package ru.runa.wfe.security.logic;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.springframework.beans.factory.annotation.Autowired;
import ru.runa.wfe.commons.SystemProperties;
import ru.runa.wfe.commons.TransactionalExecutor;
import ru.runa.wfe.commons.Utils;
import ru.runa.wfe.extension.handler.var.SetDateVariableHandler;
import ru.runa.wfe.presentation.BatchPresentationFactory;
import ru.runa.wfe.security.ASystem;
import ru.runa.wfe.security.Permission;
import ru.runa.wfe.security.SystemPermission;
import ru.runa.wfe.security.dao.PermissionDAO;
import ru.runa.wfe.user.Actor;
import ru.runa.wfe.user.Executor;
import ru.runa.wfe.user.ExecutorDoesNotExistException;
import ru.runa.wfe.user.Group;
import ru.runa.wfe.user.dao.ExecutorDAO;

/* loaded from: input_file:ru/runa/wfe/security/logic/LDAPLogic.class */
public class LDAPLogic extends TransactionalExecutor {
    private static final String IMPORTED_FROM_LDAP_GROUP_NAME = "ldap users";
    private static final String IMPORTED_FROM_LDAP_GROUP_DESCRIPION = "users imported from ldap";
    private static final String DISPLAY_NAME = "name";
    private static final String SAM_ACCOUNT_NAME = "sAMAccountName";
    private static final String TITLE = "title";
    private static final String EMAIL = "mail";
    private static final String MEMBER = "member";
    private static final String PHONE = "telephoneNumber";
    private static final String[] ALPHABETS = {"А", "Б", "В", "Г", "Д", "Е", "Ё", "Ж", "З", "И", "К", "Л", "М", "Н", "О", "П", "Р", "С", "Т", "У", "Ф", "Х", "Ч", "Ц", "Ш", "Щ", "Э", "Ю", "Я", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z"};

    @Autowired
    protected ExecutorDAO executorDAO;

    @Autowired
    private PermissionDAO permissionDAO;
    private final String providerUrl = SystemProperties.getResources().getStringProperty("ldap.connection.provider.url");
    private final List<String> ous = SystemProperties.getResources().getMultipleStringProperty("ldap.synchronizer.ou");
    private Pattern patternForMissedPeople;
    boolean createExecutors;

    private Pattern getPatternForMissedPeople() {
        if (this.patternForMissedPeople == null) {
            this.patternForMissedPeople = Pattern.compile("," + this.providerUrl.substring(this.providerUrl.lastIndexOf(Utils.CATEGORY_DELIMITER) + 1), 2);
        }
        return this.patternForMissedPeople;
    }

    private DirContext getContext() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", SystemProperties.getResources().getStringProperty("ldap.context.factory", "com.sun.jndi.ldap.LdapCtxFactory"));
        hashtable.put("java.naming.provider.url", this.providerUrl);
        hashtable.put("java.naming.security.authentication", SystemProperties.getResources().getStringProperty("ldap.connection.authentication", "simple"));
        hashtable.put("java.naming.security.principal", SystemProperties.getResources().getStringPropertyNotNull("ldap.connection.principal"));
        hashtable.put("java.naming.security.credentials", SystemProperties.getResources().getStringPropertyNotNull("ldap.connection.password"));
        hashtable.put("java.naming.referral", SystemProperties.getResources().getStringProperty("ldap.connection.referral", "follow"));
        hashtable.put("java.naming.ldap.version", SystemProperties.getResources().getStringProperty("ldap.connection.version", "3"));
        return new InitialDirContext(hashtable);
    }

    public void synchronizeExecutors(boolean z, boolean z2) {
        this.createExecutors = z2;
        if (z) {
            executeInTransaction(false);
        } else {
            doExecuteInTransaction();
        }
    }

    @Override // ru.runa.wfe.commons.TransactionalExecutor
    protected void doExecuteInTransaction() {
        Group group;
        if (!SystemProperties.isLDAPSynchronizationEnabled()) {
            this.log.debug("Synchronization is disabled");
            return;
        }
        Preconditions.checkNotNull(this.providerUrl, "LDAP property is not configured 'ldap.connection.provider.url'");
        Preconditions.checkNotNull(this.ous, "LDAP property is not configured 'ldap.synchronizer.ou'");
        this.log.info("Synchronization mode: " + (this.createExecutors ? "full" : "user and group relations only"));
        try {
            Group group2 = new Group(IMPORTED_FROM_LDAP_GROUP_NAME, IMPORTED_FROM_LDAP_GROUP_DESCRIPION);
            if (this.executorDAO.isExecutorExist(group2.getName())) {
                group = this.executorDAO.getGroup(group2.getName());
            } else {
                group = (Group) this.executorDAO.create(group2);
                this.permissionDAO.setPermissions(group, Lists.newArrayList(new Permission[]{Permission.READ, SystemPermission.LOGIN_TO_SYSTEM}), ASystem.INSTANCE);
            }
            DirContext context = getContext();
            synchronizeGroups(context, group, synchronizeActors(context, group, this.createExecutors), this.createExecutors);
        } catch (Exception e) {
            throw Throwables.propagate(e);
        }
    }

    private Map<String, Actor> synchronizeActors(DirContext dirContext, Group group, boolean z) throws Exception {
        List<Actor> allActors = this.executorDAO.getAllActors(BatchPresentationFactory.ACTORS.createNonPaged());
        HashMap newHashMap = Maps.newHashMap();
        for (Actor actor : allActors) {
            newHashMap.put(actor.getName().toLowerCase(), actor);
        }
        HashMap newHashMap2 = Maps.newHashMap();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        for (String str : this.ous) {
            ArrayList<SearchResult> newArrayList = Lists.newArrayList();
            try {
                NamingEnumeration search = dirContext.search(str, "(objectclass=user)", searchControls);
                while (search.hasMore()) {
                    newArrayList.add((SearchResult) search.next());
                }
            } catch (SizeLimitExceededException e) {
                newArrayList.clear();
                for (String str2 : ALPHABETS) {
                    NamingEnumeration search2 = dirContext.search(str, "(&(|(sAMAccountName=" + str2 + "*)(" + SAM_ACCOUNT_NAME + SetDateVariableHandler.CalendarConfig.CalendarOperation.SET + str2.toLowerCase() + "*))(objectclass=user))", searchControls);
                    while (search2.hasMore()) {
                        newArrayList.add((SearchResult) search2.next());
                    }
                }
            }
            for (SearchResult searchResult : newArrayList) {
                String stringAttribute = getStringAttribute(searchResult, SAM_ACCOUNT_NAME);
                String stringAttribute2 = getStringAttribute(searchResult, "name");
                String stringAttribute3 = getStringAttribute(searchResult, EMAIL);
                String stringAttribute4 = getStringAttribute(searchResult, TITLE);
                String stringAttribute5 = getStringAttribute(searchResult, PHONE);
                if (stringAttribute5 != null && stringAttribute5.length() > 32) {
                    stringAttribute5 = stringAttribute5.substring(0, 31);
                }
                Actor actor2 = (Actor) newHashMap.get(stringAttribute.toLowerCase());
                if (actor2 == null) {
                    if (z) {
                        actor2 = new Actor(stringAttribute, stringAttribute4, stringAttribute2, null, stringAttribute3, stringAttribute5);
                        this.log.info("Importing " + actor2);
                        this.executorDAO.create(actor2);
                        this.executorDAO.addExecutorsToGroup(Lists.newArrayList(new Actor[]{actor2}), group);
                        this.permissionDAO.setPermissions(group, Lists.newArrayList(new Permission[]{Permission.READ}), actor2);
                    }
                }
                newHashMap2.put(searchResult.getNameInNamespace(), actor2);
            }
        }
        return newHashMap2;
    }

    private String getStringAttribute(SearchResult searchResult, String str) throws NamingException {
        Attribute attribute = searchResult.getAttributes().get(str);
        if (attribute != null) {
            return attribute.get().toString();
        }
        return null;
    }

    private void synchronizeGroups(DirContext dirContext, Group group, Map<String, Actor> map, boolean z) throws NamingException {
        List<Group> allGroups = this.executorDAO.getAllGroups();
        HashMap newHashMap = Maps.newHashMap();
        for (Group group2 : allGroups) {
            if (!Strings.isNullOrEmpty(group2.getLdapGroupName())) {
                newHashMap.put(group2.getLdapGroupName(), group2);
            }
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        HashMap newHashMap2 = Maps.newHashMap();
        Iterator<String> it = this.ous.iterator();
        while (it.hasNext()) {
            NamingEnumeration search = dirContext.search(it.next(), "(objectclass=group)", searchControls);
            while (search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                if (searchResult.getAttributes().get(MEMBER) != null) {
                    newHashMap2.put(searchResult.getNameInNamespace(), searchResult);
                }
            }
        }
        for (SearchResult searchResult2 : newHashMap2.values()) {
            String stringAttribute = getStringAttribute(searchResult2, SAM_ACCOUNT_NAME);
            Group group3 = (Group) newHashMap.get(stringAttribute);
            if (group3 == null) {
                if (z) {
                    group3 = new Group(stringAttribute, getStringAttribute(searchResult2, "name"));
                    group3.setLdapGroupName(stringAttribute);
                    this.log.info("Importing " + group3);
                    this.executorDAO.create(group3);
                    this.executorDAO.addExecutorsToGroup(Lists.newArrayList(new Group[]{group3}), group);
                    this.permissionDAO.setPermissions(group, Lists.newArrayList(new Permission[]{Permission.READ}), group3);
                }
            }
            HashSet newHashSet = Sets.newHashSet(this.executorDAO.getGroupActors(group3));
            HashSet newHashSet2 = Sets.newHashSet();
            HashSet newHashSet3 = Sets.newHashSet();
            fillTargetActorsRecursively(dirContext, newHashSet3, searchResult2, newHashMap2, map);
            for (Actor actor : newHashSet3) {
                if (!newHashSet.remove(actor)) {
                    newHashSet2.add(actor);
                }
            }
            if (newHashSet2.size() > 0) {
                this.log.info("Adding to " + group3 + ": " + newHashSet2);
                this.executorDAO.addExecutorsToGroup(newHashSet2, group3);
            }
            if (newHashSet.size() > 0) {
                this.executorDAO.removeExecutorsFromGroup(Lists.newArrayList(newHashSet), group3);
            }
        }
    }

    private void fillTargetActorsRecursively(DirContext dirContext, Set<Actor> set, SearchResult searchResult, Map<String, SearchResult> map, Map<String, Actor> map2) throws NamingException {
        NamingEnumeration all = searchResult.getAttributes().get(MEMBER).getAll();
        while (all.hasMore()) {
            String str = (String) all.next();
            SearchResult searchResult2 = map.get(str);
            if (searchResult2 != null) {
                fillTargetActorsRecursively(dirContext, set, searchResult2, map, map2);
            } else {
                Actor actor = map2.get(str);
                if (actor != null) {
                    set.add(actor);
                } else {
                    Attribute attribute = dirContext.getAttributes(getPatternForMissedPeople().matcher(str).replaceAll("")).get(SAM_ACCOUNT_NAME);
                    if (attribute != null) {
                        String obj = attribute.get().toString();
                        this.log.debug("Executor name " + str + " fetched by invocation: " + obj);
                        try {
                            Executor executor = this.executorDAO.getExecutor(obj);
                            if (executor instanceof Actor) {
                                set.add((Actor) executor);
                            }
                        } catch (ExecutorDoesNotExistException e) {
                            this.log.warn(e.getMessage() + " for '" + str + "'");
                        }
                    } else {
                        this.log.warn("Not found '" + str + "' neither in group or actor maps or by invocation");
                    }
                }
            }
        }
    }
}
