package com.liferay.portal.security.ldap.internal.exportimport;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Contact;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.model.UserGroup;
import com.liferay.portal.kernel.security.ldap.LDAPSettings;
import com.liferay.portal.kernel.service.UserGroupLocalService;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.security.exportimport.UserExporter;
import com.liferay.portal.security.exportimport.UserOperation;
import com.liferay.portal.security.ldap.PortalLDAP;
import com.liferay.portal.security.ldap.authenticator.configuration.LDAPAuthConfiguration;
import com.liferay.portal.security.ldap.configuration.ConfigurationProvider;
import com.liferay.portal.security.ldap.exportimport.Modifications;
import com.liferay.portal.security.ldap.exportimport.PortalToLDAPConverter;
import com.liferay.portal.security.ldap.internal.PortalLDAPContext;
import com.liferay.portal.security.ldap.util.LDAPUtil;
import java.io.Serializable;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import javax.naming.Binding;
import javax.naming.CompositeName;
import javax.naming.NameNotFoundException;
import javax.naming.directory.Attribute;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SchemaViolationException;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang.time.StopWatch;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(immediate = true, service = {UserExporter.class})
/* loaded from: input_file:com/liferay/portal/security/ldap/internal/exportimport/LDAPUserExporterImpl.class */
public class LDAPUserExporterImpl implements UserExporter {
    private static final Log _log = LogFactoryUtil.getLog(LDAPUserExporterImpl.class);

    @Reference
    private ConfigurationAdmin _configurationAdmin;
    private ConfigurationProvider<LDAPAuthConfiguration> _ldapAuthConfigurationProvider;
    private LDAPSettings _ldapSettings;

    @Reference(policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    private volatile PortalLDAP _portalLDAP;

    @Reference(policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    private volatile PortalToLDAPConverter _portalToLDAPConverter;
    private UserGroupLocalService _userGroupLocalService;
    private UserLocalService _userLocalService;

    public void exportUser(Contact contact, Map<String, Serializable> map) throws Exception {
        long companyId = contact.getCompanyId();
        StopWatch stopWatch = new StopWatch();
        if (_log.isDebugEnabled()) {
            stopWatch.start();
            _log.debug("Exporting contact " + contact);
        }
        if (this._ldapSettings.isExportEnabled(companyId)) {
            User userByContactId = this._userLocalService.getUserByContactId(contact.getContactId());
            if (userByContactId.isDefaultUser()) {
                return;
            }
            if ((userByContactId.getStatus() == 0 || userByContactId.getStatus() == 5) && !_isAnonymousUser(userByContactId)) {
                long ldapServerId = this._portalLDAP.getLdapServerId(companyId, userByContactId.getScreenName(), userByContactId.getEmailAddress());
                LdapContext context = this._portalLDAP.getContext(ldapServerId, companyId);
                if (context == null) {
                    if (context != null) {
                        context.close();
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug(StringBundler.concat(new Object[]{"Finished exporting contact ", contact, " in ", Long.valueOf(stopWatch.getTime()), "ms"}));
                        return;
                    }
                    return;
                }
                try {
                    Properties contactMappings = this._ldapSettings.getContactMappings(ldapServerId, companyId);
                    Properties contactExpandoMappings = this._ldapSettings.getContactExpandoMappings(ldapServerId, companyId);
                    Binding user = this._portalLDAP.getUser(ldapServerId, contact.getCompanyId(), userByContactId.getScreenName(), userByContactId.getEmailAddress());
                    if (user == null) {
                        user = addUser(ldapServerId, context, userByContactId, this._ldapSettings.getUserMappings(ldapServerId, companyId));
                    }
                    CompositeName compositeName = new CompositeName();
                    compositeName.add(user.getNameInNamespace());
                    Modifications lDAPContactModifications = this._portalToLDAPConverter.getLDAPContactModifications(contact, map, contactMappings, contactExpandoMappings);
                    if (lDAPContactModifications == null) {
                        if (context != null) {
                            context.close();
                        }
                        if (_log.isDebugEnabled()) {
                            _log.debug(StringBundler.concat(new Object[]{"Finished exporting contact ", contact, " in ", Long.valueOf(stopWatch.getTime()), "ms"}));
                            return;
                        }
                        return;
                    }
                    context.modifyAttributes(compositeName, lDAPContactModifications.getItems());
                    if (context != null) {
                        context.close();
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug(StringBundler.concat(new Object[]{"Finished exporting contact ", contact, " in ", Long.valueOf(stopWatch.getTime()), "ms"}));
                    }
                } catch (Throwable th) {
                    if (context != null) {
                        context.close();
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug(StringBundler.concat(new Object[]{"Finished exporting contact ", contact, " in ", Long.valueOf(stopWatch.getTime()), "ms"}));
                    }
                    throw th;
                }
            }
        }
    }

    public void exportUser(long j, long j2, UserOperation userOperation) throws Exception {
        long ldapServerId;
        LdapContext context;
        User user = this._userLocalService.getUser(j);
        long companyId = user.getCompanyId();
        StopWatch stopWatch = new StopWatch();
        if (_log.isDebugEnabled()) {
            stopWatch.start();
            _log.debug(StringBundler.concat(new Object[]{"Exporting user ", user, " in user group ", Long.valueOf(j2)}));
        }
        if (this._ldapSettings.isExportEnabled(companyId) && this._ldapSettings.isExportGroupEnabled(companyId) && (context = this._portalLDAP.getContext((ldapServerId = this._portalLDAP.getLdapServerId(companyId, user.getScreenName(), user.getEmailAddress())), companyId)) != null) {
            UserGroup userGroup = this._userGroupLocalService.getUserGroup(j2);
            Properties groupMappings = this._ldapSettings.getGroupMappings(ldapServerId, companyId);
            Properties userMappings = this._ldapSettings.getUserMappings(ldapServerId, companyId);
            Binding group = this._portalLDAP.getGroup(ldapServerId, companyId, userGroup.getName());
            if (group == null) {
                if (userOperation == UserOperation.ADD) {
                    addGroup(ldapServerId, context, userGroup, user, groupMappings, userMappings);
                    return;
                } else {
                    if (_log.isWarnEnabled()) {
                        _log.warn("Unable to get or add LDAP bindings for user group " + userGroup.getName());
                        return;
                    }
                    return;
                }
            }
            CompositeName compositeName = new CompositeName();
            compositeName.add(group.getNameInNamespace());
            try {
                try {
                    context.modifyAttributes(compositeName, this._portalToLDAPConverter.getLDAPGroupModifications(ldapServerId, userGroup, user, groupMappings, userMappings, userOperation).getItems());
                    if (context != null) {
                        context.close();
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug(StringBundler.concat(new Object[]{"Finished exporting user ", user, " in user group ", Long.valueOf(j2), " in ", Long.valueOf(stopWatch.getTime()), "ms"}));
                    }
                } catch (SchemaViolationException e) {
                    if (_log.isInfoEnabled()) {
                        _log.info("Unable to update LDAP bindings for user group " + userGroup.getName(), e);
                    }
                    Attribute attribute = this._portalLDAP.getGroupAttributes(ldapServerId, companyId, context, group.getNameInNamespace(), true).get(groupMappings.getProperty("user"));
                    if (attribute != null && attribute.size() == 1) {
                        context.unbind(compositeName);
                    }
                    if (context != null) {
                        context.close();
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug(StringBundler.concat(new Object[]{"Finished exporting user ", user, " in user group ", Long.valueOf(j2), " in ", Long.valueOf(stopWatch.getTime()), "ms"}));
                    }
                }
            } catch (Throwable th) {
                if (context != null) {
                    context.close();
                }
                if (_log.isDebugEnabled()) {
                    _log.debug(StringBundler.concat(new Object[]{"Finished exporting user ", user, " in user group ", Long.valueOf(j2), " in ", Long.valueOf(stopWatch.getTime()), "ms"}));
                }
                throw th;
            }
        }
    }

    public void exportUser(User user, Map<String, Serializable> map) throws Exception {
        if (user.isDefaultUser()) {
            return;
        }
        if ((user.getStatus() == 0 || user.getStatus() == 5) && !_isAnonymousUser(user)) {
            long companyId = user.getCompanyId();
            if (this._ldapSettings.isExportEnabled(companyId)) {
                long ldapServerId = this._portalLDAP.getLdapServerId(companyId, user.getScreenName(), user.getEmailAddress());
                LdapContext context = this._portalLDAP.getContext(ldapServerId, companyId);
                try {
                    if (context == null) {
                        if (context != null) {
                            context.close();
                            return;
                        }
                        return;
                    }
                    try {
                        Properties userMappings = this._ldapSettings.getUserMappings(ldapServerId, companyId);
                        Properties userExpandoMappings = this._ldapSettings.getUserExpandoMappings(ldapServerId, companyId);
                        Binding user2 = this._portalLDAP.getUser(ldapServerId, user.getCompanyId(), user.getScreenName(), user.getEmailAddress(), true);
                        if (user2 == null) {
                            user2 = addUser(ldapServerId, context, user, userMappings);
                        } else {
                            Date parseDate = LDAPUtil.parseDate(LDAPUtil.getAttributeString(this._portalLDAP.getUserAttributes(ldapServerId, companyId, context, user2.getNameInNamespace()), "modifyTimestamp"));
                            if (parseDate != null && parseDate.equals(user.getModifiedDate())) {
                                if (_log.isDebugEnabled()) {
                                    _log.debug("Skipping user " + user.getEmailAddress() + " because he is already synchronized");
                                }
                                if (context != null) {
                                    context.close();
                                    return;
                                }
                                return;
                            }
                        }
                        CompositeName compositeName = new CompositeName();
                        compositeName.add(user2.getNameInNamespace());
                        Modifications lDAPUserModifications = this._portalToLDAPConverter.getLDAPUserModifications(user, map, userMappings, userExpandoMappings);
                        if (lDAPUserModifications == null) {
                            if (context != null) {
                                context.close();
                                return;
                            }
                            return;
                        }
                        context.modifyAttributes(compositeName, lDAPUserModifications.getItems());
                        if (!this._ldapSettings.isExportGroupEnabled(companyId)) {
                            if (context != null) {
                                context.close();
                                return;
                            }
                            return;
                        }
                        List userUserGroups = this._userGroupLocalService.getUserUserGroups(user.getUserId());
                        Iterator it = userUserGroups.iterator();
                        while (it.hasNext()) {
                            exportUser(user.getUserId(), ((UserGroup) it.next()).getUserGroupId(), UserOperation.ADD);
                        }
                        ModificationItem[] items = this._portalToLDAPConverter.getLDAPUserGroupModifications(ldapServerId, userUserGroups, user, userMappings).getItems();
                        if (items.length > 0) {
                            context.modifyAttributes(compositeName, items);
                        }
                        if (context != null) {
                            context.close();
                        }
                    } catch (NameNotFoundException e) {
                        if (((LDAPAuthConfiguration) this._ldapAuthConfigurationProvider.getConfiguration(companyId)).required()) {
                            throw e;
                        }
                        _log.error(e, e);
                        if (context != null) {
                            context.close();
                        }
                    }
                } catch (Throwable th) {
                    if (context != null) {
                        context.close();
                    }
                    throw th;
                }
            }
        }
    }

    protected Binding addGroup(long j, LdapContext ldapContext, UserGroup userGroup, User user, Properties properties, Properties properties2) throws Exception {
        CompositeName compositeName = new CompositeName();
        compositeName.add(this._portalToLDAPConverter.getGroupDNName(j, userGroup, properties));
        ldapContext.bind(compositeName, new PortalLDAPContext(this._portalToLDAPConverter.getLDAPGroupAttributes(j, userGroup, user, properties, properties2)));
        return this._portalLDAP.getGroup(j, userGroup.getCompanyId(), userGroup.getName());
    }

    protected Binding addUser(long j, LdapContext ldapContext, User user, Properties properties) throws Exception {
        CompositeName compositeName = new CompositeName();
        compositeName.add(this._portalToLDAPConverter.getUserDNName(j, user, properties));
        ldapContext.bind(compositeName, new PortalLDAPContext(this._portalToLDAPConverter.getLDAPUserAttributes(j, user, properties)));
        return this._portalLDAP.getUser(j, user.getCompanyId(), user.getScreenName(), user.getEmailAddress());
    }

    @Reference(target = "(factoryPid=com.liferay.portal.security.ldap.authenticator.configuration.LDAPAuthConfiguration)", unbind = "-")
    protected void setConfigurationProvider(ConfigurationProvider<LDAPAuthConfiguration> configurationProvider) {
        this._ldapAuthConfigurationProvider = configurationProvider;
    }

    @Reference(unbind = "-")
    protected void setLdapSettings(LDAPSettings lDAPSettings) {
        this._ldapSettings = lDAPSettings;
    }

    @Reference(unbind = "-")
    protected void setUserGroupLocalService(UserGroupLocalService userGroupLocalService) {
        this._userGroupLocalService = userGroupLocalService;
    }

    @Reference(unbind = "-")
    protected void setUserLocalService(UserLocalService userLocalService) {
        this._userLocalService = userLocalService;
    }

    private User _getAnonymousUser(long j) throws Exception {
        Configuration[] listConfigurations = this._configurationAdmin.listConfigurations(String.format("(&(companyId=%s)(service.factoryPid=%s))", Long.valueOf(j), "com.liferay.user.associated.data.web.internal.configuration.AnonymousUserConfiguration"));
        if (listConfigurations == null) {
            return null;
        }
        Optional of = Optional.of(listConfigurations[0]);
        if (of.isPresent()) {
            return this._userLocalService.fetchUser(((Long) ((Configuration) of.get()).getProperties().get("userId")).longValue());
        }
        return null;
    }

    private boolean _isAnonymousUser(User user) {
        try {
            User _getAnonymousUser = _getAnonymousUser(user.getCompanyId());
            if (_getAnonymousUser != null) {
                return user.getUserId() == _getAnonymousUser.getUserId();
            }
            return false;
        } catch (Exception e) {
            if (!_log.isDebugEnabled()) {
                return false;
            }
            _log.debug(e, e);
            return false;
        }
    }
}
