package com.atlassian.crowd.directory;

import com.atlassian.crowd.directory.ldap.LDAPPropertiesMapper;
import com.atlassian.crowd.directory.ldap.LDAPPropertiesMapperImpl;
import com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper;
import com.atlassian.crowd.directory.ldap.mapper.ContextMapperWithRequiredAttributes;
import com.atlassian.crowd.directory.ldap.mapper.GroupContextMapper;
import com.atlassian.crowd.directory.ldap.mapper.UserContextMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.AttributeMapper;
import com.atlassian.crowd.directory.ldap.mapper.entity.LDAPGroupAttributesMapper;
import com.atlassian.crowd.directory.ldap.mapper.entity.LDAPUserAttributesMapper;
import com.atlassian.crowd.directory.ldap.name.Converter;
import com.atlassian.crowd.directory.ldap.name.GenericConverter;
import com.atlassian.crowd.directory.ldap.name.SearchDN;
import com.atlassian.crowd.directory.ldap.util.DNStandardiser;
import com.atlassian.crowd.directory.ldap.util.DirectoryAttributeRetriever;
import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.InvalidGroupException;
import com.atlassian.crowd.exception.InvalidUserException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.OperationNotSupportedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.LDAPDirectoryEntity;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplate;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.model.user.UserTemplate;
import com.atlassian.crowd.search.Entity;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.ldap.LDAPQueryTranslater;
import com.atlassian.crowd.search.ldap.NullResultException;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.entity.GroupQuery;
import com.atlassian.crowd.search.query.entity.restriction.constants.GroupTermKeys;
import com.atlassian.crowd.search.query.entity.restriction.constants.UserTermKeys;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.search.util.SearchResultsUtil;
import com.atlassian.crowd.util.InstanceFactory;
import com.atlassian.crowd.util.UserUtils;
import com.atlassian.event.api.EventPublisher;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Objects;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.LdapName;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.control.PagedResultsDirContextProcessor;
import org.springframework.ldap.core.CollectingNameClassPairCallbackHandler;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.ContextMapperCallbackHandler;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextProcessor;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.core.NameClassPairCallbackHandler;
import org.springframework.ldap.core.support.AggregateDirContextProcessor;
import org.springframework.ldap.core.support.LdapContextSource;
import org.springframework.ldap.transaction.compensating.manager.ContextSourceTransactionManager;
import org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy;
import org.springframework.transaction.TransactionException;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.DefaultTransactionDefinition;

/* loaded from: input_file:com/atlassian/crowd/directory/SpringLDAPConnector.class */
public abstract class SpringLDAPConnector implements LDAPDirectory {
    public static final int DEFAULT_PAGE_SIZE = 999;
    private volatile long directoryId;
    protected volatile AttributeValuesHolder attributes;
    protected volatile LdapTemplateWithClassLoaderWrapper ldapTemplate;
    protected volatile ContextSource contextSource;
    protected volatile Converter nameConverter;
    protected volatile SearchDN searchDN;
    protected volatile LDAPPropertiesMapper ldapPropertiesMapper;
    protected volatile ContextSourceTransactionManager contextSourceTransactionManager;
    protected final LDAPQueryTranslater ldapQueryTranslater;
    protected final EventPublisher eventPublisher;
    private final InstanceFactory instanceFactory;
    private static final Logger logger = LoggerFactory.getLogger(SpringLDAPConnector.class);
    private static final DirContextProcessor DO_NOTHING_DIR_CONTEXT_PROCESSOR = new DirContextProcessor() { // from class: com.atlassian.crowd.directory.SpringLDAPConnector.1
        public void preProcess(DirContext dirContext) throws NamingException {
        }

        public void postProcess(DirContext dirContext) throws NamingException {
        }
    };

    public SpringLDAPConnector(LDAPQueryTranslater lDAPQueryTranslater, EventPublisher eventPublisher, InstanceFactory instanceFactory) {
        this.ldapQueryTranslater = lDAPQueryTranslater;
        this.eventPublisher = eventPublisher;
        this.instanceFactory = instanceFactory;
    }

    public long getDirectoryId() {
        return this.directoryId;
    }

    public void setDirectoryId(long j) {
        this.directoryId = j;
    }

    public void setAttributes(Map<String, String> map) {
        this.attributes = new AttributeValuesHolder(map);
        this.ldapPropertiesMapper = (LDAPPropertiesMapper) this.instanceFactory.getInstance(LDAPPropertiesMapperImpl.class);
        this.ldapPropertiesMapper.setAttributes(map);
        this.contextSource = createContextSource(this.ldapPropertiesMapper, getBaseEnvironmentProperties());
        this.contextSourceTransactionManager = new ContextSourceTransactionManager();
        this.contextSourceTransactionManager.setContextSource(this.contextSource);
        this.ldapTemplate = new LdapTemplateWithClassLoaderWrapper(new LdapTemplate(this.contextSource));
        if (!this.ldapPropertiesMapper.isReferral()) {
            this.ldapTemplate.setIgnorePartialResultException(true);
        }
        this.nameConverter = new GenericConverter();
        this.searchDN = new SearchDN(this.ldapPropertiesMapper, this.nameConverter);
    }

    private static ContextSource createContextSource(LDAPPropertiesMapper lDAPPropertiesMapper, Map<String, String> map) {
        LdapContextSource ldapContextSource = new LdapContextSource();
        ldapContextSource.setUrl(lDAPPropertiesMapper.getConnectionURL());
        ldapContextSource.setUserDn(lDAPPropertiesMapper.getUsername());
        ldapContextSource.setPassword(lDAPPropertiesMapper.getPassword());
        ldapContextSource.setBaseEnvironmentProperties(map);
        ldapContextSource.setPooled(true);
        try {
            ldapContextSource.afterPropertiesSet();
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return new TransactionAwareContextSourceProxy(ldapContextSource);
    }

    public ContextSource getContextSource() {
        return this.contextSource;
    }

    public LDAPPropertiesMapper getLdapPropertiesMapper() {
        return this.ldapPropertiesMapper;
    }

    public Set<String> getValues(String str) {
        return this.attributes.getValues(str);
    }

    public String getValue(String str) {
        return this.attributes.getValue(str);
    }

    public boolean isEmpty() {
        return this.attributes.isEmpty();
    }

    public long getAttributeAsLong(String str, long j) {
        return this.attributes.getAttributeAsLong(str, j);
    }

    public boolean getAttributeAsBoolean(String str, boolean z) {
        return this.attributes.getAttributeAsBoolean(str, z);
    }

    public Set<String> getKeys() {
        return this.attributes.getKeys();
    }

    public SearchDN getSearchDN() {
        return this.searchDN;
    }

    private final SearchControls getSubTreeSearchControls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningObjFlag(true);
        return searchControls;
    }

    private final SearchControls getSubTreeSearchControls(String[] strArr) {
        SearchControls subTreeSearchControls = getSubTreeSearchControls();
        if (strArr != null) {
            subTreeSearchControls.setReturningAttributes(strArr);
        }
        return subTreeSearchControls;
    }

    static final SearchControls copyOf(SearchControls searchControls) {
        return new SearchControls(searchControls.getSearchScope(), searchControls.getCountLimit(), searchControls.getTimeLimit(), searchControls.getReturningAttributes(), searchControls.getReturningObjFlag(), searchControls.getDerefLinkFlag());
    }

    private static final String[] toArray(Collection<String> collection) {
        if (collection != null) {
            return (String[]) collection.toArray(new String[collection.size()]);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SearchControls getSubTreeSearchControls(ContextMapperWithRequiredAttributes<?> contextMapperWithRequiredAttributes) {
        return getSubTreeSearchControls(toArray(contextMapperWithRequiredAttributes.getRequiredLdapAttributes()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getBaseEnvironmentProperties() {
        return this.ldapPropertiesMapper.getEnvironment();
    }

    protected CollectingNameClassPairCallbackHandler pageSearchResults(Name name, String str, ContextMapper contextMapper, SearchControls searchControls, DirContextProcessor dirContextProcessor, int i) throws OperationFailedException {
        try {
            TransactionStatus transaction = this.contextSourceTransactionManager.getTransaction(new DefaultTransactionDefinition(0));
            try {
                int pagedResultsSize = this.ldapPropertiesMapper.getPagedResultsSize();
                PagedResultsDirContextProcessor pagedResultsDirContextProcessor = new PagedResultsDirContextProcessor(pagedResultsSize);
                if (logger.isDebugEnabled()) {
                    logger.debug("Paged results are enabled with a paging size of: " + pagedResultsSize);
                }
                NameClassPairCallbackHandler contextMapperCallbackHandler = new ContextMapperCallbackHandler(contextMapper);
                byte[] bArr = null;
                while (true) {
                    DirContextProcessor aggregateDirContextProcessor = new AggregateDirContextProcessor();
                    aggregateDirContextProcessor.addDirContextProcessor(pagedResultsDirContextProcessor);
                    if (dirContextProcessor != null) {
                        aggregateDirContextProcessor.addDirContextProcessor(dirContextProcessor);
                    }
                    this.ldapTemplate.search(name, str, searchControls, contextMapperCallbackHandler, aggregateDirContextProcessor);
                    if (logger.isDebugEnabled()) {
                        logger.debug("Iterating a search result size of: " + pagedResultsDirContextProcessor.getPageSize());
                    }
                    pagedResultsDirContextProcessor = new PagedResultsDirContextProcessor(pagedResultsSize, pagedResultsDirContextProcessor.getCookie());
                    if (pagedResultsDirContextProcessor.getCookie() != null) {
                        bArr = pagedResultsDirContextProcessor.getCookie().getCookie();
                    }
                    if (bArr == null || bArr.length == 0 || (contextMapperCallbackHandler.getList().size() >= i && i != -1)) {
                        break;
                    }
                }
                return contextMapperCallbackHandler;
            } finally {
                this.contextSourceTransactionManager.commit(transaction);
            }
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        } catch (TransactionException e2) {
            throw new OperationFailedException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> List<T> searchEntities(Name name, String str, ContextMapperWithRequiredAttributes<T> contextMapperWithRequiredAttributes, int i, int i2) throws OperationFailedException {
        return searchEntitiesWithRequestControls(name, str, contextMapperWithRequiredAttributes, getSubTreeSearchControls((ContextMapperWithRequiredAttributes<?>) contextMapperWithRequiredAttributes), null, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> List<T> searchEntitiesWithRequestControls(Name name, String str, ContextMapperWithRequiredAttributes<T> contextMapperWithRequiredAttributes, SearchControls searchControls, DirContextProcessor dirContextProcessor, int i, int i2) throws OperationFailedException {
        List search;
        SearchControls copyOf = copyOf(searchControls);
        copyOf.setTimeLimit(this.ldapPropertiesMapper.getSearchTimeLimit());
        if (this.ldapPropertiesMapper.isPagedResultsControl()) {
            search = pageSearchResults(name, str, contextMapperWithRequiredAttributes, copyOf, dirContextProcessor, i + i2).getList();
        } else {
            try {
                DirContextProcessor dirContextProcessor2 = (DirContextProcessor) Objects.firstNonNull(dirContextProcessor, DO_NOTHING_DIR_CONTEXT_PROCESSOR);
                if (i2 != -1) {
                    int i3 = i + i2;
                    if (copyOf.getCountLimit() == 0) {
                        copyOf.setCountLimit(i3);
                    }
                    search = this.ldapTemplate.searchWithLimitedResults(name, str, copyOf, contextMapperWithRequiredAttributes, dirContextProcessor2, i3);
                } else {
                    search = this.ldapTemplate.search(name, str, copyOf, contextMapperWithRequiredAttributes, dirContextProcessor2);
                }
            } catch (NamingException e) {
                throw new OperationFailedException(e);
            }
        }
        if (contextMapperWithRequiredAttributes instanceof GroupContextMapper) {
            search = postprocessGroups(search);
        }
        return SearchResultsUtil.constrainResults(search, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static ModificationItem createModificationItem(String str, String str2, String str3) {
        if (str2 == null && str3 == null) {
            return null;
        }
        if (str2 == null) {
            return new ModificationItem(1, new BasicAttribute(str, DirectoryAttributeRetriever.toSaveableLDAPValue(str3)));
        }
        if (str2.equals(str3)) {
            return null;
        }
        return new ModificationItem(2, new BasicAttribute(str, DirectoryAttributeRetriever.toSaveableLDAPValue(str3)));
    }

    public ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper() {
        return new UserContextMapper(getDirectoryId(), this.ldapPropertiesMapper, getCustomUserAttributeMappers());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<AttributeMapper> getCustomUserAttributeMappers() {
        return Collections.emptyList();
    }

    public ContextMapperWithRequiredAttributes<LDAPGroupWithAttributes> getGroupContextMapper(GroupType groupType) {
        Validate.notNull(groupType, "group type cannot be null", new Object[0]);
        return new GroupContextMapper(getDirectoryId(), groupType, this.ldapPropertiesMapper, getCustomGroupAttributeMappers());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<AttributeMapper> getCustomGroupAttributeMappers() {
        return Collections.emptyList();
    }

    /* renamed from: findUserByName, reason: merged with bridge method [inline-methods] */
    public LDAPUserWithAttributes m12findUserByName(String str) throws UserNotFoundException, OperationFailedException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        return m11findUserWithAttributesByName(str);
    }

    /* renamed from: findUserWithAttributesByName, reason: merged with bridge method [inline-methods] */
    public LDAPUserWithAttributes m11findUserWithAttributesByName(String str) throws UserNotFoundException, OperationFailedException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        List<LDAPUserWithAttributes> searchUserObjects = searchUserObjects(QueryBuilder.queryFor(User.class, EntityDescriptor.user()).with(Restriction.on(UserTermKeys.USERNAME).exactlyMatching(str)).returningAtMost(1));
        if (searchUserObjects.isEmpty()) {
            throw new UserNotFoundException(str);
        }
        return searchUserObjects.get(0);
    }

    public User findUserByExternalId(String str) throws UserNotFoundException, OperationFailedException {
        Validate.notNull(str, "externalId argument cannot be null", new Object[0]);
        List<LDAPUserWithAttributes> searchUserObjects = searchUserObjects(QueryBuilder.queryFor(User.class, EntityDescriptor.user()).with(Restriction.on(UserTermKeys.EXTERNAL_ID).exactlyMatching(str)).returningAtMost(1));
        if (searchUserObjects.isEmpty()) {
            UserNotFoundException.throwNotFoundByExternalId(str);
        }
        return searchUserObjects.get(0);
    }

    protected List<LDAPUserWithAttributes> searchUserObjects(EntityQuery<?> entityQuery) throws OperationFailedException, IllegalArgumentException {
        List<LDAPUserWithAttributes> emptyList;
        if (entityQuery == null) {
            throw new IllegalArgumentException("user search can only evaluate non-null EntityQueries for Entity.USER");
        }
        if (entityQuery.getEntityDescriptor().getEntityType() != Entity.USER) {
            throw new IllegalArgumentException("user search can only evaluate EntityQueries for Entity.USER");
        }
        LdapName user = this.searchDN.getUser();
        try {
            String encode = this.ldapQueryTranslater.asLDAPFilter(entityQuery, this.ldapPropertiesMapper).encode();
            logger.debug("Performing user search: baseDN = " + user + " - filter = " + encode);
            emptyList = searchEntities(user, encode, getUserContextMapper(), entityQuery.getStartIndex(), entityQuery.getMaxResults());
        } catch (NullResultException e) {
            emptyList = Collections.emptyList();
        }
        return emptyList;
    }

    public void removeUser(String str) throws UserNotFoundException, OperationFailedException {
        Validate.notEmpty(str, "name argument cannot be null or empty", new Object[0]);
        try {
            this.ldapTemplate.unbind(asLdapUserName(m12findUserByName(str).getDn(), str));
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        }
    }

    public void updateUserCredential(String str, PasswordCredential passwordCredential) throws InvalidCredentialException, UserNotFoundException, OperationFailedException {
        Validate.notEmpty(str, "name argument cannot be null or empty", new Object[0]);
        Validate.notNull(passwordCredential, "credential argument cannot be null", new Object[0]);
        if (passwordCredential.getCredential() == null) {
            throw new InvalidCredentialException("Credential's value must not be null");
        }
        try {
            this.ldapTemplate.modifyAttributes(asLdapUserName(m12findUserByName(str).getDn(), str), new ModificationItem[]{new ModificationItem(2, new BasicAttribute(this.ldapPropertiesMapper.getUserPasswordAttribute(), encodePassword(passwordCredential)))});
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        }
    }

    public User renameUser(String str, String str2) throws UserNotFoundException, InvalidUserException, OperationFailedException {
        throw new OperationNotSupportedException("User renaming is not supported for LDAP directories.");
    }

    public void storeUserAttributes(String str, Map<String, Set<String>> map) throws UserNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException("Custom user attributes are not yet supported for LDAP directories");
    }

    public void removeUserAttributes(String str, String str2) throws UserNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException("Custom user attributes are not yet supported for LDAP directories");
    }

    protected Attributes getNewUserAttributes(User user, PasswordCredential passwordCredential) throws InvalidCredentialException, NamingException {
        Attributes mapAttributesFromUser = new LDAPUserAttributesMapper(getDirectoryId(), this.ldapPropertiesMapper).mapAttributesFromUser(user);
        if (passwordCredential != null && passwordCredential.getCredential() != null) {
            mapAttributesFromUser.put(this.ldapPropertiesMapper.getUserPasswordAttribute(), encodePassword(passwordCredential));
        }
        getNewUserDirectorySpecificAttributes(user, mapAttributesFromUser);
        return mapAttributesFromUser;
    }

    protected void getNewUserDirectorySpecificAttributes(User user, Attributes attributes) {
    }

    @Override // 
    /* renamed from: addUser */
    public LDAPUserWithAttributes mo7addUser(UserTemplate userTemplate, PasswordCredential passwordCredential) throws InvalidUserException, InvalidCredentialException, OperationFailedException {
        Validate.notNull(userTemplate, "user cannot be null", new Object[0]);
        Validate.notNull(userTemplate.getName(), "user.name cannot be null", new Object[0]);
        try {
            Name name = this.nameConverter.getName(this.ldapPropertiesMapper.getUserNameRdnAttribute(), userTemplate.getName(), this.searchDN.getUser());
            this.ldapTemplate.bind(name, null, getNewUserAttributes(userTemplate, passwordCredential));
            return (LDAPUserWithAttributes) findEntityByDN(getStandardisedDN(name), LDAPUserWithAttributes.class);
        } catch (NamingException e) {
            throw new InvalidUserException(userTemplate, e.getMessage(), e);
        } catch (InvalidNameException e2) {
            throw new InvalidUserException(userTemplate, e2.getMessage(), e2);
        } catch (GroupNotFoundException e3) {
            throw new AssertionError("Should not throw a GroupNotFoundException");
        } catch (UserNotFoundException e4) {
            throw new OperationFailedException(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDefaultSnToUserAttributes(Attributes attributes, String str) {
        addDefaultValueToUserAttributesForAttribute(this.ldapPropertiesMapper.getUserLastNameAttribute(), attributes, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDefaultValueToUserAttributesForAttribute(String str, Attributes attributes, String str2) {
        if (attributes != null && attributes.get(str) == null) {
            attributes.put(new BasicAttribute(str, str2));
        }
    }

    @Override // com.atlassian.crowd.directory.LDAPDirectory
    public <T extends LDAPDirectoryEntity> T findEntityByDN(String str, Class<T> cls) throws UserNotFoundException, GroupNotFoundException, OperationFailedException {
        String standardiseDN = standardiseDN(str);
        if (User.class.isAssignableFrom(cls)) {
            return (T) findEntityByDN(standardiseDN, getStandardisedDN(this.searchDN.getUser()), this.ldapPropertiesMapper.getUserFilter(), getUserContextMapper(), cls);
        }
        if (Group.class.isAssignableFrom(cls)) {
            return postprocessGroups(Collections.singletonList((LDAPGroupWithAttributes) findEntityByDN(standardiseDN, getStandardisedDN(this.searchDN.getGroup()), this.ldapPropertiesMapper.getGroupFilter(), getGroupContextMapper(GroupType.GROUP), cls))).get(0);
        }
        throw new IllegalArgumentException("Class " + cls.getCanonicalName() + " is not assignable from " + User.class.getCanonicalName() + " or " + Group.class.getCanonicalName());
    }

    protected <T extends LDAPDirectoryEntity> RuntimeException typedEntityNotFoundException(String str, Class<T> cls) throws UserNotFoundException, GroupNotFoundException {
        if (User.class.isAssignableFrom(cls)) {
            throw new UserNotFoundException(str);
        }
        if (Group.class.isAssignableFrom(cls)) {
            throw new GroupNotFoundException(str);
        }
        throw new IllegalArgumentException("Class " + cls.getCanonicalName() + " is not assignable from " + User.class.getCanonicalName() + " or " + Group.class.getCanonicalName());
    }

    protected <T extends LDAPDirectoryEntity> T findEntityByDN(String str, String str2, String str3, ContextMapper contextMapper, Class<T> cls) throws UserNotFoundException, GroupNotFoundException, OperationFailedException {
        if (StringUtils.isBlank(str)) {
            throw typedEntityNotFoundException("Blank DN", cls);
        }
        if (!str.endsWith(str2)) {
            if (logger.isDebugEnabled()) {
                logger.debug("Entity DN <" + str + "> is outside the entity base DN subtree scope <" + str2 + ">");
            }
            throw typedEntityNotFoundException("DN: " + str, cls);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Executing search at DN: <" + str + "> with filter: <" + str3 + ">");
        }
        List list = null;
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(0);
            searchControls.setTimeLimit(this.ldapPropertiesMapper.getSearchTimeLimit());
            searchControls.setReturningObjFlag(true);
            list = this.ldapTemplate.search(asLdapName(str, "DN: " + str, cls), str3, searchControls, contextMapper);
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        } catch (NameNotFoundException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("Search failed", e2);
            }
        }
        if (list != null && !list.isEmpty()) {
            return (T) list.get(0);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Entity DN <" + str + "> does not exist or does not match filter <" + str3 + ">");
        }
        throw typedEntityNotFoundException("DN: " + str, cls);
    }

    public User updateUser(UserTemplate userTemplate) throws UserNotFoundException, OperationFailedException {
        Validate.notNull(userTemplate, "user cannot be null", new Object[0]);
        Validate.isTrue(StringUtils.isNotBlank(userTemplate.getName()), "user cannot have blank user name", new Object[0]);
        User populateNames = UserUtils.populateNames(userTemplate);
        LDAPUserWithAttributes m12findUserByName = m12findUserByName(userTemplate.getName());
        String userObjectClass = this.ldapPropertiesMapper.getUserObjectClass();
        if ("inetOrgPerson".equalsIgnoreCase(userObjectClass) || "user".equalsIgnoreCase(userObjectClass)) {
            List<ModificationItem> userModificationItems = getUserModificationItems(populateNames, m12findUserByName);
            if (!userModificationItems.isEmpty()) {
                try {
                    this.ldapTemplate.modifyAttributes(asLdapUserName(m12findUserByName.getDn(), userTemplate.getName()), (ModificationItem[]) userModificationItems.toArray(new ModificationItem[userModificationItems.size()]));
                } catch (NamingException e) {
                    throw new OperationFailedException(e);
                }
            }
        }
        try {
            return findEntityByDN(m12findUserByName.getDn(), LDAPUserWithAttributes.class);
        } catch (GroupNotFoundException e2) {
            throw new AssertionError("Should not throw a GroupNotFoundException");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<ModificationItem> getUserModificationItems(User user, LDAPUserWithAttributes lDAPUserWithAttributes) {
        ArrayList arrayList = new ArrayList();
        ModificationItem createModificationItem = createModificationItem(this.ldapPropertiesMapper.getUserLastNameAttribute(), lDAPUserWithAttributes.getLastName(), user.getLastName());
        if (createModificationItem != null) {
            arrayList.add(createModificationItem);
        }
        ModificationItem createModificationItem2 = createModificationItem(this.ldapPropertiesMapper.getUserEmailAttribute(), lDAPUserWithAttributes.getEmailAddress(), user.getEmailAddress());
        if (createModificationItem2 != null) {
            arrayList.add(createModificationItem2);
        }
        ModificationItem createModificationItem3 = createModificationItem(this.ldapPropertiesMapper.getUserFirstNameAttribute(), lDAPUserWithAttributes.getFirstName(), user.getFirstName());
        if (createModificationItem3 != null) {
            arrayList.add(createModificationItem3);
        }
        ModificationItem createModificationItem4 = createModificationItem(this.ldapPropertiesMapper.getUserDisplayNameAttribute(), lDAPUserWithAttributes.getDisplayName(), user.getDisplayName());
        if (createModificationItem4 != null) {
            arrayList.add(createModificationItem4);
        }
        return arrayList;
    }

    public <T> List<T> searchUsers(EntityQuery<T> entityQuery) throws OperationFailedException {
        List<T> list = (List<T>) searchUserObjects(entityQuery);
        return entityQuery.getReturnType() == String.class ? SearchResultsUtil.convertEntitiesToNames(list) : list;
    }

    public User authenticate(String str, PasswordCredential passwordCredential) throws InvalidAuthenticationException, UserNotFoundException, OperationFailedException {
        LdapContextSource ldapContextSource = new LdapContextSource();
        ldapContextSource.setUrl(this.ldapPropertiesMapper.getConnectionURL());
        LDAPUserWithAttributes m12findUserByName = m12findUserByName(str);
        ldapContextSource.setUserDn(m12findUserByName.getDn());
        logger.debug("Authenticating user '{}' with DN '{}'", str, m12findUserByName.getDn());
        if (passwordCredential == null || StringUtils.isBlank(passwordCredential.getCredential())) {
            throw new InvalidAuthenticationException("You cannot authenticate with a blank password");
        }
        if (passwordCredential.isEncryptedCredential()) {
            throw new InvalidAuthenticationException("You cannot authenticate with an encrypted PasswordCredential");
        }
        ldapContextSource.setPassword(passwordCredential.getCredential());
        ldapContextSource.setBaseEnvironmentProperties(getBaseEnvironmentProperties());
        ldapContextSource.setPooled(false);
        try {
            ldapContextSource.afterPropertiesSet();
            ldapContextSource.getReadWriteContext().close();
            return m12findUserByName;
        } catch (NamingException e) {
            throw InvalidAuthenticationException.newInstanceWithNameAndDescriptionFromCause(str, e);
        } catch (Exception e2) {
            throw new InvalidAuthenticationException(str, e2);
        }
    }

    /* renamed from: findGroupByName, reason: merged with bridge method [inline-methods] */
    public LDAPGroupWithAttributes m10findGroupByName(String str) throws GroupNotFoundException, OperationFailedException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        return m9findGroupWithAttributesByName(str);
    }

    /* renamed from: findGroupWithAttributesByName, reason: merged with bridge method [inline-methods] */
    public LDAPGroupWithAttributes m9findGroupWithAttributesByName(String str) throws GroupNotFoundException, OperationFailedException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        try {
            return (LDAPGroupWithAttributes) Iterables.getOnlyElement(searchGroupObjects(QueryBuilder.queryFor(Group.class, EntityDescriptor.group()).with(Restriction.on(GroupTermKeys.NAME).exactlyMatching(str)).returningAtMost(1), getGroupContextMapper(GroupType.GROUP)));
        } catch (NoSuchElementException e) {
            throw new GroupNotFoundException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LDAPGroupWithAttributes findGroupByNameAndType(String str, GroupType groupType) throws GroupNotFoundException, OperationFailedException {
        Validate.notNull(str, "name argument cannot be null", new Object[0]);
        try {
            return (LDAPGroupWithAttributes) Iterables.getOnlyElement(searchGroupObjects(QueryBuilder.queryFor(Group.class, EntityDescriptor.group(groupType)).with(Restriction.on(GroupTermKeys.NAME).exactlyMatching(str)).returningAtMost(1), groupType == null ? getGroupContextMapper(GroupType.GROUP) : getGroupContextMapper(groupType)));
        } catch (NoSuchElementException e) {
            throw new GroupNotFoundException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> List<T> searchGroupObjectsOfSpecifiedGroupType(EntityQuery<?> entityQuery, ContextMapperWithRequiredAttributes<T> contextMapperWithRequiredAttributes) throws OperationFailedException {
        List<T> emptyList;
        GroupType groupType = entityQuery.getEntityDescriptor().getGroupType();
        if (!GroupType.GROUP.equals(groupType)) {
            if (GroupType.LEGACY_ROLE.equals(groupType)) {
                return Collections.emptyList();
            }
            throw new IllegalArgumentException("Cannot search for groups of type: " + groupType);
        }
        LdapName group = this.searchDN.getGroup();
        try {
            String encode = this.ldapQueryTranslater.asLDAPFilter(entityQuery, this.ldapPropertiesMapper).encode();
            logger.debug("Performing group search: baseDN = " + group + " - filter = " + encode);
            emptyList = searchEntities(group, encode, contextMapperWithRequiredAttributes, entityQuery.getStartIndex(), entityQuery.getMaxResults());
        } catch (NullResultException e) {
            emptyList = Collections.emptyList();
        }
        return emptyList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> Iterable<T> searchGroupObjects(EntityQuery<?> entityQuery, ContextMapperWithRequiredAttributes<T> contextMapperWithRequiredAttributes) throws OperationFailedException {
        Validate.notNull(entityQuery, "query argument cannot be null", new Object[0]);
        if (entityQuery.getEntityDescriptor().getEntityType() != Entity.GROUP) {
            throw new IllegalArgumentException("group search can only evaluate EntityQueries for Entity.GROUP");
        }
        if (entityQuery.getEntityDescriptor().getGroupType() != null) {
            return searchGroupObjectsOfSpecifiedGroupType(entityQuery, contextMapperWithRequiredAttributes);
        }
        return SearchResultsUtil.constrainResults(ImmutableList.copyOf(searchGroupObjectsOfSpecifiedGroupType(new GroupQuery(Group.class, GroupType.GROUP, entityQuery.getSearchRestriction(), entityQuery.getStartIndex(), entityQuery.getMaxResults()), contextMapperWithRequiredAttributes)), entityQuery.getStartIndex(), entityQuery.getMaxResults());
    }

    public <T> List<T> searchGroups(EntityQuery<T> entityQuery) throws OperationFailedException {
        Validate.notNull(entityQuery, "query argument cannot be null", new Object[0]);
        GroupType groupType = entityQuery.getEntityDescriptor().getGroupType();
        if (groupType == GroupType.LEGACY_ROLE) {
            return Collections.emptyList();
        }
        if (groupType == null || groupType == GroupType.GROUP) {
            return entityQuery.getReturnType() == String.class ? ImmutableList.copyOf(NamedLdapEntity.namesOf(searchGroupObjects(entityQuery, NamedLdapEntity.mapperFromAttribute(this.ldapPropertiesMapper.getGroupNameAttribute())))) : ImmutableList.copyOf(searchGroupObjects(entityQuery, getGroupContextMapper(GroupType.GROUP)));
        }
        throw new IllegalArgumentException("group search can only evaluate EntityQueries for GroupType.GROUP");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> list) throws OperationFailedException {
        return list;
    }

    protected Attributes getNewGroupAttributes(Group group) throws NamingException {
        Attributes mapAttributesFromGroup = new LDAPGroupAttributesMapper(getDirectoryId(), group.getType(), this.ldapPropertiesMapper).mapAttributesFromGroup(group);
        getNewGroupDirectorySpecificAttributes(group, mapAttributesFromGroup);
        String initialGroupMemberDN = getInitialGroupMemberDN();
        if (initialGroupMemberDN != null) {
            mapAttributesFromGroup.put(new BasicAttribute(this.ldapPropertiesMapper.getGroupMemberAttribute(), initialGroupMemberDN));
        }
        return mapAttributesFromGroup;
    }

    protected void getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes) {
    }

    protected String getInitialGroupMemberDN() {
        return "";
    }

    public Group addGroup(GroupTemplate groupTemplate) throws InvalidGroupException, OperationFailedException {
        Validate.notNull(groupTemplate, "group cannot be null", new Object[0]);
        Validate.isTrue(StringUtils.isNotBlank(groupTemplate.getName()), "group cannot have blank group name", new Object[0]);
        if (groupExists(groupTemplate)) {
            throw new InvalidGroupException(groupTemplate, "Group already exists");
        }
        if (groupTemplate.getType() != GroupType.GROUP) {
            throw new InvalidGroupException(groupTemplate, "group.type must be GroupType.GROUP");
        }
        LdapName group = this.searchDN.getGroup();
        try {
            Name name = this.nameConverter.getName(this.ldapPropertiesMapper.getGroupNameAttribute(), groupTemplate.getName(), group);
            this.ldapTemplate.bind(name, null, getNewGroupAttributes(groupTemplate));
            return findEntityByDN(getStandardisedDN(name), LDAPGroupWithAttributes.class);
        } catch (NamingException e) {
            throw new InvalidGroupException(groupTemplate, e.getMessage(), e);
        } catch (GroupNotFoundException e2) {
            throw new OperationFailedException(e2);
        } catch (InvalidNameException e3) {
            throw new InvalidGroupException(groupTemplate, e3.getMessage(), e3);
        } catch (UserNotFoundException e4) {
            throw new AssertionError("Should not throw UserNotFoundException");
        }
    }

    public Group updateGroup(GroupTemplate groupTemplate) throws GroupNotFoundException, OperationFailedException {
        Validate.notNull(groupTemplate, "group cannot be null", new Object[0]);
        Validate.isTrue(StringUtils.isNotBlank(groupTemplate.getName()), "group cannot have blank group name", new Object[0]);
        LDAPGroupWithAttributes m10findGroupByName = m10findGroupByName(groupTemplate.getName());
        if (m10findGroupByName.getType() != groupTemplate.getType()) {
            throw new OperationNotSupportedException("Cannot modify the GroupType for an LDAP group");
        }
        ArrayList arrayList = new ArrayList();
        ModificationItem createModificationItem = createModificationItem(groupTemplate.getType() == GroupType.GROUP ? this.ldapPropertiesMapper.getGroupDescriptionAttribute() : this.ldapPropertiesMapper.getRoleDescriptionAttribute(), m10findGroupByName.getDescription(), groupTemplate.getDescription());
        if (createModificationItem != null) {
            arrayList.add(createModificationItem);
        }
        if (!arrayList.isEmpty()) {
            try {
                this.ldapTemplate.modifyAttributes(asLdapGroupName(m10findGroupByName.getDn(), groupTemplate.getName()), (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]));
            } catch (NamingException e) {
                throw new OperationFailedException(e);
            }
        }
        try {
            return findEntityByDN(m10findGroupByName.getDn(), LDAPGroupWithAttributes.class);
        } catch (UserNotFoundException e2) {
            throw new AssertionError("Should not throw UserNotFoundException.");
        }
    }

    public void removeGroup(String str) throws GroupNotFoundException, OperationFailedException {
        Validate.notEmpty(str, "name argument cannot be null or empty", new Object[0]);
        try {
            this.ldapTemplate.unbind(asLdapGroupName(m10findGroupByName(str).getDn(), str));
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        }
    }

    public Group renameGroup(String str, String str2) throws GroupNotFoundException, InvalidGroupException, OperationFailedException {
        throw new OperationNotSupportedException("Group renaming is not yet supported for LDAP directories");
    }

    public void storeGroupAttributes(String str, Map<String, Set<String>> map) throws GroupNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException("Custom group attributes are not yet supported for LDAP directories");
    }

    public void removeGroupAttributes(String str, String str2) throws GroupNotFoundException, OperationFailedException {
        throw new OperationNotSupportedException("Custom group attributes are not yet supported for LDAP directories");
    }

    public <T> List<T> searchGroupRelationships(MembershipQuery<T> membershipQuery) throws OperationFailedException {
        Iterable<T> searchGroupRelationshipsWithGroupTypeSpecified;
        Validate.notNull(membershipQuery, "query argument cannot be null", new Object[0]);
        if (membershipQuery.getEntityToMatch().getEntityType() == Entity.GROUP && membershipQuery.getEntityToReturn().getEntityType() == Entity.GROUP && membershipQuery.getEntityToMatch().getEntityType() != membershipQuery.getEntityToReturn().getEntityType()) {
            throw new IllegalArgumentException("Cannot search for group relationships of mismatching GroupTypes: attempted to match <" + membershipQuery.getEntityToMatch().getEntityType() + "> and return <" + membershipQuery.getEntityToReturn().getEntityType() + ">");
        }
        if (membershipQuery.getEntityToMatch().getEntityType() == Entity.GROUP && membershipQuery.getEntityToReturn().getEntityType() == Entity.USER) {
            searchGroupRelationshipsWithGroupTypeSpecified = membershipQuery.getEntityToMatch().getGroupType() == null ? searchGroupRelationshipsWithGroupTypeSpecified(QueryBuilder.createMembershipQuery(membershipQuery.getMaxResults(), membershipQuery.getStartIndex(), membershipQuery.isFindChildren(), membershipQuery.getEntityToReturn(), membershipQuery.getReturnType(), membershipQuery.getEntityToMatch(), membershipQuery.getEntityNameToMatch())) : searchGroupRelationshipsWithGroupTypeSpecified(membershipQuery);
        } else if (membershipQuery.getEntityToMatch().getEntityType() == Entity.USER && membershipQuery.getEntityToReturn().getEntityType() == Entity.GROUP) {
            searchGroupRelationshipsWithGroupTypeSpecified = membershipQuery.getEntityToReturn().getGroupType() == null ? searchGroupRelationshipsWithGroupTypeSpecified(QueryBuilder.createMembershipQuery(membershipQuery.getMaxResults(), membershipQuery.getStartIndex(), membershipQuery.isFindChildren(), EntityDescriptor.group(GroupType.GROUP), membershipQuery.getReturnType(), membershipQuery.getEntityToMatch(), membershipQuery.getEntityNameToMatch())) : searchGroupRelationshipsWithGroupTypeSpecified(membershipQuery);
        } else {
            if (membershipQuery.getEntityToMatch().getEntityType() != Entity.GROUP || membershipQuery.getEntityToReturn().getEntityType() != Entity.GROUP) {
                throw new IllegalArgumentException("Cannot search for relationships between a USER and another USER");
            }
            GroupType groupType = membershipQuery.getEntityToMatch().getGroupType();
            GroupType groupType2 = membershipQuery.getEntityToReturn().getGroupType();
            if (groupType != groupType2) {
                throw new IllegalArgumentException("Cannot search for group relationships of mismatching GroupTypes: attempted to match <" + groupType + "> and return <" + groupType2 + ">");
            }
            searchGroupRelationshipsWithGroupTypeSpecified = groupType2 == null ? searchGroupRelationshipsWithGroupTypeSpecified(QueryBuilder.createMembershipQuery(membershipQuery.getMaxResults(), membershipQuery.getStartIndex(), membershipQuery.isFindChildren(), EntityDescriptor.group(GroupType.GROUP), membershipQuery.getReturnType(), EntityDescriptor.group(GroupType.GROUP), membershipQuery.getEntityNameToMatch())) : searchGroupRelationshipsWithGroupTypeSpecified(membershipQuery);
        }
        return ImmutableList.copyOf(searchGroupRelationshipsWithGroupTypeSpecified);
    }

    protected abstract <T> Iterable<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> membershipQuery) throws OperationFailedException;

    protected abstract Object encodePassword(PasswordCredential passwordCredential) throws InvalidCredentialException;

    public boolean supportsNestedGroups() {
        return !this.ldapPropertiesMapper.isNestedGroupsDisabled();
    }

    public boolean isRolesDisabled() {
        return true;
    }

    public void testConnection() throws OperationFailedException {
        try {
            this.contextSource.getReadOnlyContext().getConnectControls();
        } catch (Exception e) {
            throw new OperationFailedException(e.getMessage());
        }
    }

    @VisibleForTesting
    final String getStandardisedDN(LdapName ldapName) throws OperationFailedException {
        try {
            if (ldapName.isEmpty()) {
                return "";
            }
            return DNStandardiser.standardise(new DistinguishedName(ldapName), !this.ldapPropertiesMapper.isRelaxedDnStandardisation());
        } catch (NamingException e) {
            throw new OperationFailedException("Failed to parse distinguished name", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String standardiseDN(String str) {
        return DNStandardiser.standardise(str, !this.ldapPropertiesMapper.isRelaxedDnStandardisation());
    }

    protected <T extends LDAPDirectoryEntity> LdapName asLdapName(String str, String str2, Class<T> cls) throws UserNotFoundException, GroupNotFoundException {
        try {
            return new LdapName(str);
        } catch (InvalidNameException e) {
            throw typedEntityNotFoundException(str2, cls);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LdapName asLdapGroupName(String str, String str2) throws GroupNotFoundException {
        try {
            return asLdapName(str, str2, LDAPGroupWithAttributes.class);
        } catch (UserNotFoundException e) {
            throw new AssertionError("Should not throw UserNotFoundException.");
        }
    }

    protected LdapName asLdapUserName(String str, String str2) throws UserNotFoundException {
        try {
            return asLdapName(str, str2, LDAPUserWithAttributes.class);
        } catch (GroupNotFoundException e) {
            throw new AssertionError("Should not throw GroupNotFoundException.");
        }
    }

    public boolean supportsInactiveAccounts() {
        return false;
    }

    public RemoteDirectory getAuthoritativeDirectory() {
        return this;
    }

    private boolean groupExists(Group group) throws OperationFailedException {
        try {
            m10findGroupByName(group.getName());
            return true;
        } catch (GroupNotFoundException e) {
            return false;
        }
    }
}
