package com.liferay.portal.security.ldap.internal.exportimport;

import com.liferay.expando.kernel.model.ExpandoBridge;
import com.liferay.expando.kernel.service.ExpandoValueLocalService;
import com.liferay.expando.kernel.util.ExpandoConverterUtil;
import com.liferay.portal.kernel.bean.BeanPropertiesUtil;
import com.liferay.portal.kernel.cache.PortalCache;
import com.liferay.portal.kernel.cache.SingleVMPool;
import com.liferay.portal.kernel.exception.NoSuchRoleException;
import com.liferay.portal.kernel.exception.NoSuchUserGroupException;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.lock.LockManager;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.Contact;
import com.liferay.portal.kernel.model.Group;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.model.UserGroup;
import com.liferay.portal.kernel.security.exportimport.UserGroupImportTransactionThreadLocal;
import com.liferay.portal.kernel.security.ldap.AttributesTransformer;
import com.liferay.portal.kernel.security.ldap.LDAPSettings;
import com.liferay.portal.kernel.service.CompanyLocalService;
import com.liferay.portal.kernel.service.GroupLocalService;
import com.liferay.portal.kernel.service.RoleLocalService;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.UserGroupLocalService;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.CalendarFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.LocaleUtil;
import com.liferay.portal.kernel.util.PrefsPropsUtil;
import com.liferay.portal.kernel.util.Props;
import com.liferay.portal.kernel.util.PwdGenerator;
import com.liferay.portal.kernel.util.StringBundler;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.exportimport.UserImporter;
import com.liferay.portal.security.ldap.ContactConverterKeys;
import com.liferay.portal.security.ldap.GroupConverterKeys;
import com.liferay.portal.security.ldap.PortalLDAP;
import com.liferay.portal.security.ldap.UserConverterKeys;
import com.liferay.portal.security.ldap.configuration.ConfigurationProvider;
import com.liferay.portal.security.ldap.configuration.LDAPServerConfiguration;
import com.liferay.portal.security.ldap.constants.LDAPConstants;
import com.liferay.portal.security.ldap.exportimport.LDAPGroup;
import com.liferay.portal.security.ldap.exportimport.LDAPToPortalConverter;
import com.liferay.portal.security.ldap.exportimport.LDAPUser;
import com.liferay.portal.security.ldap.exportimport.LDAPUserImporter;
import com.liferay.portal.security.ldap.exportimport.configuration.LDAPImportConfiguration;
import com.liferay.portal.security.ldap.internal.UserImportTransactionThreadLocal;
import com.liferay.portal.security.ldap.util.LDAPUtil;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import javax.naming.Binding;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang.time.StopWatch;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, service = {LDAPUserImporter.class, UserImporter.class})
/* loaded from: input_file:com/liferay/portal/security/ldap/internal/exportimport/LDAPUserImporterImpl.class */
public class LDAPUserImporterImpl implements LDAPUserImporter, UserImporter {
    private static final String _IMPORT_BY_GROUP = "group";
    private static final String _IMPORT_BY_USER = "user";
    private static final String _USER_PASSWORD_SCREEN_NAME = "screenName";
    private static final String _USER_SYNC_STRATEGY_UUID = "uuid";
    private AttributesTransformer _attributesTransformer;
    private CompanyLocalService _companyLocalService;
    private String _companySecurityAuthType;
    private ExpandoValueLocalService _expandoValueLocalService;
    private GroupLocalService _groupLocalService;
    private long _lastImportTime;
    private ConfigurationProvider<LDAPImportConfiguration> _ldapImportConfigurationProvider;
    private ConfigurationProvider<LDAPServerConfiguration> _ldapServerConfigurationProvider;
    private LDAPSettings _ldapSettings;
    private LDAPToPortalConverter _ldapToPortalConverter;
    private LockManager _lockManager;
    private PortalCache<String, Long> _portalCache;
    private PortalLDAP _portalLDAP;
    private RoleLocalService _roleLocalService;
    private UserGroupLocalService _userGroupLocalService;
    private UserLocalService _userLocalService;
    private static final String[] _CONTACT_PROPERTY_NAMES = {ContactConverterKeys.BIRTHDAY, "employeeNumber", ContactConverterKeys.FACEBOOK_SN, ContactConverterKeys.JABBER_SN, "male", "prefixId", ContactConverterKeys.SKYPE_SN, ContactConverterKeys.SMS_SN, "suffixId", ContactConverterKeys.TWITTER_SN};
    private static final String[] _USER_PROPERTY_NAMES = {"comments", UserConverterKeys.EMAIL_ADDRESS, UserConverterKeys.FIRST_NAME, "greeting", "jobTitle", "languageId", UserConverterKeys.LAST_NAME, UserConverterKeys.MIDDLE_NAME, "openId", "portraitId", "timeZoneId"};
    private static final Log _log = LogFactoryUtil.getLog(LDAPUserImporterImpl.class);

    public long getLastImportTime() {
        return this._lastImportTime;
    }

    @Override // com.liferay.portal.security.ldap.exportimport.LDAPUserImporter
    public User importUser(long j, long j2, LdapContext ldapContext, Attributes attributes, String str) throws Exception {
        Properties userMappings = this._ldapSettings.getUserMappings(j, j2);
        User importUser = importUser(j, j2, attributes, userMappings, this._ldapSettings.getUserExpandoMappings(j, j2), this._ldapSettings.getContactMappings(j, j2), this._ldapSettings.getContactExpandoMappings(j, j2), str, new HashSet(Arrays.asList(this._ldapServerConfigurationProvider.getConfiguration(j2, j).userIgnoreAttributes())));
        importGroups(j, j2, ldapContext, attributes, importUser, userMappings, this._ldapSettings.getGroupMappings(j, j2));
        return importUser;
    }

    public User importUser(long j, long j2, String str, String str2) throws Exception {
        LdapContext ldapContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                LDAPServerConfiguration configuration = this._ldapServerConfigurationProvider.getConfiguration(j2, j);
                String baseDN = configuration.baseDN();
                LdapContext context = this._portalLDAP.getContext(j, j2);
                if (context == null) {
                    _log.error("Unable to bind to the LDAP server");
                    if (0 != 0) {
                        namingEnumeration.close();
                    }
                    if (context != null) {
                        context.close();
                    }
                    return null;
                }
                String authSearchFilter = configuration.authSearchFilter();
                if (_log.isDebugEnabled()) {
                    _log.debug("Search filter before transformation " + authSearchFilter);
                }
                String replace = StringUtil.replace(authSearchFilter, new String[]{"@company_id@", "@email_address@", "@screen_name@"}, new String[]{String.valueOf(j2), str, str2});
                LDAPUtil.validateFilter(replace);
                if (_log.isDebugEnabled()) {
                    _log.debug("Search filter after transformation " + replace);
                }
                NamingEnumeration search = context.search(baseDN, replace, new SearchControls(2, 1L, 0, new String[]{StringUtil.toLowerCase(GetterUtil.getString(this._ldapSettings.getUserMappings(j, j2).getProperty("screenName")))}, false, false));
                if (!search.hasMoreElements()) {
                    if (search != null) {
                        search.close();
                    }
                    if (context != null) {
                        context.close();
                    }
                    return null;
                }
                if (_log.isDebugEnabled()) {
                    _log.debug("Search filter returned at least one result");
                }
                User importUser = importUser(j, j2, context, this._portalLDAP.getUserAttributes(j, j2, context, this._portalLDAP.getNameInNamespace(j, j2, (Binding) search.nextElement())), null);
                if (search != null) {
                    search.close();
                }
                if (context != null) {
                    context.close();
                }
                return importUser;
            } catch (Exception e) {
                if (_log.isWarnEnabled()) {
                    _log.warn("Problem accessing LDAP server " + e.getMessage());
                }
                if (_log.isDebugEnabled()) {
                    _log.debug(e, e);
                }
                throw new SystemException("Problem accessing LDAP server " + e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                namingEnumeration.close();
            }
            if (0 != 0) {
                ldapContext.close();
            }
            throw th;
        }
    }

    public User importUser(long j, String str, String str2) throws Exception {
        for (LDAPServerConfiguration lDAPServerConfiguration : this._ldapServerConfigurationProvider.getConfigurations(j)) {
            if (!Validator.isNull(lDAPServerConfiguration.baseProviderURL())) {
                User importUser = importUser(lDAPServerConfiguration.ldapServerId(), j, str, str2);
                if (importUser != null) {
                    return importUser;
                }
            } else if (_log.isWarnEnabled()) {
                _log.warn("No provider URL defined in " + lDAPServerConfiguration);
            }
        }
        if (!_log.isDebugEnabled()) {
            return null;
        }
        if (Validator.isNotNull(str)) {
            _log.debug("User with the email address " + str + " was not found in any LDAP servers");
            return null;
        }
        _log.debug("User with the screen name " + str2 + " was not found in any LDAP servers");
        return null;
    }

    public User importUserByScreenName(long j, String str) throws Exception {
        long ldapServerId = this._portalLDAP.getLdapServerId(j, str, "");
        Binding binding = (SearchResult) this._portalLDAP.getUser(ldapServerId, j, str, "");
        if (binding == null) {
            if (!_log.isWarnEnabled()) {
                return null;
            }
            _log.warn("No user was found in LDAP with screenName " + str);
            return null;
        }
        LdapContext context = this._portalLDAP.getContext(ldapServerId, j);
        User importUser = importUser(ldapServerId, j, context, this._portalLDAP.getUserAttributes(ldapServerId, j, context, this._portalLDAP.getNameInNamespace(ldapServerId, j, binding)), null);
        context.close();
        return importUser;
    }

    public void importUsers() throws Exception {
        Iterator it = this._companyLocalService.getCompanies(false).iterator();
        while (it.hasNext()) {
            importUsers(((Company) it.next()).getCompanyId());
        }
    }

    public void importUsers(long j) throws Exception {
        if (this._ldapSettings.isImportEnabled(j)) {
            try {
                long defaultUserId = this._userLocalService.getDefaultUserId(j);
                if (this._lockManager.hasLock(defaultUserId, UserImporter.class.getName(), j)) {
                    if (_log.isDebugEnabled()) {
                        _log.debug("Skipping LDAP import for company " + j + " because another LDAP import is in process");
                    }
                    return;
                }
                this._lockManager.lock(defaultUserId, UserImporter.class.getName(), j, LDAPUserImporterImpl.class.getName(), false, this._ldapImportConfigurationProvider.getConfiguration(j).importLockExpirationTime());
                Iterator<LDAPServerConfiguration> it = this._ldapServerConfigurationProvider.getConfigurations(j).iterator();
                while (it.hasNext()) {
                    importUsers(it.next().ldapServerId(), j);
                }
                this._lockManager.unlock(UserImporter.class.getName(), j);
            } finally {
                this._lockManager.unlock(UserImporter.class.getName(), j);
            }
        }
    }

    public void importUsers(long j, long j2) throws Exception {
        LdapContext context;
        if (this._ldapSettings.isImportEnabled(j2) && (context = this._portalLDAP.getContext(j, j2)) != null) {
            this._lastImportTime = System.currentTimeMillis();
            LDAPImportConfiguration configuration = this._ldapImportConfigurationProvider.getConfiguration(j2);
            HashSet hashSet = new HashSet(Arrays.asList(this._ldapServerConfigurationProvider.getConfiguration(j2, j).userIgnoreAttributes()));
            try {
                try {
                    Properties userMappings = this._ldapSettings.getUserMappings(j, j2);
                    Properties userExpandoMappings = this._ldapSettings.getUserExpandoMappings(j, j2);
                    Properties contactMappings = this._ldapSettings.getContactMappings(j, j2);
                    Properties contactExpandoMappings = this._ldapSettings.getContactExpandoMappings(j, j2);
                    Properties groupMappings = this._ldapSettings.getGroupMappings(j, j2);
                    String importMethod = configuration.importMethod();
                    if (importMethod.equals("group")) {
                        importFromLDAPByGroup(j, j2, context, userMappings, userExpandoMappings, contactMappings, contactExpandoMappings, groupMappings, hashSet);
                    } else if (importMethod.equals("user")) {
                        importFromLDAPByUser(j, j2, context, userMappings, userExpandoMappings, contactMappings, contactExpandoMappings, groupMappings, hashSet);
                    }
                    context.close();
                } catch (Exception e) {
                    _log.error("Unable to import LDAP users and groups", e);
                    context.close();
                }
            } catch (Throwable th) {
                context.close();
                throw th;
            }
        }
    }

    @Reference(unbind = "-")
    public void setAttributesTransformer(AttributesTransformer attributesTransformer) {
        this._attributesTransformer = attributesTransformer;
    }

    @Reference(unbind = "-")
    public void setLDAPToPortalConverter(LDAPToPortalConverter lDAPToPortalConverter) {
        this._ldapToPortalConverter = lDAPToPortalConverter;
    }

    @Reference(unbind = "-")
    public void setSingleVMPool(SingleVMPool singleVMPool) {
        this._portalCache = singleVMPool.getPortalCache(UserImporter.class.getName(), false);
    }

    protected void addRole(long j, LDAPGroup lDAPGroup, UserGroup userGroup) throws Exception {
        Role addRole;
        if (this._ldapImportConfigurationProvider.getConfiguration(j).importCreateRolePerGroup()) {
            try {
                addRole = this._roleLocalService.getRole(j, lDAPGroup.getGroupName());
            } catch (NoSuchRoleException e) {
                if (_log.isDebugEnabled()) {
                    _log.debug(e, e);
                }
                User defaultUser = this._userLocalService.getDefaultUser(j);
                HashMap hashMap = new HashMap();
                hashMap.put(LocaleUtil.getDefault(), "Autogenerated role from LDAP import");
                addRole = this._roleLocalService.addRole(defaultUser.getUserId(), (String) null, 0L, lDAPGroup.getGroupName(), (Map) null, hashMap, 1, (String) null, (ServiceContext) null);
                if (_log.isDebugEnabled()) {
                    _log.debug("Imported autogenerated role from LDAP import: " + addRole);
                }
            }
            Group group = userGroup.getGroup();
            if (this._groupLocalService.hasRoleGroup(addRole.getRoleId(), group.getGroupId())) {
                return;
            }
            this._groupLocalService.addRoleGroups(addRole.getRoleId(), new long[]{group.getGroupId()});
        }
    }

    protected User addUser(long j, LDAPUser lDAPUser, String str) throws Exception {
        StopWatch stopWatch = new StopWatch();
        if (_log.isDebugEnabled()) {
            stopWatch.start();
            _log.debug("Adding LDAP user " + lDAPUser + " to company " + j);
        }
        boolean isAutoPassword = lDAPUser.isAutoPassword();
        LDAPImportConfiguration configuration = this._ldapImportConfigurationProvider.getConfiguration(j);
        if (!configuration.importUserPasswordEnabled()) {
            isAutoPassword = configuration.importUserPasswordAutogenerated();
            if (!isAutoPassword) {
                String importUserPasswordDefault = configuration.importUserPasswordDefault();
                if (StringUtil.equalsIgnoreCase(importUserPasswordDefault, "screenName")) {
                    importUserPasswordDefault = lDAPUser.getScreenName();
                }
                str = importUserPasswordDefault;
            }
        }
        Calendar calendar = CalendarFactoryUtil.getCalendar();
        calendar.setTime(lDAPUser.getBirthday());
        User addUser = this._userLocalService.addUser(lDAPUser.getCreatorUserId(), j, isAutoPassword, str, str, lDAPUser.isAutoScreenName(), lDAPUser.getScreenName(), lDAPUser.getEmailAddress(), 0L, "", lDAPUser.getLocale(), lDAPUser.getFirstName(), lDAPUser.getMiddleName(), lDAPUser.getLastName(), 0L, 0L, lDAPUser.isMale(), calendar.get(2), calendar.get(5), calendar.get(1), "", lDAPUser.getGroupIds(), lDAPUser.getOrganizationIds(), lDAPUser.getRoleIds(), lDAPUser.getUserGroupIds(), lDAPUser.isSendEmail(), lDAPUser.getServiceContext());
        if (lDAPUser.isUpdatePortrait()) {
            byte[] portraitBytes = lDAPUser.getPortraitBytes();
            if (ArrayUtil.isNotEmpty(portraitBytes)) {
                addUser = this._userLocalService.updatePortrait(addUser.getUserId(), portraitBytes);
            }
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Finished adding LDAP user " + lDAPUser + " as user " + addUser + " in " + stopWatch.getTime() + "ms");
        }
        return addUser;
    }

    protected void addUserGroupsNotAddedByLDAPImport(long j, Set<Long> set) throws Exception {
        for (UserGroup userGroup : this._userGroupLocalService.getUserUserGroups(j)) {
            if (!userGroup.isAddedByLDAPImport()) {
                set.add(Long.valueOf(userGroup.getUserGroupId()));
            }
        }
    }

    protected String escapeValue(String str) {
        return StringUtil.replace(str, "\\,", "\\\\,");
    }

    protected User getUser(long j, LDAPUser lDAPUser) throws Exception {
        if (Objects.equals(this._ldapImportConfigurationProvider.getConfiguration(j).importUserSyncStrategy(), "uuid")) {
            return this._userLocalService.fetchUserByUuidAndCompanyId(lDAPUser.getServiceContext().getUuidWithoutReset(), j);
        }
        return (!PrefsPropsUtil.getString(j, "company.security.auth.type", this._companySecurityAuthType).equals("screenName") || lDAPUser.isAutoScreenName()) ? this._userLocalService.fetchUserByEmailAddress(j, lDAPUser.getEmailAddress()) : this._userLocalService.fetchUserByScreenName(j, lDAPUser.getScreenName());
    }

    protected Attribute getUsers(long j, long j2, LdapContext ldapContext, Attributes attributes, UserGroup userGroup, Properties properties) throws Exception {
        Attribute attribute = attributes.get(properties.getProperty("user"));
        if (attribute == null) {
            return null;
        }
        LDAPServerConfiguration configuration = this._ldapServerConfigurationProvider.getConfiguration(j2, j);
        String baseDN = configuration.baseDN();
        StringBundler stringBundler = new StringBundler(7);
        stringBundler.append("(&");
        String groupSearchFilter = configuration.groupSearchFilter();
        LDAPUtil.validateFilter(groupSearchFilter, "LDAPServerConfiguration.groupSearchFilter");
        stringBundler.append(groupSearchFilter);
        stringBundler.append("(");
        stringBundler.append(properties.getProperty(GroupConverterKeys.GROUP_NAME));
        stringBundler.append("=");
        stringBundler.append(escapeValue(userGroup.getName()));
        stringBundler.append("))");
        return this._portalLDAP.getMultivaluedAttribute(j2, ldapContext, baseDN, stringBundler.toString(), attribute);
    }

    protected void importFromLDAPByGroup(long j, long j2, LdapContext ldapContext, Properties properties, Properties properties2, Properties properties3, Properties properties4, Properties properties5, Set<String> set) throws Exception {
        byte[] bArr = new byte[0];
        while (bArr != null) {
            ArrayList<Binding> arrayList = new ArrayList();
            bArr = this._portalLDAP.getGroups(j, j2, ldapContext, bArr, 0, new String[]{StringUtil.toLowerCase(GetterUtil.getString(properties5.getProperty(GroupConverterKeys.GROUP_NAME)))}, arrayList);
            for (Binding binding : arrayList) {
                try {
                    Attributes groupAttributes = this._portalLDAP.getGroupAttributes(j, j2, ldapContext, this._portalLDAP.getNameInNamespace(j, j2, binding), true);
                    UserGroup importUserGroup = importUserGroup(j2, groupAttributes, properties5);
                    Attribute users = getUsers(j, j2, ldapContext, groupAttributes, importUserGroup, properties5);
                    if (users != null) {
                        importUsers(j, j2, ldapContext, properties, properties2, properties3, properties4, importUserGroup.getUserGroupId(), users, set);
                    } else if (_log.isInfoEnabled()) {
                        _log.info("No users found in " + importUserGroup.getName());
                    }
                } catch (Exception e) {
                    _log.error("Unable to import group " + binding, e);
                }
            }
        }
    }

    protected void importFromLDAPByUser(long j, long j2, LdapContext ldapContext, Properties properties, Properties properties2, Properties properties3, Properties properties4, Properties properties5, Set<String> set) throws Exception {
        byte[] bArr = new byte[0];
        while (bArr != null) {
            ArrayList<Binding> arrayList = new ArrayList();
            bArr = this._portalLDAP.getUsers(j, j2, ldapContext, bArr, 0, new String[]{StringUtil.toLowerCase(GetterUtil.getString(properties.getProperty("screenName")))}, arrayList);
            for (Binding binding : arrayList) {
                try {
                    Attributes userAttributes = this._portalLDAP.getUserAttributes(j, j2, ldapContext, this._portalLDAP.getNameInNamespace(j, j2, binding));
                    importGroups(j, j2, ldapContext, userAttributes, importUser(j, j2, userAttributes, properties, properties2, properties3, properties4, null, set), properties, properties5);
                } catch (Exception e) {
                    _log.error("Unable to import user " + binding, e);
                }
            }
        }
    }

    protected Set<Long> importGroup(long j, long j2, LdapContext ldapContext, String str, User user, Properties properties, Set<Long> set) throws Exception {
        String str2 = null;
        Long l = null;
        LDAPImportConfiguration configuration = this._ldapImportConfigurationProvider.getConfiguration(j2);
        if (configuration.importGroupCacheEnabled()) {
            StringBundler stringBundler = new StringBundler(5);
            stringBundler.append(j);
            stringBundler.append("_");
            stringBundler.append(j2);
            stringBundler.append("_");
            stringBundler.append(str);
            str2 = stringBundler.toString();
            l = (Long) this._portalCache.get(str2);
        }
        if (l == null) {
            if (_log.isDebugEnabled()) {
                _log.debug("Importing full group DN " + str);
            }
            Attributes attributes = null;
            try {
                attributes = this._portalLDAP.getGroupAttributes(j, j2, ldapContext, str);
            } catch (NameNotFoundException e) {
                _log.error("LDAP group not found with full group DN " + str, e);
            }
            UserGroup importUserGroup = importUserGroup(j2, attributes, properties);
            if (importUserGroup == null) {
                return set;
            }
            l = Long.valueOf(importUserGroup.getUserGroupId());
            if (configuration.importGroupCacheEnabled()) {
                this._portalCache.put(str2, l);
            }
        } else if (_log.isDebugEnabled()) {
            _log.debug("Skipping reimport of full group DN " + str);
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Adding user " + user + " to user group " + l);
        }
        set.add(l);
        return set;
    }

    protected void importGroups(long j, long j2, LdapContext ldapContext, Attributes attributes, User user, Properties properties, Properties properties2) throws Exception {
        String property = properties2.getProperty("user");
        Set<Long> linkedHashSet = new LinkedHashSet();
        LDAPServerConfiguration configuration = this._ldapServerConfigurationProvider.getConfiguration(j2, j);
        if (Validator.isNotNull(property) && configuration.groupSearchFilterEnabled()) {
            String baseDN = configuration.baseDN();
            StringBundler stringBundler = new StringBundler(9);
            stringBundler.append("(");
            stringBundler.append("&");
            String groupSearchFilter = configuration.groupSearchFilter();
            LDAPUtil.validateFilter(groupSearchFilter, "LDAPServerConfiguration.groupSearchFilter");
            stringBundler.append(groupSearchFilter);
            stringBundler.append("(");
            stringBundler.append(property);
            stringBundler.append("=");
            stringBundler.append(escapeValue(this._portalLDAP.getNameInNamespace(j, j2, this._portalLDAP.getUser(j, j2, user.getScreenName(), user.getEmailAddress()))));
            stringBundler.append(")");
            stringBundler.append(")");
            byte[] bArr = new byte[0];
            while (bArr != null) {
                ArrayList arrayList = new ArrayList();
                bArr = this._portalLDAP.searchLDAP(j2, ldapContext, bArr, 0, baseDN, stringBundler.toString(), new String[]{StringUtil.toLowerCase(GetterUtil.getString(properties2.getProperty(GroupConverterKeys.GROUP_NAME)))}, arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    linkedHashSet = importGroup(j, j2, ldapContext, this._portalLDAP.getNameInNamespace(j, j2, (SearchResult) it.next()), user, properties2, linkedHashSet);
                }
            }
        } else {
            String property2 = properties.getProperty("group");
            if (Validator.isNull(property2)) {
                if (_log.isInfoEnabled()) {
                    _log.info("Skipping group import because no mappings for LDAP groups were specified in user mappings " + properties);
                    return;
                }
                return;
            } else {
                Attribute attribute = attributes.get(property2);
                if (attribute == null) {
                    return;
                }
                for (int i = 0; i < attribute.size(); i++) {
                    linkedHashSet = importGroup(j, j2, ldapContext, (String) attribute.get(i), user, properties2, linkedHashSet);
                }
            }
        }
        addUserGroupsNotAddedByLDAPImport(user.getUserId(), linkedHashSet);
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        Iterator it2 = this._userGroupLocalService.getUserUserGroups(user.getUserId()).iterator();
        while (it2.hasNext()) {
            linkedHashSet2.add(Long.valueOf(((UserGroup) it2.next()).getUserGroupId()));
        }
        if (linkedHashSet2.equals(linkedHashSet)) {
            return;
        }
        this._userGroupLocalService.setUserUserGroups(user.getUserId(), ArrayUtil.toLongArray(linkedHashSet));
    }

    protected User importUser(long j, long j2, Attributes attributes, Properties properties, Properties properties2, Properties properties3, Properties properties4, String str, Set<String> set) throws Exception {
        UserImportTransactionThreadLocal.setOriginatesFromImport(true);
        try {
            Attributes transformUser = this._attributesTransformer.transformUser(attributes);
            LDAPUser importLDAPUser = this._ldapToPortalConverter.importLDAPUser(j2, transformUser, properties, properties2, properties3, properties4, str);
            User user = getUser(j2, importLDAPUser);
            if (user != null && user.isDefaultUser()) {
                return user;
            }
            importLDAPUser.getServiceContext().setAttribute(LDAPConstants.LDAP_SERVER_ID, Long.valueOf(j));
            boolean z = false;
            if (user == null) {
                user = addUser(j2, importLDAPUser, str);
                z = true;
            }
            User updateUser = updateUser(j2, j, importLDAPUser, user, properties, properties3, str, LDAPUtil.getAttributeString(transformUser, "modifyTimestamp"), z);
            updateExpandoAttributes(updateUser, importLDAPUser, properties2, properties4, set);
            UserImportTransactionThreadLocal.setOriginatesFromImport(false);
            return updateUser;
        } finally {
            UserImportTransactionThreadLocal.setOriginatesFromImport(false);
        }
    }

    protected UserGroup importUserGroup(long j, Attributes attributes, Properties properties) throws Exception {
        LDAPGroup importLDAPGroup = this._ldapToPortalConverter.importLDAPGroup(j, this._attributesTransformer.transformGroup(attributes), properties);
        UserGroup userGroup = null;
        try {
            userGroup = this._userGroupLocalService.getUserGroup(j, importLDAPGroup.getGroupName());
            if (!Objects.equals(userGroup.getDescription(), importLDAPGroup.getDescription())) {
                ServiceContext serviceContext = this._userGroupLocalService;
                long userGroupId = userGroup.getUserGroupId();
                String groupName = importLDAPGroup.getGroupName();
                String description = importLDAPGroup.getDescription();
            }
        } catch (NoSuchUserGroupException e) {
            if (_log.isDebugEnabled()) {
                _log.debug(e, e);
            }
            StopWatch stopWatch = new StopWatch();
            if (_log.isDebugEnabled()) {
                stopWatch.start();
                _log.debug("Adding LDAP group " + importLDAPGroup);
            }
            long defaultUserId = this._userLocalService.getDefaultUserId(j);
            UserGroupImportTransactionThreadLocal.setOriginatesFromImport(true);
            try {
                userGroup = this._userGroupLocalService.addUserGroup(defaultUserId, j, importLDAPGroup.getGroupName(), importLDAPGroup.getDescription(), (ServiceContext) null);
                if (_log.isDebugEnabled()) {
                    _log.debug("Finished adding LDAP group " + importLDAPGroup + " as user group " + userGroup + " in " + stopWatch.getTime() + "ms");
                }
                UserGroupImportTransactionThreadLocal.setOriginatesFromImport(false);
            } catch (Exception e2) {
                if (_log.isWarnEnabled()) {
                    _log.warn("Unable to create user group " + importLDAPGroup.getGroupName());
                }
                if (_log.isDebugEnabled()) {
                    _log.debug(e2, e2);
                }
            } finally {
                UserGroupImportTransactionThreadLocal.setOriginatesFromImport(false);
            }
        }
        addRole(j, importLDAPGroup, userGroup);
        return userGroup;
    }

    protected void importUsers(long j, long j2, LdapContext ldapContext, Properties properties, Properties properties2, Properties properties3, Properties properties4, long j3, Attribute attribute, Set<String> set) throws Exception {
        StopWatch stopWatch = new StopWatch();
        if (_log.isDebugEnabled()) {
            stopWatch.start();
            _log.debug("Importing " + attribute.size() + " users from LDAP server " + j + " to company " + j2);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(attribute.size());
        for (int i = 0; i < attribute.size(); i++) {
            String str = (String) attribute.get(i);
            try {
                Attributes userAttributes = this._portalLDAP.getUserAttributes(j, j2, ldapContext, str);
                try {
                    User importUser = importUser(j, j2, userAttributes, properties, properties2, properties3, properties4, null, set);
                    if (importUser != null) {
                        if (_log.isDebugEnabled()) {
                            _log.debug("Adding user " + importUser + " to user group " + j3);
                        }
                        linkedHashSet.add(Long.valueOf(importUser.getUserId()));
                    }
                } catch (Exception e) {
                    _log.error("Unable to load user " + userAttributes, e);
                }
            } catch (NameNotFoundException e2) {
                _log.error("LDAP user not found with fullUserDN " + str, e2);
            }
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Finished importing " + linkedHashSet.size() + " of " + attribute.size() + " users from LDAP server " + j + " in " + stopWatch.getTime() + "ms");
        }
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        for (User user : this._userLocalService.getUserGroupUsers(j3)) {
            if (j == user.getLdapServerId() && !linkedHashSet.contains(Long.valueOf(user.getUserId()))) {
                if (_log.isDebugEnabled()) {
                    _log.debug("Removing user " + user + " from user group " + j3);
                }
                linkedHashSet2.add(Long.valueOf(user.getUserId()));
            }
        }
        this._userLocalService.addUserGroupUsers(j3, ArrayUtil.toLongArray(linkedHashSet));
        this._userLocalService.deleteUserGroupUsers(j3, ArrayUtil.toLongArray(linkedHashSet2));
    }

    protected void populateExpandoAttributes(ExpandoBridge expandoBridge, Map<String, String[]> map, Properties properties, Set<String> set) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            String key = entry.getKey();
            if (expandoBridge.hasAttribute(key) && properties.containsKey(key) && !set.contains(key)) {
                hashMap.put(key, ExpandoConverterUtil.getAttributeFromStringArray(expandoBridge.getAttributeType(key), entry.getValue()));
            }
        }
        if (hashMap.isEmpty()) {
            return;
        }
        try {
            this._expandoValueLocalService.addValues(expandoBridge.getCompanyId(), expandoBridge.getClassName(), "CUSTOM_FIELDS", expandoBridge.getClassPK(), hashMap);
        } catch (Exception e) {
            if (_log.isWarnEnabled()) {
                _log.warn("Unable to populate expando attributes");
            }
            if (_log.isDebugEnabled()) {
                _log.debug(e, e);
            }
        }
    }

    @Reference(unbind = "-")
    protected void setCompanyLocalService(CompanyLocalService companyLocalService) {
        this._companyLocalService = companyLocalService;
    }

    @Reference(unbind = "-")
    protected void setExpandoValueLocalService(ExpandoValueLocalService expandoValueLocalService) {
        this._expandoValueLocalService = expandoValueLocalService;
    }

    @Reference(unbind = "-")
    protected void setGroupLocalService(GroupLocalService groupLocalService) {
        this._groupLocalService = groupLocalService;
    }

    @Reference(target = "(factoryPid=com.liferay.portal.security.ldap.exportimport.configuration.LDAPImportConfiguration)", unbind = "-")
    protected void setLDAPImportConfigurationProvider(ConfigurationProvider<LDAPImportConfiguration> configurationProvider) {
        this._ldapImportConfigurationProvider = configurationProvider;
    }

    @Reference(target = "(factoryPid=com.liferay.portal.security.ldap.configuration.LDAPServerConfiguration)", unbind = "-")
    protected void setLDAPServerConfigurationProvider(ConfigurationProvider<LDAPServerConfiguration> configurationProvider) {
        this._ldapServerConfigurationProvider = configurationProvider;
    }

    @Reference(unbind = "-")
    protected void setLdapSettings(LDAPSettings lDAPSettings) {
        this._ldapSettings = lDAPSettings;
    }

    @Reference(unbind = "-")
    protected void setLockManager(LockManager lockManager) {
        this._lockManager = lockManager;
    }

    @Reference(unbind = "-")
    protected void setPortalLDAP(PortalLDAP portalLDAP) {
        this._portalLDAP = portalLDAP;
    }

    protected void setProperty(Object obj, Object obj2, String str) {
        BeanPropertiesUtil.setProperty(obj, str, BeanPropertiesUtil.getObject(obj2, str));
    }

    @Reference(unbind = "-")
    protected void setProps(Props props) {
        this._companySecurityAuthType = GetterUtil.getString(props.get("company.security.auth.type"));
    }

    @Reference(unbind = "-")
    protected void setRoleLocalService(RoleLocalService roleLocalService) {
        this._roleLocalService = roleLocalService;
    }

    @Reference(unbind = "-")
    protected void setUserGroupLocalService(UserGroupLocalService userGroupLocalService) {
        this._userGroupLocalService = userGroupLocalService;
    }

    @Reference(unbind = "-")
    protected void setUserLocalService(UserLocalService userLocalService) {
        this._userLocalService = userLocalService;
    }

    protected void updateExpandoAttributes(User user, LDAPUser lDAPUser, Properties properties, Properties properties2, Set<String> set) throws Exception {
        populateExpandoAttributes(user.getExpandoBridge(), lDAPUser.getUserExpandoAttributes(), properties, set);
        populateExpandoAttributes(user.getContact().getExpandoBridge(), lDAPUser.getContactExpandoAttributes(), properties2, set);
    }

    protected void updateLDAPUser(User user, Contact contact, User user2, Properties properties, Properties properties2, Set<String> set) throws PortalException {
        Contact contact2 = user2.getContact();
        for (String str : _CONTACT_PROPERTY_NAMES) {
            Object obj = str;
            if (str.equals("male")) {
                obj = ContactConverterKeys.GENDER;
            } else if (str.equals("prefixId")) {
                obj = ContactConverterKeys.PREFIX;
            } else if (str.equals("suffixId")) {
                obj = ContactConverterKeys.SUFFIX;
            }
            if (!properties2.containsKey(obj) || set.contains(str)) {
                setProperty(contact, contact2, str);
            }
        }
        for (String str2 : _USER_PROPERTY_NAMES) {
            Object obj2 = str2;
            if (str2.equals("portraitId")) {
                obj2 = UserConverterKeys.PORTRAIT;
            }
            if (!properties.containsKey(obj2) || set.contains(str2)) {
                setProperty(user, user2, str2);
            }
        }
    }

    protected User updateUser(long j, long j2, LDAPUser lDAPUser, User user, Properties properties, Properties properties2, String str, String str2, boolean z) throws Exception {
        StopWatch stopWatch = new StopWatch();
        if (_log.isDebugEnabled()) {
            stopWatch.start();
            if (z) {
                _log.debug("Updating new user " + user + " from LDAP server " + j2 + " to company " + j);
            } else {
                _log.debug("Updating existing user " + user + " from LDAP server " + j2 + " to company " + j);
            }
        }
        Date date = null;
        LDAPImportConfiguration configuration = this._ldapImportConfigurationProvider.getConfiguration(j);
        boolean isPasswordReset = lDAPUser.isPasswordReset();
        if (this._ldapSettings.isExportEnabled(j)) {
            isPasswordReset = user.isPasswordReset();
        }
        try {
            if (Validator.isNotNull(str2)) {
                date = LDAPUtil.parseDate(str2);
                if (date.equals(user.getModifiedDate())) {
                    if (lDAPUser.isUpdatePassword() || !configuration.importUserPasswordEnabled()) {
                        updateUserPassword(configuration, user.getUserId(), user.getScreenName(), str, isPasswordReset);
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug("User " + user.getEmailAddress() + " is already synchronized, but updated password to avoid a blank value");
                    }
                    return user;
                }
            } else if (!z) {
                if (_log.isInfoEnabled()) {
                    _log.info("Skipping user " + user.getEmailAddress() + " because the LDAP entry was never modified");
                }
                return user;
            }
        } catch (ParseException e) {
            if (_log.isDebugEnabled()) {
                _log.debug("Unable to parse LDAP modify timestamp " + str2, e);
            }
        }
        HashSet hashSet = new HashSet(Arrays.asList(this._ldapServerConfigurationProvider.getConfiguration(j, j2).userIgnoreAttributes()));
        if (Validator.isNull(lDAPUser.getScreenName()) || lDAPUser.isAutoScreenName()) {
            lDAPUser.setScreenName(user.getScreenName());
        }
        if (lDAPUser.isUpdatePassword() || !configuration.importUserPasswordEnabled()) {
            str = updateUserPassword(configuration, user.getUserId(), lDAPUser.getScreenName(), str, isPasswordReset);
        }
        Contact contact = lDAPUser.getContact();
        updateLDAPUser(lDAPUser.getUser(), contact, user, properties, properties2, hashSet);
        Calendar calendar = CalendarFactoryUtil.getCalendar();
        calendar.setTime(contact.getBirthday());
        User updateUser = this._userLocalService.updateUser(user.getUserId(), str, "", "", isPasswordReset, lDAPUser.getReminderQueryQuestion(), lDAPUser.getReminderQueryAnswer(), lDAPUser.getScreenName(), lDAPUser.getEmailAddress(), lDAPUser.getFacebookId(), lDAPUser.getOpenId(), lDAPUser.isUpdatePortrait(), lDAPUser.getPortraitBytes(), lDAPUser.getLanguageId(), lDAPUser.getTimeZoneId(), lDAPUser.getGreeting(), lDAPUser.getComments(), lDAPUser.getFirstName(), lDAPUser.getMiddleName(), lDAPUser.getLastName(), lDAPUser.getPrefixId(), lDAPUser.getSuffixId(), lDAPUser.isMale(), calendar.get(2), calendar.get(5), calendar.get(1), lDAPUser.getSmsSn(), lDAPUser.getFacebookSn(), lDAPUser.getJabberSn(), lDAPUser.getSkypeSn(), lDAPUser.getTwitterSn(), lDAPUser.getJobTitle(), lDAPUser.getGroupIds(), lDAPUser.getOrganizationIds(), lDAPUser.getRoleIds(), lDAPUser.getUserGroupRoles(), lDAPUser.getUserGroupIds(), lDAPUser.getServiceContext());
        ServiceContext serviceContext = new ServiceContext();
        if (date != null) {
            serviceContext.setModifiedDate(date);
        }
        User updateStatus = this._userLocalService.updateStatus(updateUser.getUserId(), lDAPUser.getStatus(), serviceContext);
        if (_log.isDebugEnabled()) {
            _log.debug("Finished update for user " + updateStatus + " in " + stopWatch.getTime() + "ms");
        }
        return updateStatus;
    }

    protected String updateUserPassword(LDAPImportConfiguration lDAPImportConfiguration, long j, String str, String str2, boolean z) throws PortalException {
        if (!lDAPImportConfiguration.importUserPasswordEnabled()) {
            if (lDAPImportConfiguration.importUserPasswordAutogenerated()) {
                str2 = PwdGenerator.getPassword();
            } else {
                str2 = lDAPImportConfiguration.importUserPasswordDefault();
                if (StringUtil.equalsIgnoreCase(str2, "screenName")) {
                    str2 = str;
                }
            }
        }
        this._userLocalService.updatePassword(j, str2, str2, z, true);
        return str2;
    }
}
