } else {
                hashMap.put(key, entry.getValue());
            }
        }
        return hashMap;
    }

    private String getTenantSuffix(String str) {
        String[] split = str.split("\\.");
        StringBuffer stringBuffer = new StringBuffer();
        for (String str2 : split) {
            stringBuffer.append(",dc=").append(str2);
        }
        return stringBuffer.toString().replaceFirst(",", "");
    }

    @Override // org.wso2.carbon.user.core.ldap.LDAPUserStoreManager, org.wso2.carbon.user.core.UserStoreManager
    public void setUserClaimValues(String str, Map<String, String> map, String str2) throws UserStoreException {
        DirContext context = this.connectionSource.getContext();
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE);
        String replace = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_FILTER).replace("?", str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) null);
        try {
            SearchResult searchResult = (SearchResult) context.search(userStoreProperty, replace, searchControls).next();
            if (str2 == null) {
            }
            if (map.get(UserCoreConstants.PROFILE_CONFIGURATION) == null) {
                map.put(UserCoreConstants.PROFILE_CONFIGURATION, "default");
            }
            try {
                BasicAttributes basicAttributes = new BasicAttributes(true);
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    String key = entry.getKey();
                    if (!key.equals(UserCoreConstants.PROFILE_CONFIGURATION)) {
                        ClaimMapping claimMapping = this.claimManager.getClaimMapping(key);
                        BasicAttribute basicAttribute = new BasicAttribute(claimMapping != null ? claimMapping.getMappedAttribute() : key);
                        basicAttribute.add(entry.getValue());
                        basicAttributes.put(basicAttribute);
                    }
                }
                ((DirContext) context.lookup(userStoreProperty)).modifyAttributes(searchResult.getName(), 2, basicAttributes);
            } catch (Exception e) {
                throw new UserStoreException("Profile information could not be updated in ApacheDS LDAP user store", e);
            }
        } catch (NamingException e2) {
            throw new UserStoreException("Results could not be retrieved from the directory context", (Throwable) e2);
        }
    }
}
