package com.atlassian.crowd.directory;

import com.atlassian.crowd.directory.ldap.mapper.attribute.AttributeMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.group.RFC4519MemberDnMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.user.MemberOfOverlayMapper;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.LDAPDirectoryEntity;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import com.atlassian.crowd.search.Entity;
import com.atlassian.crowd.search.ldap.LDAPQueryTranslater;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.search.util.SearchResultsUtil;
import com.atlassian.crowd.util.InstanceFactory;
import com.atlassian.event.api.EventPublisher;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.Name;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import org.apache.commons.lang.Validate;
import org.apache.log4j.Logger;
import org.springframework.ldap.AttributeInUseException;
import org.springframework.ldap.NameAlreadyBoundException;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.OperationNotSupportedException;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.HardcodedFilter;

/* loaded from: input_file:com/atlassian/crowd/directory/RFC4519Directory.class */
public abstract class RFC4519Directory extends SpringLDAPConnector {
    private static final Logger logger = Logger.getLogger(RFC4519Directory.class);

    public RFC4519Directory(LDAPQueryTranslater lDAPQueryTranslater, EventPublisher eventPublisher, InstanceFactory instanceFactory) {
        super(lDAPQueryTranslater, eventPublisher, instanceFactory);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomGroupAttributeMappers() {
        List<AttributeMapper> customGroupAttributeMappers = super.getCustomGroupAttributeMappers();
        customGroupAttributeMappers.addAll(getMemberDnMappers());
        return customGroupAttributeMappers;
    }

    protected List<AttributeMapper> getMemberDnMappers() {
        return Collections.singletonList(new RFC4519MemberDnMapper(this.ldapPropertiesMapper.getGroupMemberAttribute(), this.ldapPropertiesMapper.isRelaxedDnStandardisation()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomUserAttributeMappers() {
        List<AttributeMapper> customUserAttributeMappers = super.getCustomUserAttributeMappers();
        if (this.ldapPropertiesMapper.isUsingUserMembershipAttributeForGroupMembership()) {
            customUserAttributeMappers.add(new MemberOfOverlayMapper(this.ldapPropertiesMapper.getUserGroupMembershipsAttribute(), this.ldapPropertiesMapper.isRelaxedDnStandardisation()));
        }
        return customUserAttributeMappers;
    }

    private Set<String> getMemberDNs(LDAPGroupWithAttributes lDAPGroupWithAttributes) {
        return lDAPGroupWithAttributes.getValues("memberDNs");
    }

    private Set<String> getMemberOfs(LDAPUserWithAttributes lDAPUserWithAttributes) {
        return lDAPUserWithAttributes.getValues(MemberOfOverlayMapper.ATTRIBUTE_KEY);
    }

    private boolean isDnDirectGroupMember(String str, LDAPGroupWithAttributes lDAPGroupWithAttributes) {
        boolean z = false;
        Set<String> memberDNs = getMemberDNs(lDAPGroupWithAttributes);
        if (memberDNs != null) {
            z = memberDNs.contains(str);
        }
        return z;
    }

    public boolean isUserDirectGroupMember(String str, String str2) throws OperationFailedException {
        Validate.notEmpty(str, "username argument cannot be null or empty");
        Validate.notEmpty(str2, "groupName argument cannot be null or empty");
        try {
            return isDnDirectGroupMember(m10findUserByName(str).getDn(), m8findGroupByName(str2));
        } catch (UserNotFoundException e) {
            return false;
        } catch (GroupNotFoundException e2) {
            return false;
        }
    }

    public boolean isGroupDirectGroupMember(String str, String str2) throws OperationFailedException {
        Validate.notEmpty(str, "childGroup argument cannot be null or empty");
        Validate.notEmpty(str2, "parentGroup argument cannot be null or empty");
        try {
            return isDnDirectGroupMember(m8findGroupByName(str).getDn(), m8findGroupByName(str2));
        } catch (GroupNotFoundException e) {
            return false;
        }
    }

    private void addDnToGroup(String str, LDAPGroupWithAttributes lDAPGroupWithAttributes) throws OperationFailedException {
        try {
            this.ldapTemplate.modifyAttributes(asLdapGroupName(lDAPGroupWithAttributes.getDn(), lDAPGroupWithAttributes.getName()), new ModificationItem[]{new ModificationItem(1, new BasicAttribute(this.ldapPropertiesMapper.getGroupMemberAttribute(), str))});
        } catch (GroupNotFoundException e) {
            logger.error("Could not modify members of group with DN: " + str, e);
        } catch (NameAlreadyBoundException e2) {
        } catch (AttributeInUseException e3) {
        } catch (NamingException e4) {
            throw new OperationFailedException(e4);
        }
    }

    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, OperationFailedException, UserNotFoundException {
        Validate.notEmpty(str, "username argument cannot be null or empty");
        Validate.notEmpty(str2, "groupName argument cannot be null or empty");
        addDnToGroup(m10findUserByName(str).getDn(), m8findGroupByName(str2));
    }

    public void addGroupToGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, OperationFailedException {
        Validate.notEmpty(str, "childGroup argument cannot be null or empty");
        Validate.notEmpty(str2, "parentGroup argument cannot be null or empty");
        LDAPGroupWithAttributes findGroupByName = m8findGroupByName(str2);
        LDAPGroupWithAttributes findGroupByName2 = m8findGroupByName(str);
        if (findGroupByName.getType() != findGroupByName2.getType()) {
            throw new InvalidMembershipException("Cannot add group of type " + findGroupByName2.getType().name() + " to group of type " + findGroupByName.getType().name());
        }
        addDnToGroup(findGroupByName2.getDn(), findGroupByName);
    }

    private void removeDnFromGroup(String str, LDAPGroupWithAttributes lDAPGroupWithAttributes) throws OperationFailedException {
        try {
            this.ldapTemplate.modifyAttributes(asLdapGroupName(lDAPGroupWithAttributes.getDn(), lDAPGroupWithAttributes.getName()), new ModificationItem[]{new ModificationItem(3, new BasicAttribute(this.ldapPropertiesMapper.getGroupMemberAttribute(), str))});
        } catch (OperationNotSupportedException e) {
        } catch (NamingException e2) {
            throw new OperationFailedException(e2);
        } catch (GroupNotFoundException e3) {
            logger.error("Could not modify memers of group with DN: " + str, e3);
        }
    }

    public void removeUserFromGroup(String str, String str2) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, OperationFailedException {
        Validate.notEmpty(str, "username argument cannot be null or empty");
        Validate.notEmpty(str2, "groupName argument cannot be null or empty");
        LDAPGroupWithAttributes findGroupByName = m8findGroupByName(str2);
        LDAPUserWithAttributes findUserByName = m10findUserByName(str);
        if (!isDnDirectGroupMember(findUserByName.getDn(), findGroupByName)) {
            throw new MembershipNotFoundException(str, str2);
        }
        removeDnFromGroup(findUserByName.getDn(), findGroupByName);
    }

    public void removeGroupFromGroup(String str, String str2) throws GroupNotFoundException, MembershipNotFoundException, InvalidMembershipException, OperationFailedException {
        Validate.notEmpty(str, "childGroup argument cannot be null or empty");
        Validate.notEmpty(str2, "parentGroup argument cannot be null or empty");
        LDAPGroupWithAttributes findGroupByName = m8findGroupByName(str2);
        LDAPGroupWithAttributes findGroupByName2 = m8findGroupByName(str);
        if (!isDnDirectGroupMember(findGroupByName2.getDn(), findGroupByName)) {
            throw new MembershipNotFoundException(str, str2);
        }
        if (findGroupByName.getType() != findGroupByName2.getType()) {
            throw new InvalidMembershipException("Cannot remove group of type " + findGroupByName2.getType().name() + " from group of type " + findGroupByName.getType().name());
        }
        removeDnFromGroup(findGroupByName2.getDn(), findGroupByName);
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected <T> List<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> membershipQuery) throws OperationFailedException {
        List<LDAPUserWithAttributes> emptyList;
        if (membershipQuery.isFindChildren()) {
            if (membershipQuery.getEntityToMatch().getEntityType() != Entity.GROUP) {
                throw new IllegalArgumentException("You can only find the GROUP or USER members of a GROUP");
            }
            if (membershipQuery.getEntityToReturn().getEntityType() == Entity.USER) {
                emptyList = this.ldapPropertiesMapper.isUsingUserMembershipAttribute() ? findUserMembersOfGroupViaMemberOf(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults()) : findUserMembersOfGroupViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
            } else {
                if (membershipQuery.getEntityToReturn().getEntityType() != Entity.GROUP) {
                    throw new IllegalArgumentException("You can only find the GROUP or USER members of a GROUP");
                }
                emptyList = this.ldapPropertiesMapper.isNestedGroupsDisabled() ? Collections.emptyList() : findGroupMembersOfGroupViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
            }
        } else {
            if (membershipQuery.getEntityToReturn().getEntityType() != Entity.GROUP) {
                throw new IllegalArgumentException("You can only find the GROUP memberships of USER or GROUP");
            }
            if (membershipQuery.getEntityToMatch().getEntityType() == Entity.USER) {
                emptyList = this.ldapPropertiesMapper.isUsingUserMembershipAttributeForGroupMembership() ? findGroupMembershipsOfUserViaMemberOf(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToReturn().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults()) : findGroupMembershipsOfUserViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToReturn().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
            } else {
                if (membershipQuery.getEntityToMatch().getEntityType() != Entity.GROUP) {
                    throw new IllegalArgumentException("You can only find the GROUP memberships of USER or GROUP");
                }
                emptyList = this.ldapPropertiesMapper.isNestedGroupsDisabled() ? Collections.emptyList() : findGroupMembershipsOfGroupViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToReturn().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
            }
        }
        return membershipQuery.getReturnType() == String.class ? SearchResultsUtil.convertEntitiesToNames(emptyList) : (List<T>) emptyList;
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfUserViaMemberOf(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        List<LDAPGroupWithAttributes> emptyList;
        ArrayList arrayList;
        int i3;
        try {
            Set<String> memberOfs = getMemberOfs(m10findUserByName(str));
            if (memberOfs != null) {
                if (i2 == -1) {
                    arrayList = new ArrayList();
                    i3 = -1;
                } else {
                    arrayList = new ArrayList(i2);
                    i3 = i + i2;
                }
                Iterator<String> it = memberOfs.iterator();
                while (it.hasNext()) {
                    try {
                        LDAPGroupWithAttributes lDAPGroupWithAttributes = (LDAPGroupWithAttributes) findEntityByDN(it.next(), LDAPGroupWithAttributes.class);
                        if (lDAPGroupWithAttributes.getType() == groupType) {
                            arrayList.add(lDAPGroupWithAttributes);
                        }
                    } catch (GroupNotFoundException e) {
                    }
                    if (i3 != -1 && arrayList.size() >= i3) {
                        break;
                    }
                }
                emptyList = SearchResultsUtil.constrainResults(arrayList, i, i2);
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("User with name <" + str + "> does not have any memberOf values and therefore has no memberships");
                }
                emptyList = Collections.emptyList();
            }
        } catch (UserNotFoundException e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("User with name <" + str + "> does not exist and therefore has no memberships");
            }
            emptyList = Collections.emptyList();
        }
        return emptyList;
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfUserViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        try {
            return findGroupMembershipsOfEntityViaMemberDN(m10findUserByName(str).getDn(), groupType, i, i2);
        } catch (IllegalArgumentException e) {
            return Collections.emptyList();
        } catch (UserNotFoundException e2) {
            return Collections.emptyList();
        }
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfGroupViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        try {
            return findGroupMembershipsOfEntityViaMemberDN(findGroupByNameAndType(str, groupType).getDn(), groupType, i, i2);
        } catch (GroupNotFoundException e) {
            return Collections.emptyList();
        }
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfEntityViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        ContextMapper groupContextMapper;
        Name role;
        AndFilter andFilter = new AndFilter();
        if (groupType == GroupType.GROUP) {
            andFilter.and(new HardcodedFilter(this.ldapPropertiesMapper.getGroupFilter()));
            andFilter.and(new EqualsFilter(this.ldapPropertiesMapper.getGroupMemberAttribute(), str));
            groupContextMapper = getGroupContextMapper(GroupType.GROUP);
            role = this.searchDN.getGroup();
        } else {
            if (groupType != GroupType.LEGACY_ROLE) {
                throw new IllegalArgumentException("Cannot find group memberships of entity via member DN for GroupType: " + groupType);
            }
            andFilter.and(new HardcodedFilter(this.ldapPropertiesMapper.getRoleFilter()));
            andFilter.and(new EqualsFilter(this.ldapPropertiesMapper.getRoleMemberAttribute(), str));
            groupContextMapper = getGroupContextMapper(GroupType.LEGACY_ROLE);
            role = this.searchDN.getRole();
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Executing search at DN: <" + this.searchDN.getGroup() + "> with filter: <" + andFilter.encode() + ">");
        }
        return searchEntities(role, andFilter.encode(), groupContextMapper, i, i2);
    }

    private List<LDAPGroupWithAttributes> findGroupMembersOfGroupViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        return findMembersOfGroupViaMemberDN(str, groupType, LDAPGroupWithAttributes.class, i, i2);
    }

    private List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        return findMembersOfGroupViaMemberDN(str, groupType, LDAPUserWithAttributes.class, i, i2);
    }

    private List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        List<LDAPUserWithAttributes> emptyList;
        try {
            LDAPGroupWithAttributes findGroupWithAttributesByName = m7findGroupWithAttributesByName(str);
            if (findGroupWithAttributesByName.getType() == groupType) {
                AndFilter andFilter = new AndFilter();
                andFilter.and(new HardcodedFilter(this.ldapPropertiesMapper.getUserFilter()));
                andFilter.and(new EqualsFilter(this.ldapPropertiesMapper.getUserGroupMembershipsAttribute(), findGroupWithAttributesByName.getDn()));
                if (logger.isDebugEnabled()) {
                    logger.debug("Executing search at DN: <" + this.searchDN.getUser() + "> with filter: <" + andFilter.encode() + ">");
                }
                emptyList = searchEntities(this.searchDN.getUser(), andFilter.encode(), getUserContextMapper(), i, i2);
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Group with name <" + str + "> does exist but is of GroupType <" + findGroupWithAttributesByName.getType() + "> and not <" + groupType + ">");
                }
                emptyList = Collections.emptyList();
            }
        } catch (GroupNotFoundException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("Group with name <" + str + "> does not exist and therefore has no members");
            }
            emptyList = Collections.emptyList();
        }
        return emptyList;
    }

    private <T extends LDAPDirectoryEntity> List<T> findMembersOfGroupViaMemberDN(String str, GroupType groupType, Class<T> cls, int i, int i2) throws OperationFailedException {
        List<T> emptyList;
        ArrayList arrayList;
        int i3;
        try {
            Set<String> memberDNs = getMemberDNs(findGroupByNameAndType(str, groupType));
            if (memberDNs != null) {
                if (i2 == -1) {
                    arrayList = new ArrayList();
                    i3 = -1;
                } else {
                    arrayList = new ArrayList(i2);
                    i3 = i + i2;
                }
                Iterator<String> it = memberDNs.iterator();
                while (it.hasNext()) {
                    try {
                        LDAPDirectoryEntity findEntityByDN = findEntityByDN(it.next(), cls);
                        if (!(findEntityByDN instanceof LDAPGroupWithAttributes)) {
                            arrayList.add(findEntityByDN);
                        } else if (((LDAPGroupWithAttributes) findEntityByDN).getType() == groupType) {
                            arrayList.add(findEntityByDN);
                        }
                    } catch (UserNotFoundException e) {
                    } catch (GroupNotFoundException e2) {
                    }
                    if (i3 != -1 && arrayList.size() >= i3) {
                        break;
                    }
                }
                emptyList = SearchResultsUtil.constrainResults(arrayList, i, i2);
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Group with name <" + str + "> does not have any memberDNs and therefore has no members");
                }
                emptyList = Collections.emptyList();
            }
        } catch (GroupNotFoundException e3) {
            if (logger.isDebugEnabled()) {
                logger.debug("Group with name <" + str + "> does not exist and therefore has no members");
            }
            emptyList = Collections.emptyList();
        }
        return emptyList;
    }
}
