package org.wso2.carbon.user.core.ldap;

import com.ctc.wstx.io.CharsetNames;
import java.io.UnsupportedEncodingException;
import java.util.Map;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.claim.ClaimManager;
import org.wso2.carbon.user.core.claim.ClaimMapping;
import org.wso2.carbon.user.core.profile.ProfileConfigurationManager;
import org.wso2.carbon.user.core.util.JNDIUtil;

/* loaded from: input_file:org/wso2/carbon/user/core/ldap/ActiveDirectoryUserStoreManager.class */
public class ActiveDirectoryUserStoreManager extends ReadWriteLDAPUserStoreManager {
    private static Log logger = LogFactory.getLog(ActiveDirectoryUserStoreManager.class);
    private boolean isADLDSRole;
    private boolean isSSLConnection;
    private String userAccountControl;

    public ActiveDirectoryUserStoreManager(RealmConfiguration realmConfiguration, Map<String, Object> map, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager, UserRealm userRealm, Integer num) throws UserStoreException {
        super(realmConfiguration, map, claimManager, profileConfigurationManager, userRealm, num);
        this.isADLDSRole = false;
        this.isSSLConnection = false;
        this.userAccountControl = "512";
        checkRequiredUserStoreConfigurations();
    }

    public ActiveDirectoryUserStoreManager(RealmConfiguration realmConfiguration, ClaimManager claimManager, ProfileConfigurationManager profileConfigurationManager) throws UserStoreException {
        super(realmConfiguration, claimManager, profileConfigurationManager);
        this.isADLDSRole = false;
        this.isSSLConnection = false;
        this.userAccountControl = "512";
        checkRequiredUserStoreConfigurations();
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2) throws UserStoreException {
        addUser(str, obj, strArr, map, str2, false);
    }

    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.common.AbstractUserStoreManager
    public void doAddUser(String str, Object obj, String[] strArr, Map<String, String> map, String str2, boolean z) throws UserStoreException {
        boolean z2 = false;
        doAddUserValidityChecks(str, obj);
        DirContext searchBaseDirectoryContext = getSearchBaseDirectoryContext();
        BasicAttributes addUserBasicAttributes = getAddUserBasicAttributes(str);
        if (!this.isADLDSRole) {
            BasicAttribute basicAttribute = new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL);
            basicAttribute.add(LDAPConstants.ACTIVE_DIRECTORY_DISABLED_NORMAL_ACCOUNT);
            addUserBasicAttributes.put(basicAttribute);
        }
        setUserClaims(map, addUserBasicAttributes);
        Name name = null;
        try {
            try {
                name = searchBaseDirectoryContext.getNameParser("").parse(this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE) + "=" + str);
                searchBaseDirectoryContext.bind(name, (Object) null, addUserBasicAttributes);
                z2 = true;
                updateUserRoles(str, strArr);
                if (!this.isSSLConnection) {
                    logger.warn("Unsecured connection is being used. Enabling user account operation will fail");
                }
                ModificationItem[] modificationItemArr = new ModificationItem[2];
                modificationItemArr[0] = new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword((String) obj)));
                if (this.isADLDSRole) {
                    modificationItemArr[1] = new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_MSDS_USER_ACCOUNT_DISSABLED, "FALSE"));
                } else {
                    modificationItemArr[1] = new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL, this.userAccountControl));
                }
                searchBaseDirectoryContext.modifyAttributes(name, modificationItemArr);
                JNDIUtil.closeContext(searchBaseDirectoryContext);
            } catch (NamingException e) {
                String str3 = "Error while adding the user to the Active Directory";
                if (z2) {
                    try {
                        searchBaseDirectoryContext.unbind(name);
                        str3 = "Error while enabling the user account. Please check password policy at DC";
                    } catch (NamingException e2) {
                        logger.error("Error while accessing the Active Directory", e);
                        throw new UserStoreException("Error while accessing the Active Directory", e);
                    }
                }
                logger.error(str3, e);
                throw new UserStoreException(str3, e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeContext(searchBaseDirectoryContext);
            throw th;
        }
    }

    protected void setUserClaims(Map<String, String> map, BasicAttributes basicAttributes) throws UserStoreException {
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (!"".equals(entry.getValue())) {
                    String key = entry.getKey();
                    try {
                        ClaimMapping claimMapping = (ClaimMapping) this.claimManager.getClaimMapping(key);
                        if (!key.equals(UserCoreConstants.PROFILE_CONFIGURATION)) {
                            BasicAttribute basicAttribute = new BasicAttribute(claimMapping != null ? claimMapping.getMappedAttribute() : key);
                            basicAttribute.add(map.get(entry.getKey()));
                            basicAttributes.put(basicAttribute);
                        }
                    } catch (org.wso2.carbon.user.api.UserStoreException e) {
                        logger.error("Error in obtaining claim mapping.", e);
                        throw new UserStoreException("Error in obtaining claim mapping.", e);
                    }
                }
            }
        }
    }

    @Override // org.wso2.carbon.user.core.common.AbstractUserStoreManager, org.wso2.carbon.user.core.UserStoreManager, org.wso2.carbon.user.api.UserStoreManager
    public void updateCredential(String str, Object obj, Object obj2) throws UserStoreException {
        doUpdateCredentialsValidityChecks(str, obj);
        DirContext context = this.connectionSource.getContext();
        String userStoreProperty = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_SEARCH_BASE);
        String userStoreProperty2 = this.realmConfig.getUserStoreProperty(LDAPConstants.USER_NAME_ATTRIBUTE);
        DirContext dirContext = null;
        try {
            try {
                dirContext = (DirContext) context.lookup(userStoreProperty);
                dirContext.modifyAttributes(userStoreProperty2 + "=" + str, (obj2 == null || obj == null) ? new ModificationItem[]{new ModificationItem(2, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword((String) obj)))} : new ModificationItem[]{new ModificationItem(3, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword((String) obj2))), new ModificationItem(1, new BasicAttribute(LDAPConstants.ACTIVE_DIRECTORY_UNICODE_PASSWORD_ATTRIBUTE, createUnicodePassword((String) obj)))});
                JNDIUtil.closeContext(dirContext);
                JNDIUtil.closeContext(context);
            } catch (NamingException e) {
                logger.error("Can not access the directory service", e);
                throw new UserStoreException("Can not access the directory service", e);
            }
        } catch (Throwable th) {
            JNDIUtil.closeContext(dirContext);
            JNDIUtil.closeContext(context);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
    public void doUpdateCredentialsValidityChecks(String str, Object obj) throws UserStoreException {
        super.doUpdateCredentialsValidityChecks(str, obj);
        if (this.isSSLConnection) {
            return;
        }
        logger.warn("Unsecured connection is being used. Password operations will fail");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
    public void checkRequiredUserStoreConfigurations() throws UserStoreException {
        super.checkRequiredUserStoreConfigurations();
        this.isADLDSRole = Boolean.parseBoolean(this.realmConfig.getUserStoreProperty(LDAPConstants.ACTIVE_DIRECTORY_LDS_ROLE));
        if (!this.isADLDSRole) {
            this.userAccountControl = this.realmConfig.getUserStoreProperty(LDAPConstants.ACTIVE_DIRECTORY_USER_ACCOUNT_CONTROL);
            try {
                Integer.parseInt(this.userAccountControl);
            } catch (NumberFormatException e) {
                this.userAccountControl = "512";
            }
        }
        if (this.realmConfig.getUserStoreProperty(LDAPConstants.CONNECTION_URL).split(":")[0].equals("ldaps")) {
            this.isSSLConnection = true;
        } else {
            logger.warn("Connection to the Active Directory is not secure. Passowrd involved operations such as update credentials and adduser operations will fail");
        }
    }

    private byte[] createUnicodePassword(String str) {
        byte[] bArr = null;
        try {
            bArr = ("\"" + str + "\"").getBytes(CharsetNames.CS_UTF16LE);
        } catch (UnsupportedEncodingException e) {
            logger.error("Error while encoding the given password", e);
        }
        return bArr;
    }
}
