package com.liferay.saml.opensaml.integration.internal.field.expression.handler;

import com.liferay.expando.kernel.model.ExpandoColumn;
import com.liferay.expando.kernel.model.ExpandoValue;
import com.liferay.expando.kernel.service.ExpandoColumnLocalService;
import com.liferay.expando.kernel.service.ExpandoTableLocalService;
import com.liferay.expando.kernel.service.ExpandoValueLocalService;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.auth.CompanyThreadLocal;
import com.liferay.portal.kernel.security.ldap.LDAPSettings;
import com.liferay.portal.kernel.service.ServiceContext;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ResourceBundleUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.ldap.SafeLdapContext;
import com.liferay.portal.security.ldap.SafeLdapFilter;
import com.liferay.portal.security.ldap.SafeLdapFilterConstraints;
import com.liferay.portal.security.ldap.SafeLdapFilterFactory;
import com.liferay.portal.security.ldap.SafeLdapNameFactory;
import com.liferay.portal.security.ldap.SafePortalLDAP;
import com.liferay.portal.security.ldap.configuration.ConfigurationProvider;
import com.liferay.portal.security.ldap.configuration.LDAPServerConfiguration;
import com.liferay.portal.security.ldap.exportimport.LDAPUserImporter;
import com.liferay.portal.security.ldap.util.LDAPUtil;
import com.liferay.portal.security.ldap.validator.LDAPFilterException;
import com.liferay.portal.security.ldap.validator.LDAPFilterValidator;
import com.liferay.saml.opensaml.integration.field.expression.handler.UserFieldExpressionHandler;
import com.liferay.saml.opensaml.integration.processor.context.UserProcessorContext;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Stream;
import javax.naming.Binding;
import javax.naming.NamingEnumeration;
import javax.naming.directory.SearchControls;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(property = {"display.index:Integer=100", "prefix=expando", "processing.index:Integer=100"}, service = {UserFieldExpressionHandler.class})
/* loaded from: input_file:com/liferay/saml/opensaml/integration/internal/field/expression/handler/ExpandoUserFieldExpressionHandler.class */
public class ExpandoUserFieldExpressionHandler implements UserFieldExpressionHandler {
    private static final Log _log = LogFactoryUtil.getLog(ExpandoUserFieldExpressionHandler.class);

    @Reference
    private ExpandoColumnLocalService _expandoColumnLocalService;

    @Reference
    private ExpandoTableLocalService _expandoTableLocalService;

    @Reference
    private ExpandoValueLocalService _expandoValueLocalService;

    @Reference
    private LDAPFilterValidator _ldapFilterValidator;
    private ConfigurationProvider<LDAPServerConfiguration> _ldapServerConfigurationProvider;

    @Reference
    private LDAPSettings _ldapSettings;

    @Reference
    private LDAPUserImporter _ldapUserImporter;
    private int _processingIndex;

    @Reference(policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    private volatile SafePortalLDAP _safePortalLDAP;

    @Reference
    private UserLocalService _userLocalService;

    @Override // com.liferay.saml.opensaml.integration.field.expression.handler.FieldExpressionHandler
    public void bindProcessorContext(UserProcessorContext userProcessorContext) {
        for (String str : getValidFieldExpressions()) {
            if (!Validator.isBlank((String) userProcessorContext.getValue(String.class, str))) {
                userProcessorContext.bind(user -> {
                    return _getExpandoValue(user, str);
                }, this._processingIndex, str, this::_update).mapString(str, (v0, v1) -> {
                    v0.setData(v1);
                });
            }
        }
    }

    @Override // com.liferay.saml.opensaml.integration.field.expression.handler.UserFieldExpressionHandler
    public User getLdapUser(long j, String str, String str2) throws Exception {
        for (LDAPServerConfiguration lDAPServerConfiguration : this._ldapServerConfigurationProvider.getConfigurations(j)) {
            if (!Validator.isNull(lDAPServerConfiguration.baseProviderURL())) {
                User _getLdapUser = _getLdapUser(lDAPServerConfiguration.ldapServerId(), j, str, str2);
                if (_getLdapUser != null) {
                    return _getLdapUser;
                }
            } else if (_log.isWarnEnabled()) {
                _log.warn("No provider URL defined in " + lDAPServerConfiguration);
            }
        }
        if (!_log.isDebugEnabled()) {
            return null;
        }
        _log.debug(StringBundler.concat(new String[]{"User with the expando field ", str2, "=", str, " was not found in any LDAP servers"}));
        return null;
    }

    @Override // com.liferay.saml.opensaml.integration.field.expression.handler.UserFieldExpressionHandler
    public String getSectionLabel(Locale locale) {
        return ResourceBundleUtil.getString(ResourceBundleUtil.getBundle(locale, DefaultUserFieldExpressionHandler.class), "user-custom-fields");
    }

    @Override // com.liferay.saml.opensaml.integration.field.expression.handler.UserFieldExpressionHandler
    public User getUser(long j, String str, String str2) throws PortalException {
        if (str == null) {
            return null;
        }
        List columnValues = this._expandoValueLocalService.getColumnValues(j, User.class.getName(), "CUSTOM_FIELDS", str2, str, -1, -1);
        if (columnValues.size() > 1) {
            columnValues.forEach(obj -> {
                StringBundler.concat(new Object[]{obj});
            });
            ArrayList arrayList = new ArrayList();
            columnValues.forEach(expandoValue -> {
                arrayList.add(Long.valueOf(expandoValue.getClassPK()));
            });
            throw new PortalException(StringBundler.concat(new Object[]{"User expando column \"", str2, "\" and value \"", str, "\" must match only 1 user, but it matched ", arrayList}));
        }
        Stream map = columnValues.stream().map((v0) -> {
            return v0.getClassPK();
        });
        UserLocalService userLocalService = this._userLocalService;
        userLocalService.getClass();
        return (User) map.map((v1) -> {
            return r1.fetchUserById(v1);
        }).findFirst().orElse(null);
    }

    @Override // com.liferay.saml.opensaml.integration.field.expression.handler.UserFieldExpressionHandler
    public List<String> getValidFieldExpressions() {
        ArrayList arrayList = new ArrayList();
        Iterator it = this._expandoColumnLocalService.getDefaultTableColumns(CompanyThreadLocal.getCompanyId().longValue(), User.class.getName()).iterator();
        while (it.hasNext()) {
            arrayList.add(((ExpandoColumn) it.next()).getName());
        }
        return Collections.unmodifiableList(arrayList);
    }

    @Override // com.liferay.saml.opensaml.integration.field.expression.handler.UserFieldExpressionHandler
    public boolean isSupportedForUserMatching(String str) {
        return true;
    }

    @Activate
    protected void activate(Map<String, Object> map) {
        this._processingIndex = GetterUtil.getInteger(map.get("processing.index"));
    }

    @Reference(target = "(factoryPid=com.liferay.portal.security.ldap.configuration.LDAPServerConfiguration)", unbind = "-")
    protected void setLDAPServerConfigurationProvider(ConfigurationProvider<LDAPServerConfiguration> configurationProvider) {
        this._ldapServerConfigurationProvider = configurationProvider;
    }

    private ExpandoValue _getExpandoValue(User user, String str) {
        ExpandoValue expandoValue = null;
        if (!user.isNew()) {
            expandoValue = this._expandoValueLocalService.getValue(user.getCompanyId(), User.class.getName(), "CUSTOM_FIELDS", str, user.getUserId());
        }
        if (expandoValue == null) {
            try {
                ExpandoColumn column = this._expandoColumnLocalService.getColumn(this._expandoTableLocalService.getTable(user.getCompanyId(), User.class.getName(), "CUSTOM_FIELDS").getTableId(), str);
                expandoValue = this._expandoValueLocalService.createExpandoValue(0L);
                expandoValue.setCompanyId(user.getCompanyId());
                expandoValue.setClassName(User.class.getName());
                expandoValue.setColumnId(column.getColumnId());
                expandoValue.setClassPK(user.getUserId());
            } catch (PortalException e) {
                throw new SystemException(e);
            }
        }
        return expandoValue;
    }

    private User _getLdapUser(long j, long j2, String str, String str2) throws Exception {
        String string = GetterUtil.getString(this._ldapSettings.getUserExpandoMappings(j, j2).getProperty(str2));
        if (Validator.isBlank(string)) {
            if (!_log.isDebugEnabled()) {
                return null;
            }
            _log.debug(StringBundler.concat(new Object[]{"User expando field ", str2, " is not mapped for LDAP server ", Long.valueOf(j)}));
            return null;
        }
        SafeLdapContext safeLdapContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                LDAPServerConfiguration lDAPServerConfiguration = (LDAPServerConfiguration) this._ldapServerConfigurationProvider.getConfiguration(j2, j);
                SafeLdapContext safeLdapContext2 = this._safePortalLDAP.getSafeLdapContext(j, j2);
                if (safeLdapContext2 == null) {
                    _log.error("Unable to bind to the LDAP server");
                    if (0 != 0) {
                        namingEnumeration.close();
                    }
                    if (safeLdapContext2 != null) {
                        safeLdapContext2.close();
                    }
                    return null;
                }
                if (lDAPServerConfiguration.ldapServerId() != j) {
                    if (_log.isDebugEnabled()) {
                        _log.debug(StringBundler.concat(new Object[]{"LDAP server ID ", Long.valueOf(j), " is no longer valid, company ", Long.valueOf(j2), " now uses ", Long.valueOf(lDAPServerConfiguration.ldapServerId())}));
                    }
                    if (0 != 0) {
                        namingEnumeration.close();
                    }
                    if (safeLdapContext2 != null) {
                        safeLdapContext2.close();
                    }
                    return null;
                }
                try {
                    NamingEnumeration search = safeLdapContext2.search(LDAPUtil.getBaseDNSafeLdapName(lDAPServerConfiguration), SafeLdapFilterFactory.fromUnsafeFilter(lDAPServerConfiguration.userSearchFilter(), this._ldapFilterValidator).and(new SafeLdapFilter[]{SafeLdapFilterConstraints.eq(string, str)}), new SearchControls(2, 1L, 0, new String[]{StringUtil.toLowerCase(GetterUtil.getString(this._ldapSettings.getUserMappings(j, j2).getProperty("screenName")))}, false, false));
                    if (!search.hasMoreElements()) {
                        if (search != null) {
                            search.close();
                        }
                        if (safeLdapContext2 != null) {
                            safeLdapContext2.close();
                        }
                        return null;
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug("Search filter returned at least one result");
                    }
                    User importUser = this._ldapUserImporter.importUser(j, j2, safeLdapContext2, this._safePortalLDAP.getUserAttributes(j, j2, safeLdapContext2, SafeLdapNameFactory.from((Binding) search.nextElement())), (String) null);
                    if (search != null) {
                        search.close();
                    }
                    if (safeLdapContext2 != null) {
                        safeLdapContext2.close();
                    }
                    return importUser;
                } catch (LDAPFilterException e) {
                    throw new LDAPFilterException("Invalid user search filter: ", e);
                }
            } catch (Exception e2) {
                if (_log.isWarnEnabled()) {
                    _log.warn("Problem accessing LDAP server " + e2.getMessage());
                }
                if (_log.isDebugEnabled()) {
                    _log.debug(e2, e2);
                }
                throw new SystemException("Problem accessing LDAP server " + e2.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                namingEnumeration.close();
            }
            if (0 != 0) {
                safeLdapContext.close();
            }
            throw th;
        }
    }

    private ExpandoValue _update(ExpandoValue expandoValue, ExpandoValue expandoValue2, ServiceContext serviceContext) throws PortalException {
        if (!expandoValue2.isNew()) {
            return this._expandoValueLocalService.updateExpandoValue(expandoValue2);
        }
        return this._expandoValueLocalService.addValue(expandoValue2.getCompanyId(), User.class.getName(), "CUSTOM_FIELDS", this._expandoColumnLocalService.getColumn(expandoValue2.getColumnId()).getName(), expandoValue2.getClassPK(), expandoValue2.getData());
    }
}
