package org.summerboot.jexpress.integration.ldap;

import java.io.Closeable;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.summerboot.jexpress.security.EncryptorUtil;

/* loaded from: input_file:org/summerboot/jexpress/integration/ldap/LdapAgent.class */
public class LdapAgent implements Closeable {
    private static final Logger log = LogManager.getLogger(LdapAgent.class);
    private static final String DN = "dn";
    protected final Properties cfg;
    protected final String baseDN;
    protected final boolean isAD;
    protected final String tenantGroupName;
    protected LdapContext m_ctx = null;
    private static final int SALT_LENGTH = 4;

    public static Properties buildCfg(String str, int i, boolean z, String str2, String str3, String str4, String str5) {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.provider.url", z ? "ldaps://" + str + ":" + i : "ldap://" + str + ":" + i);
        if (StringUtils.isNotBlank(str4)) {
            properties.put("java.naming.security.principal", str4);
        }
        if (StringUtils.isNotBlank(str5)) {
            properties.put("java.naming.security.authentication", "simple");
            properties.put("java.naming.security.credentials", str5);
        }
        if (z) {
            properties.put("java.naming.security.protocol", str3);
            if (str2 != null) {
                properties.put("java.naming.ldap.factory.socket", str2);
            }
        }
        return properties;
    }

    public LdapAgent(Properties properties, String str, boolean z, String str2) throws NamingException, IOException {
        this.cfg = properties;
        this.baseDN = str;
        this.isAD = z;
        this.tenantGroupName = str2;
        connect();
    }

    public String getBaseDN() {
        return this.baseDN;
    }

    public String getTenantGroupName() {
        return this.tenantGroupName;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.m_ctx != null) {
            log.debug("processing...");
            try {
                this.m_ctx.close();
            } catch (NamingException e) {
                log.error("failed to close LDAP ctx", e);
            } finally {
                this.m_ctx = null;
            }
            log.debug("success");
        }
    }

    private void connect() throws NamingException, IOException {
        close();
        log.debug(this.baseDN + ", isAD=" + this.isAD);
        this.m_ctx = new InitialLdapContext(this.cfg, (Control[]) null);
        log.debug("success");
    }

    public String getDN(String str) throws NamingException {
        String[] queryPersonDN = queryPersonDN(this.isAD ? "sAMAccountName" : "uid", str);
        if (queryPersonDN == null || queryPersonDN.length < 1) {
            return null;
        }
        return queryPersonDN[0];
    }

    public String[] queryPersonDN(String str, String str2) throws NamingException {
        List<Attributes> queryPerson = queryPerson(str, str2);
        int size = queryPerson.size();
        String[] strArr = new String[size];
        for (int i = 0; i < size; i++) {
            strArr[i] = getAttr(queryPerson.get(i), DN);
        }
        return strArr;
    }

    public List<Attributes> queryPerson(String str, String str2) throws NamingException {
        return query("(&(objectClass=" + (this.isAD ? "organizationalPerson" : "inetOrgPerson") + ")&(" + str + "=" + str2 + "))");
    }

    public List<Attributes> getUserRoleGroups(String str) throws NamingException {
        return query(this.isAD ? "(&(objectClass=group)(member=" + str + "))" : "(&(objectClass=groupOfUniqueNames)(uniqueMember=" + str + "))");
    }

    public List<Attributes> query(String str) throws NamingException {
        log.debug(() -> {
            return "base=" + this.baseDN + ", filter=" + str;
        });
        ArrayList arrayList = new ArrayList();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = this.m_ctx.search(this.baseDN, str, searchControls);
        while (search.hasMore()) {
            String nameInNamespace = ((SearchResult) search.next()).getNameInNamespace();
            Attributes attributes = this.m_ctx.getAttributes(nameInNamespace);
            arrayList.add(attributes);
            attributes.put(DN, nameInNamespace);
        }
        return arrayList;
    }

    public String getAttr(Attributes attributes, String str) throws NamingException {
        Attribute attribute;
        String str2 = null;
        if (attributes != null && str != null && (attribute = attributes.get(str)) != null) {
            str2 = attribute.getAll().next().toString();
        }
        return str2;
    }

    private List<String>[] parseAddedAndRemoved(List<Attributes> list, String[] strArr) throws NamingException {
        ArrayList arrayList = strArr == null ? new ArrayList() : new ArrayList(Arrays.asList(strArr));
        ArrayList arrayList2 = new ArrayList();
        List<String>[] listArr = {arrayList, arrayList2};
        Iterator<Attributes> it = list.iterator();
        while (it.hasNext()) {
            String attr = getAttr(it.next(), DN);
            boolean z = false;
            Iterator it2 = arrayList.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                if (((String) it2.next()).equals(attr)) {
                    z = true;
                    break;
                }
            }
            if (z) {
                arrayList.remove(attr);
            } else {
                arrayList2.add(attr);
            }
        }
        return listArr;
    }

    public static String hashMD5Password(String str, String str2) throws GeneralSecurityException {
        MessageDigest messageDigest = MessageDigest.getInstance(str2);
        messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
        return Base64.getEncoder().encodeToString(messageDigest.digest());
    }

    public static String generateSSHA(String str) throws NoSuchAlgorithmException {
        return generateSSHA(str, EncryptorUtil.MESSAGEDIGEST_ALGORITHM);
    }

    public static String generateSSHA(String str, String str2) throws NoSuchAlgorithmException {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] bArr = new byte[4];
        new SecureRandom().nextBytes(bArr);
        MessageDigest messageDigest = MessageDigest.getInstance(str2);
        messageDigest.reset();
        messageDigest.update(bytes);
        messageDigest.update(bArr);
        byte[] digest = messageDigest.digest();
        byte[] bArr2 = new byte[digest.length + bArr.length];
        System.arraycopy(digest, 0, bArr2, 0, digest.length);
        System.arraycopy(bArr, 0, bArr2, digest.length, bArr.length);
        return Base64.getEncoder().encodeToString(bArr2);
    }

    public void authenticate(String str, String str2) throws NamingException {
        try {
            this.m_ctx.addToEnvironment("java.naming.security.principal", str);
            this.m_ctx.addToEnvironment("java.naming.security.credentials", str2);
            this.m_ctx.reconnect((Control[]) null);
            Control[] responseControls = this.m_ctx.getResponseControls();
            if (responseControls != null) {
                for (Control control : responseControls) {
                    log.debug("  Control: " + control.getID() + " | crit: " + control.isCritical() + " | val: '" + new String(control.getEncodedValue()) + "'");
                }
            }
        } finally {
            this.m_ctx.removeFromEnvironment("java.naming.security.principal");
            this.m_ctx.removeFromEnvironment("java.naming.security.credentials");
        }
    }

    public void changePassword(String str, String str2, String str3) throws NamingException, GeneralSecurityException {
        String dn = getDN(str);
        if (str2 != null) {
            authenticate(dn, str2);
        }
        authenticate("cn=root," + this.baseDN, String.valueOf(this.cfg.get("java.naming.security.credentials")));
        this.m_ctx.modifyAttributes(dn, new ModificationItem[]{new ModificationItem(2, new BasicAttribute("userPassword", generateSSHA(str3)))});
    }

    public static String n2q(String str) {
        return StringUtils.isBlank(str) ? "?" : str;
    }

    public String createUser(String str, String str2, String str3, String str4, Map<String, String> map) throws NamingException, GeneralSecurityException {
        if (getDN(str) != null) {
            throw new NamingException(str + " exists");
        }
        String str5 = "uid=" + str + ",ou=" + str4 + ",o=" + str3 + ",ou=" + this.tenantGroupName + "," + this.baseDN;
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttributes.put(basicAttribute);
        basicAttribute.add("top");
        basicAttribute.add("person");
        basicAttribute.add("inetOrgPerson");
        basicAttribute.add("organizationalPerson");
        basicAttributes.put(new BasicAttribute("uid", str));
        basicAttributes.put(new BasicAttribute("userPassword", generateSSHA(str2)));
        if (map != null) {
            map.forEach((str6, str7) -> {
                basicAttributes.put(new BasicAttribute(str6, n2q(str7)));
            });
        }
        try {
            this.m_ctx.createSubcontext(str5, basicAttributes);
        } catch (NameAlreadyBoundException e) {
        }
        return str5;
    }

    public String createEntry(String str, Set<String> set, Map<String, String> map) throws NamingException {
        BasicAttributes basicAttributes = new BasicAttributes();
        BasicAttribute basicAttribute = new BasicAttribute("objectClass");
        basicAttributes.put(basicAttribute);
        set.forEach(str2 -> {
            basicAttribute.add(str2);
        });
        map.forEach((str3, str4) -> {
            basicAttributes.put(new BasicAttribute(str3, n2q(str4)));
        });
        try {
            this.m_ctx.createSubcontext(str, basicAttributes);
        } catch (NameAlreadyBoundException e) {
        }
        return str;
    }

    public void updateEntryAttrs(String str, Map<String, String> map) throws GeneralSecurityException, NamingException {
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("\n\tuserDN=").append(str);
            map.forEach((str2, str3) -> {
                sb.append("\n\t ").append(str2).append("=").append(str3);
            });
            log.debug(sb);
        }
        ArrayList arrayList = new ArrayList();
        map.forEach((str4, str5) -> {
            arrayList.add(new ModificationItem(2, new BasicAttribute(str4, str5)));
        });
        int size = arrayList.size();
        if (size > 0) {
            this.m_ctx.modifyAttributes(str, (ModificationItem[]) arrayList.toArray(new ModificationItem[size]));
        }
    }

    public void deleteUser(String str) throws NamingException, GeneralSecurityException {
        log.debug(str);
        Iterator<Attributes> it = queryPerson("uid", str).iterator();
        while (it.hasNext()) {
            String attr = getAttr(it.next(), DN);
            updateUserGroups(attr, new String[0]);
            this.m_ctx.unbind(attr);
        }
    }

    public void deleteEntry(String str) throws NamingException, GeneralSecurityException {
        log.debug(str);
        if (str != null) {
            updateUserGroups(str, new String[0]);
            this.m_ctx.unbind(str);
        }
    }

    public void updateUserGroups(String str, String... strArr) throws GeneralSecurityException, NamingException {
        List<String>[] parseAddedAndRemoved = parseAddedAndRemoved(getUserRoleGroups(str), strArr);
        List<String> list = parseAddedAndRemoved[0];
        for (String str2 : parseAddedAndRemoved[1]) {
            log.debug(str + ".remove=" + str2);
            try {
                this.m_ctx.modifyAttributes(str2, new ModificationItem[]{new ModificationItem(3, new BasicAttribute("uniqueMember", str))});
            } catch (Throwable th) {
                throw new GeneralSecurityException(th.getMessage() + "\n\tremove: " + str + "\n\tfrom: " + str2, th);
            }
        }
        for (String str3 : list) {
            log.debug(str + ".add=" + str3);
            try {
                this.m_ctx.modifyAttributes(str3, new ModificationItem[]{new ModificationItem(1, new BasicAttribute("uniqueMember", str))});
            } catch (Throwable th2) {
                throw new GeneralSecurityException(th2.getMessage() + "\n\tadd: " + str + "\n\tto: " + str3, th2);
            }
        }
    }

    public List<Attributes> queryOrganization(String str) throws NamingException {
        return query(StringUtils.isBlank(str) ? "(&(objectClass=organization)&(ou:dn:=" + this.tenantGroupName + "))" : "(&(objectClass=organization)&(ou:dn:=" + this.tenantGroupName + ")&(o:dn:=" + str + "))");
    }

    public List<Attributes> queryOrganizationUnit(String str, String str2) throws NamingException {
        return query(StringUtils.isBlank(str2) ? "(&(objectClass=organizationalUnit)&(ou:dn:=" + this.tenantGroupName + ")&(o:dn:=" + str + "))" : "(&(objectClass=organizationalUnit)&(ou:dn:=" + this.tenantGroupName + ")&(o:dn:=" + str + ")&(ou:dn:=" + str2 + "))");
    }

    public List<Attributes> queryOrganizationUnitUsers(String str, String str2) throws NamingException {
        return query(StringUtils.isBlank(str2) ? "(&(objectClass=inetOrgPerson)&(ou:dn:=" + this.tenantGroupName + ")&(o:dn:=" + str + "))" : "(&(objectClass=inetOrgPerson)&(ou:dn:=" + this.tenantGroupName + ")&(o:dn:=" + str + ")&(ou:dn:=" + str2 + "))");
    }

    public List<String> queryGroupUsers(String str) throws NamingException {
        ArrayList arrayList = new ArrayList();
        Iterator<Attributes> it = query("(&(objectClass=groupOfUniqueNames)&(ou:dn:=groups)(cn=" + str + "))").iterator();
        while (it.hasNext()) {
            Attribute attribute = it.next().get("uniqueMember");
            for (int i = 0; i < attribute.size(); i++) {
                arrayList.add((String) attribute.get(i));
            }
        }
        return arrayList;
    }
}
