package org.apache.openmeetings.core.ldap;

import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import org.apache.commons.io.FileUtils;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.CursorLdapReferralException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.message.AliasDerefMode;
import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.ldap.client.api.EntryCursorImpl;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.openmeetings.core.converter.ImageConverter;
import org.apache.openmeetings.db.dao.server.LdapConfigDao;
import org.apache.openmeetings.db.dao.user.GroupDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.server.LdapConfig;
import org.apache.openmeetings.db.entity.user.Address;
import org.apache.openmeetings.db.entity.user.Group;
import org.apache.openmeetings.db.entity.user.GroupUser;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.db.util.LocaleHelper;
import org.apache.openmeetings.db.util.TimezoneUtil;
import org.apache.openmeetings.util.OmException;
import org.apache.openmeetings.util.OmFileHelper;
import org.apache.openmeetings.util.OpenmeetingsVariables;
import org.apache.openmeetings.util.StoredFile;
import org.apache.wicket.util.string.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:org/apache/openmeetings/core/ldap/LdapLoginManager.class */
public class LdapLoginManager {
    private static final Logger log = LoggerFactory.getLogger(LdapLoginManager.class);
    private static final String WARN_REFERRAL = "Referral LDAP entry found, ignore it";
    private static final String CONFIGKEY_LDAP_KEY_LOGIN = "ldap_user_attr_login";
    private static final String CONFIGKEY_LDAP_KEY_LASTNAME = "ldap_user_attr_lastname";
    private static final String CONFIGKEY_LDAP_KEY_FIRSTNAME = "ldap_user_attr_firstname";
    private static final String CONFIGKEY_LDAP_KEY_MAIL = "ldap_user_attr_mail";
    private static final String CONFIGKEY_LDAP_KEY_STREET = "ldap_user_attr_street";
    private static final String CONFIGKEY_LDAP_KEY_ADDITIONAL_NAME = "ldap_user_attr_additionalname";
    private static final String CONFIGKEY_LDAP_KEY_FAX = "ldap_user_attr_fax";
    private static final String CONFIGKEY_LDAP_KEY_ZIP = "ldap_user_attr_zip";
    private static final String CONFIGKEY_LDAP_KEY_COUNTRY = "ldap_user_attr_country";
    private static final String CONFIGKEY_LDAP_KEY_TOWN = "ldap_user_attr_town";
    private static final String CONFIGKEY_LDAP_KEY_PHONE = "ldap_user_attr_phone";
    private static final String CONFIGKEY_LDAP_KEY_GROUP = "ldap_group_attr";
    public static final String CONFIGKEY_LDAP_KEY_PICTURE = "ldap_user_attr_picture";
    private static final String LDAP_KEY_LOGIN = "uid";
    private static final String LDAP_KEY_LASTNAME = "sn";
    private static final String LDAP_KEY_FIRSTNAME = "givenName";
    private static final String LDAP_KEY_MAIL = "mail";
    private static final String LDAP_KEY_STREET = "streetAddress";
    private static final String LDAP_KEY_ADDITIONAL_NAME = "description";
    private static final String LDAP_KEY_FAX = "facsimileTelephoneNumber";
    private static final String LDAP_KEY_ZIP = "postalCode";
    private static final String LDAP_KEY_COUNTRY = "co";
    private static final String LDAP_KEY_TOWN = "l";
    private static final String LDAP_KEY_PHONE = "telephoneNumber";
    private static final String LDAP_KEY_TIMEZONE = "timezone";
    private static final String LDAP_KEY_GROUP = "memberOf";

    @Autowired
    private LdapConfigDao ldapConfigDao;

    @Autowired
    private UserDao userDao;

    @Autowired
    private GroupDao groupDao;

    @Autowired
    private ImageConverter imageConverter;

    /* loaded from: input_file:org/apache/openmeetings/core/ldap/LdapLoginManager$AuthType.class */
    public enum AuthType {
        NONE,
        SEARCHANDBIND,
        SIMPLEBIND
    }

    /* loaded from: input_file:org/apache/openmeetings/core/ldap/LdapLoginManager$GroupMode.class */
    public enum GroupMode {
        NONE,
        ATTRIBUTE,
        QUERY
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/openmeetings/core/ldap/LdapLoginManager$LdapWorker.class */
    public class LdapWorker implements Closeable {
        final LdapConnection conn;
        final Properties config = new Properties();
        final LdapOptions options;
        final Long domainId;
        final LdapConfig ldapCfg;

        public LdapWorker(Long l) {
            this.domainId = l;
            this.ldapCfg = LdapLoginManager.this.ldapConfigDao.get(l);
            OmFileHelper.loadLdapConf(this.ldapCfg.getConfigFileName(), this.config);
            this.options = new LdapOptions(this.config);
            this.conn = new LdapNetworkConnection(this.options.host, this.options.port, this.options.secure);
        }

        public User setUserPicture(Entry entry, User user) throws LdapInvalidAttributeValueException {
            Value value;
            Attribute attr = LdapLoginManager.getAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_PICTURE, "");
            User user2 = user;
            if (attr != null && (value = attr.get()) != null && value.getBytes() != null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(value.getBytes());
                StoredFile storedFile = new StoredFile("picture", byteArrayInputStream);
                if (storedFile.isImage()) {
                    Path path = null;
                    try {
                        try {
                            path = Files.createTempFile("omLdap", "img", new FileAttribute[0]);
                            FileUtils.copyToFile(byteArrayInputStream, path.toFile());
                            LdapLoginManager.this.imageConverter.convertImageUserProfile(path.toFile(), user.getId(), storedFile.isAsIs());
                            user2 = LdapLoginManager.this.userDao.get(user.getId());
                            if (path != null) {
                                try {
                                    Files.deleteIfExists(path);
                                } catch (IOException e) {
                                    LdapLoginManager.log.error("Unexpected error while clean-up", e);
                                }
                            }
                        } catch (Exception e2) {
                            LdapLoginManager.log.error("Unable to store binary image from LDAP", e2);
                            if (path != null) {
                                try {
                                    Files.deleteIfExists(path);
                                } catch (IOException e3) {
                                    LdapLoginManager.log.error("Unexpected error while clean-up", e3);
                                }
                            }
                        }
                    } catch (Throwable th) {
                        if (path != null) {
                            try {
                                Files.deleteIfExists(path);
                            } catch (IOException e4) {
                                LdapLoginManager.log.error("Unexpected error while clean-up", e4);
                            }
                        }
                        throw th;
                    }
                } else {
                    user2.setPictureUri(value.getString());
                }
            }
            if (Strings.isEmpty(user2.getPictureUri()) && !Strings.isEmpty(this.options.pictureUri)) {
                user2.setPictureUri(this.options.pictureUri);
            }
            return LdapLoginManager.this.userDao.update(user2, (Long) null);
        }

        public User getUser(Entry entry, User user) throws LdapException, CursorException, OmException, IOException {
            if (entry == null) {
                LdapLoginManager.log.error("LDAP entry is null, search or lookup by Dn failed");
                throw OmException.BAD_CREDENTIALS;
            }
            if (user == null) {
                user = UserDao.getNewUserInstance((User) null);
                user.setType(User.Type.LDAP);
                user.getRights().remove(User.Right.LOGIN);
                user.setDomainId(this.domainId);
                Group group = LdapLoginManager.this.groupDao.get(OpenmeetingsVariables.getDefaultGroup());
                if (group != null) {
                    user.addGroup(group);
                }
                String login = LdapLoginManager.getLogin(this.config, entry);
                if (this.ldapCfg.getAddDomainToUserName()) {
                    login = login + "@" + this.ldapCfg.getDomain();
                }
                if (this.options.useLowerCase) {
                    login = login.toLowerCase(Locale.ROOT);
                }
                user.setLogin(login);
                user.setShowContactDataToContacts(true);
                user.setAddress(new Address());
            }
            user.setLastname(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_LASTNAME, LdapLoginManager.LDAP_KEY_LASTNAME));
            user.setFirstname(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_FIRSTNAME, LdapLoginManager.LDAP_KEY_FIRSTNAME));
            user.getAddress().setEmail(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_MAIL, LdapLoginManager.LDAP_KEY_MAIL));
            user.getAddress().setStreet(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_STREET, LdapLoginManager.LDAP_KEY_STREET));
            user.getAddress().setAdditionalname(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_ADDITIONAL_NAME, LdapLoginManager.LDAP_KEY_ADDITIONAL_NAME));
            user.getAddress().setFax(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_FAX, LdapLoginManager.LDAP_KEY_FAX));
            user.getAddress().setZip(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_ZIP, LdapLoginManager.LDAP_KEY_ZIP));
            user.getAddress().setCountry(LocaleHelper.validateCountry(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_COUNTRY, LdapLoginManager.LDAP_KEY_COUNTRY)));
            user.getAddress().setTown(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_TOWN, LdapLoginManager.LDAP_KEY_TOWN));
            user.getAddress().setPhone(LdapLoginManager.getStringAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_PHONE, LdapLoginManager.LDAP_KEY_PHONE));
            String stringAttr = LdapLoginManager.getStringAttr(this.config, entry, "ldap_user_timezone", LdapLoginManager.LDAP_KEY_TIMEZONE);
            if (stringAttr == null) {
                stringAttr = this.options.tz;
            }
            user.setTimeZoneId(TimezoneUtil.getTimeZone(stringAttr).getID());
            ArrayList arrayList = new ArrayList();
            if (GroupMode.ATTRIBUTE == this.options.groupMode) {
                Attribute attr = LdapLoginManager.getAttr(this.config, entry, LdapLoginManager.CONFIGKEY_LDAP_KEY_GROUP, LdapLoginManager.LDAP_KEY_GROUP);
                if (attr != null) {
                    Iterator it = attr.iterator();
                    while (it.hasNext()) {
                        arrayList.add(new Dn(new String[]{((Value) it.next()).getString()}));
                    }
                }
            } else if (GroupMode.QUERY == this.options.groupMode) {
                fillGroups(new Dn(new String[]{this.options.searchBase}), String.format(this.options.groupQuery, user.getLogin()), arrayList);
            }
            Iterator<Dn> it2 = arrayList.iterator();
            while (it2.hasNext()) {
                String value = it2.next().getRdn().getValue();
                if (!Strings.isEmpty(value)) {
                    Group group2 = LdapLoginManager.this.groupDao.get(value);
                    boolean z = false;
                    if (group2 == null) {
                        Group group3 = new Group();
                        group3.setName(value);
                        group2 = LdapLoginManager.this.groupDao.update(group3, user.getId());
                    } else {
                        Iterator it3 = user.getGroupUsers().iterator();
                        while (true) {
                            if (!it3.hasNext()) {
                                break;
                            }
                            if (((GroupUser) it3.next()).getGroup().getName().equals(value)) {
                                z = true;
                                break;
                            }
                        }
                    }
                    if (!z) {
                        user.addGroup(group2);
                        LdapLoginManager.log.debug("Going to add user to group:: {}", value);
                    }
                }
            }
            return user;
        }

        private void fillGroups(Dn dn, String str, List<Dn> list) throws IOException, LdapException, CursorException {
            EntryCursorImpl entryCursorImpl = new EntryCursorImpl(this.conn.search(new SearchRequestImpl().setBase(dn).setFilter(str).setScope(SearchScope.SUBTREE).addAttributes(new String[]{"*"}).setDerefAliases(AliasDerefMode.DEREF_ALWAYS)));
            while (entryCursorImpl.next()) {
                try {
                    try {
                        list.add(((Entry) entryCursorImpl.get()).getDn());
                    } catch (CursorLdapReferralException e) {
                        LdapLoginManager.log.warn(LdapLoginManager.WARN_REFERRAL);
                    }
                } catch (Throwable th) {
                    try {
                        entryCursorImpl.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
            entryCursorImpl.close();
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            if (this.conn != null) {
                this.conn.close();
            }
        }
    }

    /* loaded from: input_file:org/apache/openmeetings/core/ldap/LdapLoginManager$Provisionning.class */
    public enum Provisionning {
        NONE,
        AUTOUPDATE,
        AUTOCREATE
    }

    private static void bindAdmin(LdapConnection ldapConnection, LdapOptions ldapOptions) throws LdapException {
        if (Strings.isEmpty(ldapOptions.adminDn)) {
            ldapConnection.bind();
        } else {
            ldapConnection.bind(ldapOptions.adminDn, ldapOptions.adminPasswd);
        }
    }

    private static Attribute getAttr(Properties properties, Entry entry, String str, String str2) {
        String property = properties.getProperty(str, "");
        if (Strings.isEmpty(property)) {
            property = str2;
        }
        if (Strings.isEmpty(property)) {
            return null;
        }
        return entry.get(property);
    }

    private static String getStringAttr(Properties properties, Entry entry, String str, String str2) throws LdapInvalidAttributeValueException {
        Attribute attr = getAttr(properties, entry, str, str2);
        if (attr == null) {
            return null;
        }
        return attr.getString();
    }

    private static String getLogin(Properties properties, Entry entry) throws LdapInvalidAttributeValueException {
        return getStringAttr(properties, entry, CONFIGKEY_LDAP_KEY_LOGIN, LDAP_KEY_LOGIN);
    }

    public User login(String str, String str2, Long l) throws OmException {
        log.debug("LdapLoginmanager.doLdapLogin");
        if (!this.userDao.validLogin(str)) {
            log.error("Invalid login provided");
            return null;
        }
        try {
            LdapWorker ldapWorker = new LdapWorker(l);
            try {
                String lowerCase = ldapWorker.options.useLowerCase ? str.toLowerCase(Locale.ROOT) : str;
                boolean z = true;
                Dn dn = null;
                Entry entry = null;
                switch (ldapWorker.options.type) {
                    case SEARCHANDBIND:
                        Map.Entry<Dn, Entry> searchAndBind = searchAndBind(ldapWorker, lowerCase, str2);
                        dn = searchAndBind.getKey();
                        entry = searchAndBind.getValue();
                        break;
                    case SIMPLEBIND:
                        dn = new Dn(new String[]{String.format(ldapWorker.options.userDn, lowerCase)});
                        ldapWorker.conn.bind(dn, str2);
                        break;
                    case NONE:
                    default:
                        z = false;
                        break;
                }
                User byLogin = z ? this.userDao.getByLogin(lowerCase, User.Type.LDAP, l) : this.userDao.login(lowerCase, str2);
                log.debug("getByLogin:: authenticated ? {}, login = '{}', domain = {}, user = {}", new Object[]{Boolean.valueOf(z), lowerCase, l, byLogin});
                if (byLogin == null && Provisionning.AUTOCREATE != ldapWorker.options.prov) {
                    log.error("User not found in OM DB and Provisionning.AUTOCREATE was not set");
                    throw OmException.BAD_CREDENTIALS;
                }
                if (z && entry == null) {
                    if (ldapWorker.options.useAdminForAttrs) {
                        bindAdmin(ldapWorker.conn, ldapWorker.options);
                    }
                    entry = ldapWorker.conn.lookup(dn);
                }
                switch (ldapWorker.options.prov) {
                    case AUTOUPDATE:
                    case AUTOCREATE:
                        User user = ldapWorker.getUser(entry, byLogin);
                        if (ldapWorker.options.syncPasswd) {
                            user.updatePassword(str2);
                        }
                        byLogin = ldapWorker.setUserPicture(entry, this.userDao.update(user, (Long) null));
                        break;
                }
                ldapWorker.close();
                return byLogin;
            } catch (Throwable th) {
                try {
                    ldapWorker.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Exception e) {
            log.error("Unexpected exception.", e);
            throw new OmException(e);
        } catch (OmException e2) {
            throw e2;
        } catch (LdapAuthenticationException e3) {
            log.error("Not authenticated.", e3);
            throw OmException.BAD_CREDENTIALS;
        }
    }

    private static Map.Entry<Dn, Entry> searchAndBind(LdapWorker ldapWorker, String str, String str2) throws LdapException, CursorException, OmException, IOException {
        Entry entry;
        Dn dn = null;
        Entry entry2 = null;
        bindAdmin(ldapWorker.conn, ldapWorker.options);
        EntryCursorImpl entryCursorImpl = new EntryCursorImpl(ldapWorker.conn.search(new SearchRequestImpl().setBase(new Dn(new String[]{ldapWorker.options.searchBase})).setFilter(String.format(ldapWorker.options.searchQuery, str)).setScope(ldapWorker.options.scope).addAttributes(new String[]{"*"}).setDerefAliases(ldapWorker.options.derefMode)));
        while (entryCursorImpl.next()) {
            try {
                try {
                    entry = (Entry) entryCursorImpl.get();
                } catch (CursorLdapReferralException e) {
                    log.warn(WARN_REFERRAL);
                }
                if (dn != null) {
                    log.error("more than 1 user found in LDAP");
                    throw OmException.UNKNOWN;
                    break;
                }
                dn = entry.getDn();
                if (ldapWorker.options.useAdminForAttrs) {
                    entry2 = entry;
                }
            } catch (Throwable th) {
                try {
                    entryCursorImpl.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        entryCursorImpl.close();
        if (dn == null) {
            log.error("NONE users found in LDAP");
            throw OmException.BAD_CREDENTIALS;
        }
        ldapWorker.conn.bind(dn, str2);
        return new AbstractMap.SimpleEntry(dn, entry2);
    }

    public void importUsers(Long l, boolean z) throws OmException {
        try {
            LdapWorker ldapWorker = new LdapWorker(l);
            try {
                bindAdmin(ldapWorker.conn, ldapWorker.options);
                EntryCursorImpl entryCursorImpl = new EntryCursorImpl(ldapWorker.conn.search(new SearchRequestImpl().setBase(new Dn(new String[]{ldapWorker.options.searchBase})).setFilter(ldapWorker.options.importQuery).setScope(ldapWorker.options.scope).addAttributes(new String[]{"*"}).setDerefAliases(ldapWorker.options.derefMode)));
                try {
                    importUsers(ldapWorker, entryCursorImpl, l, z);
                    entryCursorImpl.close();
                    ldapWorker.close();
                } catch (Throwable th) {
                    try {
                        entryCursorImpl.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                try {
                    ldapWorker.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
                throw th3;
            }
        } catch (OmException e) {
            throw e;
        } catch (LdapAuthenticationException e2) {
            log.error("Not authenticated.", e2);
            throw OmException.BAD_CREDENTIALS;
        } catch (Exception e3) {
            log.error("Unexpected exception.", e3);
            throw new OmException(e3);
        }
    }

    private void importUsers(LdapWorker ldapWorker, EntryCursor entryCursor, Long l, boolean z) throws LdapException, CursorException, OmException, IOException {
        while (entryCursor.next()) {
            try {
                Entry entry = (Entry) entryCursor.get();
                User user = ldapWorker.getUser(entry, this.userDao.getByLogin(getLogin(ldapWorker.config, entry), User.Type.LDAP, l));
                if (z) {
                    log.info("Going to import user: {}", user);
                } else {
                    this.userDao.update(user, (Long) null);
                    log.info("User {}, was imported", user);
                }
            } catch (CursorLdapReferralException e) {
                log.warn(WARN_REFERRAL);
            }
        }
    }
}
