package org.georchestra.ds.roles;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.TreeSet;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.naming.Name;
import javax.naming.directory.Attributes;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.georchestra.ds.DataServiceException;
import org.georchestra.ds.DuplicatedCommonNameException;
import org.georchestra.ds.users.Account;
import org.georchestra.ds.users.AccountDao;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.InvalidNameException;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.support.LdapNameBuilder;

/* loaded from: input_file:WEB-INF/lib/georchestra-ldap-account-management-24.0.3-SNAPSHOT.jar:org/georchestra/ds/roles/RoleDaoImpl.class */
public class RoleDaoImpl implements RoleDao {
    private static final Log LOG = LogFactory.getLog(RoleDaoImpl.class.getName());
    private LdapTemplate ldapTemplate;
    private String roleSearchBaseDN;

    @Autowired
    private AccountDao accountDao;

    @Autowired
    private RoleProtected roles;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/georchestra-ldap-account-management-24.0.3-SNAPSHOT.jar:org/georchestra/ds/roles/RoleDaoImpl$RoleContextMapper.class */
    public static class RoleContextMapper implements ContextMapper<Role> {
        private RoleContextMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.ldap.core.ContextMapper
        public Role mapFromContext(Object obj) {
            DirContextAdapter dirContextAdapter = (DirContextAdapter) obj;
            Role create = RoleFactory.create();
            String stringAttribute = dirContextAdapter.getStringAttribute("georchestraObjectIdentifier");
            create.setUniqueIdentifier(null == stringAttribute ? null : UUID.fromString(stringAttribute));
            create.setName(dirContextAdapter.getStringAttribute("cn"));
            create.setDescription(dirContextAdapter.getStringAttribute("description"));
            create.setFavorite(RoleSchema.FAVORITE_VALUE.equals(dirContextAdapter.getStringAttribute(RoleSchema.FAVORITE_KEY)));
            for (Object obj2 : getUsers(dirContextAdapter)) {
                create.addUser((String) obj2);
            }
            return create;
        }

        private Object[] getUsers(DirContextAdapter dirContextAdapter) {
            Object[] objectAttributes = dirContextAdapter.getObjectAttributes(RoleSchema.MEMBER_KEY);
            if (objectAttributes == null) {
                objectAttributes = new Object[0];
            }
            return objectAttributes;
        }
    }

    public void setRoleSearchBaseDN(String str) {
        this.roleSearchBaseDN = str;
    }

    public void setLdapTemplate(LdapTemplate ldapTemplate) {
        this.ldapTemplate = ldapTemplate;
    }

    public Name buildRoleDn(String str) {
        try {
            return LdapNameBuilder.newInstance(this.roleSearchBaseDN).add("cn", str).build();
        } catch (InvalidNameException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    public void setRoles(RoleProtected roleProtected) {
        this.roles = roleProtected;
    }

    public void setAccountDao(AccountDao accountDao) {
        this.accountDao = accountDao;
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public void addUser(String str, Account account) throws DataServiceException, NameNotFoundException {
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext(buildRoleDn(str));
        HashSet hashSet = new HashSet();
        if (lookupContext.getStringAttributes("objectClass") != null) {
            Collections.addAll(hashSet, lookupContext.getStringAttributes("objectClass"));
        }
        Collections.addAll(hashSet, "top", "groupOfMembers");
        lookupContext.setAttributeValues("objectClass", hashSet.toArray());
        try {
            lookupContext.addAttributeValue(RoleSchema.MEMBER_KEY, this.accountDao.buildFullUserDn(account), false);
            this.ldapTemplate.modifyAttributes(lookupContext);
            findByCommonName(str);
        } catch (Exception e) {
            LOG.error(e);
            throw new DataServiceException(e);
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public void deleteUser(Account account) throws DataServiceException {
        Iterator<Role> it = findAllForUser(account).iterator();
        while (it.hasNext()) {
            deleteUser(it.next().getName(), account);
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public void deleteUser(String str, Account account) throws NameNotFoundException, DataServiceException {
        Role findByCommonName = findByCommonName(str);
        String uid = account.getUid();
        List<String> userList = findByCommonName.getUserList();
        if (userList != null && userList.remove(uid)) {
            try {
                update(str, findByCommonName);
            } catch (DuplicatedCommonNameException | NameNotFoundException e) {
                throw new DataServiceException(e);
            }
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public void modifyUser(Account account, Account account2) throws DataServiceException {
        Iterator<Role> it = findAllForUser(account).iterator();
        while (it.hasNext()) {
            Name buildRoleDn = buildRoleDn(it.next().getName());
            String buildFullUserDn = this.accountDao.buildFullUserDn(account);
            String buildFullUserDn2 = this.accountDao.buildFullUserDn(account2);
            DirContextOperations lookupContext = this.ldapTemplate.lookupContext(buildRoleDn);
            lookupContext.removeAttributeValue(RoleSchema.MEMBER_KEY, buildFullUserDn);
            lookupContext.addAttributeValue(RoleSchema.MEMBER_KEY, buildFullUserDn2);
            this.ldapTemplate.modifyAttributes(lookupContext);
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public List<Role> findAll() {
        List search = this.ldapTemplate.search(this.roleSearchBaseDN, new EqualsFilter("objectClass", "groupOfMembers").encode(), new RoleContextMapper());
        TreeSet treeSet = new TreeSet();
        Iterator it = search.iterator();
        while (it.hasNext()) {
            treeSet.add((Role) it.next());
        }
        return new LinkedList(treeSet);
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public List<Role> findAllForUser(Account account) {
        EqualsFilter equalsFilter = new EqualsFilter("objectClass", "groupOfMembers");
        AndFilter andFilter = new AndFilter();
        andFilter.and(equalsFilter);
        andFilter.and(new EqualsFilter(RoleSchema.MEMBER_KEY, this.accountDao.buildFullUserDn(account)));
        return this.ldapTemplate.search(this.roleSearchBaseDN, andFilter.encode(), new RoleContextMapper());
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public Role findByCommonName(String str) throws DataServiceException, NameNotFoundException {
        try {
            return (Role) this.ldapTemplate.lookup(buildRoleDn(str), new RoleContextMapper());
        } catch (NameNotFoundException e) {
            throw new NameNotFoundException("There is not a role with this common name (cn): " + str);
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public void delete(String str) throws DataServiceException, NameNotFoundException {
        if (this.roles.isProtected(str)) {
            throw new DataServiceException("Role " + str + " is a protected role");
        }
        try {
            this.ldapTemplate.unbind(buildRoleDn(str), true);
        } catch (NameNotFoundException e) {
            LOG.debug("Tried to remove a non exising role, ignoring: " + str);
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public synchronized void insert(Role role) throws DataServiceException, DuplicatedCommonNameException {
        if (role.getName().length() == 0) {
            throw new IllegalArgumentException("given name is required");
        }
        try {
            if (findByCommonName(role.getName()) != null) {
                throw new DuplicatedCommonNameException("there is a role with this name: " + role.getName());
            }
            throw new NameNotFoundException("Not found");
        } catch (NameNotFoundException e) {
            LOG.debug("The role with name " + role.getName() + " does not exist yet, it can then be safely created.");
            Name buildRoleDn = buildRoleDn(role.getName());
            DirContextAdapter dirContextAdapter = new DirContextAdapter(buildRoleDn);
            mapToContext(role, dirContextAdapter);
            try {
                this.ldapTemplate.bind(buildRoleDn, dirContextAdapter, (Attributes) null);
            } catch (NamingException e2) {
                LOG.error(e2);
                throw new DataServiceException(e2);
            }
        }
    }

    void mapToContext(Role role, DirContextOperations dirContextOperations) {
        HashSet hashSet = new HashSet();
        if (dirContextOperations.getStringAttributes("objectClass") != null) {
            Collections.addAll(hashSet, dirContextOperations.getStringAttributes("objectClass"));
        }
        Collections.addAll(hashSet, "top", "groupOfMembers", "georchestraRole");
        dirContextOperations.setAttributeValues("objectClass", hashSet.toArray());
        if (null == role.getUniqueIdentifier()) {
            role.setUniqueIdentifier(UUID.randomUUID());
        }
        setContextField(dirContextOperations, "georchestraObjectIdentifier", role.getUniqueIdentifier().toString());
        setContextField(dirContextOperations, "cn", role.getName());
        setContextField(dirContextOperations, "description", role.getDescription());
        dirContextOperations.setAttributeValues(RoleSchema.MEMBER_KEY, ((List) role.getUserList().stream().map(str -> {
            try {
                return this.accountDao.findByUID(str);
            } catch (DataServiceException e) {
                return null;
            }
        }).filter(account -> {
            return null != account;
        }).map(account2 -> {
            return this.accountDao.buildFullUserDn(account2);
        }).collect(Collectors.toList())).toArray());
        if (role.isFavorite()) {
            setContextField(dirContextOperations, RoleSchema.FAVORITE_KEY, RoleSchema.FAVORITE_VALUE);
        } else {
            dirContextOperations.removeAttributeValue(RoleSchema.FAVORITE_KEY, RoleSchema.FAVORITE_VALUE);
        }
    }

    private void setContextField(DirContextOperations dirContextOperations, String str, Object obj) {
        if (isNullValue(obj)) {
            return;
        }
        dirContextOperations.setAttributeValue(str, obj);
    }

    private boolean isNullValue(Object obj) {
        if (obj == null) {
            return true;
        }
        return (obj instanceof String) && ((String) obj).length() == 0;
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public synchronized void update(String str, Role role) throws DataServiceException, NameNotFoundException, DuplicatedCommonNameException {
        if (role.getName().length() == 0) {
            throw new IllegalArgumentException("given name is required");
        }
        Name buildRoleDn = buildRoleDn(str);
        Name buildRoleDn2 = buildRoleDn(role.getName());
        if (!role.getName().equals(str)) {
            try {
                findByCommonName(role.getName());
                throw new DuplicatedCommonNameException("there is a role with this name: " + role.getName());
            } catch (NameNotFoundException e) {
                LOG.debug("no account with name " + role.getName() + " can be found, it is then safe to rename the role.");
                this.ldapTemplate.rename(buildRoleDn, buildRoleDn2);
            }
        }
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext(buildRoleDn2);
        mapToContext(role, lookupContext);
        this.ldapTemplate.modifyAttributes(lookupContext);
    }

    private void addUsers(String str, List<Account> list) throws NameNotFoundException, DataServiceException {
        Iterator<Account> it = list.iterator();
        while (it.hasNext()) {
            addUser(str, it.next());
        }
    }

    private void deleteUsers(String str, List<Account> list) throws DataServiceException, NameNotFoundException {
        Iterator<Account> it = list.iterator();
        while (it.hasNext()) {
            deleteUser(str, it.next());
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public void addUsersInRoles(List<String> list, List<Account> list2) throws DataServiceException, NameNotFoundException {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            addUsers(it.next(), list2);
        }
    }

    @Override // org.georchestra.ds.roles.RoleDao
    public void deleteUsersInRoles(List<String> list, List<Account> list2) throws DataServiceException, NameNotFoundException {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            deleteUsers(it.next(), list2);
        }
    }
}
