package com.atlassian.confluence.it.usermanagement;

import com.atlassian.confluence.it.User;
import com.atlassian.confluence.it.rpc.ConfluenceRpc;
import com.atlassian.confluence.it.rpc.RpcRuntimeException;
import com.atlassian.gzipfilter.org.apache.commons.lang.StringUtils;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.ldap.core.AttributesMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.LdapTemplate;

/* loaded from: input_file:com/atlassian/confluence/it/usermanagement/LdapUserManagementHelper.class */
public class LdapUserManagementHelper implements UserManagementHelper {
    private static ClassPathXmlApplicationContext context;
    private static final Set<String> INITIAL_USER_NAMES;
    private static final Set<String> INITIAL_GROUP_NAMES;
    private final ConfluenceRpc xmlrpc;
    protected final transient Logger log = Logger.getLogger(getClass());
    private final LdapTemplate ldapTemplate = (LdapTemplate) getContextInstance().getBean("ldapTemplate");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/confluence/it/usermanagement/LdapUserManagementHelper$CnAsStringAttributeMapper.class */
    public static class CnAsStringAttributeMapper implements AttributesMapper {
        private CnAsStringAttributeMapper() {
        }

        public Object mapFromAttributes(Attributes attributes) throws NamingException {
            return attributes.get("cn").get();
        }
    }

    public LdapUserManagementHelper(ConfluenceRpc confluenceRpc) {
        this.xmlrpc = confluenceRpc;
    }

    private static ClassPathXmlApplicationContext getContextInstance() {
        if (context == null) {
            context = new ClassPathXmlApplicationContext("ldapContext.xml");
        }
        return context;
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void addUserToGroup(String str, String str2) {
        if (str2.equals("confluence-administrators") || str2.equals("confluence-users")) {
            this.xmlrpc.execute("addUserToGroup", str, str2);
            return;
        }
        String str3 = "cn=" + str2 + ",ou=groups";
        Attribute attribute = ((DirContextAdapter) this.ldapTemplate.lookup(str3)).getAttributes().get("member");
        attribute.add("cn=" + str + ",ou=users,dc=example,dc=com");
        this.ldapTemplate.modifyAttributes(str3, new ModificationItem[]{new ModificationItem(2, attribute)});
        this.xmlrpc.executeFuncTest("flushAllCaches", new Object[0]);
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void createUser(String str, String str2, String str3, String str4) {
        this.ldapTemplate.bind("cn=" + str + ",ou=users", (Object) null, convertInputsToAttributes(str3, str2, str, str4));
        addUserToGroup(str, "confluence-users");
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void createUser(User user) {
        createUser(user.getUsername(), user.getFullName(), user.getEmail(), user.getPassword());
    }

    private Attributes convertInputsToAttributes(String str, String str2, String str3, String str4) {
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("person");
        basicAttribute.add("organizationalPerson");
        basicAttribute.add("inetOrgPerson");
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put(basicAttribute);
        basicAttributes.put("cn", str3);
        String[] split = str2.split("\\s+", 2);
        basicAttributes.put("sn", split.length > 1 ? split[1] : split[0]);
        basicAttributes.put("givenName", split.length > 1 ? split[0] : "");
        basicAttributes.put("mail", str);
        basicAttributes.put("uid", str3);
        basicAttributes.put("userPassword", SHA1(str4));
        return basicAttributes;
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void cleanUpOldUsersAndGroups() {
        this.log.debug("Cleaning up old users and groups");
        try {
            try {
                Iterator<String> it = findAllAddedGroups().iterator();
                while (it.hasNext()) {
                    removeGroupFromLdap(it.next());
                }
                Iterator<String> it2 = findAllAddedUsers().iterator();
                while (it2.hasNext()) {
                    removeUserFromLdap(it2.next());
                }
                this.xmlrpc.executeFuncTest("removeAllOtherUsers", new Object[0]);
                this.xmlrpc.executeFuncTest("removeAllGroupsExceptDefaults", new Object[0]);
                if (this.ldapTemplate.list("ou=users").size() != INITIAL_USER_NAMES.size()) {
                    throw new RuntimeException("Extra users in LDAP after cleanup: " + this.ldapTemplate.list("ou=users"));
                }
                this.xmlrpc.executeFuncTest("flushAllCaches", new Object[0]);
            } catch (RpcRuntimeException e) {
                this.log.error("Failure to clean up users and groups from ldap", e);
                throw e;
            }
        } catch (Throwable th) {
            this.xmlrpc.executeFuncTest("flushAllCaches", new Object[0]);
            throw th;
        }
    }

    private Collection<String> findAllAddedGroups() {
        return stringCollection(CollectionUtils.subtract(this.ldapTemplate.search("", "(objectclass=groupOfNames)", new CnAsStringAttributeMapper()), INITIAL_GROUP_NAMES));
    }

    private Collection<String> findAllAddedUsers() {
        return stringCollection(CollectionUtils.subtract(this.ldapTemplate.search("", "(objectclass=person)", new CnAsStringAttributeMapper()), INITIAL_USER_NAMES));
    }

    private Collection<String> stringCollection(Collection collection) {
        ArrayList arrayList = new ArrayList();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(String.valueOf(it.next()));
        }
        return arrayList;
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void removeUser(String str) {
        this.xmlrpc.executeFuncTest("disconnectUser", str);
        removeUserFromLdap(str);
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void editUser(User user) {
        if ("admin".equalsIgnoreCase(user.getUsername())) {
            Hashtable hashtable = new Hashtable();
            hashtable.put("name", user.getUsername());
            hashtable.put("fullname", user.getFullName());
            hashtable.put("email", user.getEmail());
            hashtable.put("password", user.getPassword());
            this.xmlrpc.execute("editUser", hashtable);
            return;
        }
        DirContextAdapter dirContextAdapter = (DirContextAdapter) this.ldapTemplate.lookup("cn=" + user.getUsername() + ",ou=users");
        dirContextAdapter.setAttributeValue("mail", user.getEmail());
        if (StringUtils.isNotBlank(user.getFullName())) {
            String[] split = user.getName().split("\\s+", 2);
            if (split.length == 1) {
                dirContextAdapter.setAttributeValue("sn", split[0]);
                dirContextAdapter.setAttributeValue("givenName", "");
            } else {
                dirContextAdapter.setAttributeValue("givenName", split[0]);
                dirContextAdapter.setAttributeValue("sn", split[1]);
            }
        } else {
            dirContextAdapter.setAttributeValue("sn", "");
            dirContextAdapter.setAttributeValue("givenName", "");
        }
        this.ldapTemplate.modifyAttributes(dirContextAdapter);
    }

    public void removegroup(String str) {
        this.xmlrpc.executeFuncTest("disconnectGroup", str);
        removeGroupFromLdap(str);
    }

    private void removeUserFromLdap(String str) {
        String str2 = "cn=" + str + ",ou=users";
        this.log.info("removeUserFromLdap [ " + str + " ] [ " + str2 + " ]");
        this.ldapTemplate.unbind(str2);
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void createGroup(String str) {
        BasicAttributes basicAttributes = new BasicAttributes();
        basicAttributes.put("cn", str);
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("groupOfNames");
        basicAttributes.put(basicAttribute);
        BasicAttribute basicAttribute2 = new BasicAttribute("member");
        basicAttribute2.add("cn=testuserb,ou=users,dc=example,dc=com");
        basicAttributes.put(basicAttribute2);
        this.ldapTemplate.bind("cn=" + str + ",ou=groups", (Object) null, basicAttributes);
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void removeUserFromGroup(String str, String str2) {
        if (str2.equals("confluence-administrators") || str2.equals("confluence-users")) {
            this.xmlrpc.execute("removeUserFromGroup", str, str2);
            return;
        }
        String str3 = "cn=" + str2 + ",ou=groups";
        Attribute attribute = ((DirContextAdapter) this.ldapTemplate.lookup(str3)).getAttributes().get("member");
        attribute.remove("cn=" + str + ",ou=users,dc=example,dc=com");
        this.ldapTemplate.modifyAttributes(str3, new ModificationItem[]{new ModificationItem(2, attribute)});
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void removeGroup(String str) {
        removeGroupFromLdap(str);
        this.xmlrpc.executeFuncTest("disconnectGroup", str);
    }

    private void removeGroupFromLdap(String str) {
        String str2 = "cn=" + str + ",ou=groups";
        this.log.info("removeGroupFromLdap [ " + str + " ] [ " + str2 + " ]");
        this.ldapTemplate.unbind(str2);
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void removeUserUncleanly(String str) {
        removeUserFromLdap(str);
    }

    @Override // com.atlassian.confluence.it.usermanagement.UserManagementHelper
    public void fixUser(User user) {
        if (!user.equals(User.ADMIN)) {
            throw new UnsupportedOperationException("This method is not implemented for LDAP");
        }
        this.xmlrpc.executeFuncTest("setUserDetails", user.getUsername(), user.getFullName(), user.getEmail());
    }

    private static String SHA1(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(str.getBytes("iso-8859-1"), 0, str.length());
            return "{SHA}" + new String(Base64.encodeBase64(messageDigest.digest()));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("testuserb");
        hashSet.add("CapsUser1");
        INITIAL_USER_NAMES = Collections.unmodifiableSet(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add("ldap-confluence-users");
        hashSet2.add("ldap-confluence-admin");
        INITIAL_GROUP_NAMES = Collections.unmodifiableSet(hashSet2);
    }
}
