package com.thinkdynamics.users;

import com.ibm.ws.webservices.engine.transport.jms.JMSConstants;
import com.thinkdynamics.kanaha.util.CryptoUtils;
import com.thinkdynamics.kanaha.util.XmlSetting;
import com.thinkdynamics.kanaha.util.exception.CryptoException;
import com.thinkdynamics.kanaha.util.exception.ErrorCode;
import com.thinkdynamics.kanaha.util.exception.KanahaSystemException;
import java.io.UnsupportedEncodingException;
import java.text.Collator;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import javax.naming.CommunicationException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.avalon.framework.activity.Initializable;
import org.apache.log4j.Logger;
import org.jdom.Element;

/* loaded from: input_file:installer/IY64461.jar:efixes/IY64461/components/tio/update.jar:/apps/tcje.ear:lib/plumbing.jar:com/thinkdynamics/users/ADLdapUserFactory.class */
public class ADLdapUserFactory extends UserFactory implements Initializable {
    public static final String IBM_COPYRIGHT = "Licensed Materials - Property of IBM\n5724-F75\n(C) Copyright IBM Corp.  2003, 2004\nAll Rights Reserved\nUS Government Users Restricted Rights -Use, duplication or \ndisclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final String DEFAULT_LDAP_PORT = "389";
    private static final String DEFAULT_LDAPS_PORT = "636";
    private static final String URI_PREFIX = "ldap://";
    private static final String AD_PASSWORD_ENCODING = "UnicodeLittle";
    private static final String AD_PASSWORD_ATTRIBUTE = "unicodePwd";
    private static final String AD_USER_ACCOUNT_CONTROL_ATTRIBUTE = "userAccountControl";
    private static final String AD_MEMBER_ATTRIBUTE = "member";
    private static DirContext initialContext = null;
    private static DirContext initialSecureContext = null;
    private static Logger log;
    private String userAccountControl;
    static Class class$com$thinkdynamics$users$ADLdapUserFactory;
    static Class class$com$thinkdynamics$users$User;
    private String factory = null;
    private String uri = null;
    private String uris = null;
    private String host = null;
    private String root = null;
    private String staticPrincipal = null;
    private String staticPassword = null;
    private String userClass = "thinkControlUser";
    private boolean useSAM = false;
    private boolean useSslForBinding = false;
    private List roles = null;

    @Override // org.apache.avalon.framework.activity.Initializable
    public void initialize() {
        Element userFactoryConfig = XmlSetting.getUserFactoryConfig();
        if (userFactoryConfig == null) {
            log.fatal("Could not read the user-factory.xml configuration");
            throw new KanahaSystemException(ErrorCode.COPCOM032EccInvalidconfigur_xmlconfiguration);
        }
        this.factory = userFactoryConfig.getChildText(UserFactoryConstants.USER_DATABASE_CONTEXT_FACTORY);
        this.host = userFactoryConfig.getChildText("server");
        this.root = userFactoryConfig.getChildText("root");
        this.uri = new StringBuffer().append(URI_PREFIX).append(this.host).toString();
        this.uris = this.uri;
        Element child = userFactoryConfig.getChild(UserFactoryConstants.USER_DATABASE_LDAP_PORT);
        if (child == null || child.getText().length() == 0) {
            this.uri = new StringBuffer().append(this.uri).append(":").append(DEFAULT_LDAP_PORT).toString();
        } else {
            this.uri = new StringBuffer().append(this.uri).append(":").append(child.getText()).toString();
        }
        Element child2 = userFactoryConfig.getChild(UserFactoryConstants.USER_DATABASE_LDAPS_PORT);
        if (child2 == null || child2.getText().length() == 0) {
            this.uris = new StringBuffer().append(this.uris).append(":").append(DEFAULT_LDAPS_PORT).toString();
        } else {
            this.uris = new StringBuffer().append(this.uris).append(":").append(child2.getText()).toString();
        }
        this.uri = new StringBuffer().append(this.uri).append("/").append(this.root).toString();
        this.uris = new StringBuffer().append(this.uris).append("/").append(this.root).toString();
        Element child3 = userFactoryConfig.getChild(UserFactoryConstants.USER_USE_SAM);
        this.useSAM = child3 != null && Boolean.valueOf(child3.getText()).booleanValue();
        Element child4 = userFactoryConfig.getChild(UserFactoryConstants.USER_USE_SSL);
        this.useSslForBinding = child4 != null && Boolean.valueOf(child4.getText()).booleanValue();
        this.staticPrincipal = userFactoryConfig.getChildText(UserFactoryConstants.USER_DATABASE_PRINCIPAL);
        try {
            this.staticPassword = CryptoUtils.optionalDecrypt(userFactoryConfig.getChildText(UserFactoryConstants.USER_DATABASE_CREDENTIALS));
        } catch (CryptoException e) {
            log.fatal(new StringBuffer().append("Could not decrypt the LDAP password").append(e.getLogString()).toString());
        }
        this.roles = new ArrayList();
        Iterator it = XmlSetting.getUserInterfaceConfig().getChild(UserFactoryConstants.USER_ROLES).getChildren("role").iterator();
        while (it.hasNext()) {
            this.roles.add(((Element) it.next()).getAttributeValue("id"));
        }
        Element child5 = userFactoryConfig.getChild(UserFactoryConstants.USER_OBJECT);
        if (child5 != null) {
            this.userClass = child5.getChildText(UserFactoryConstants.USER_OBJECT_CLASS);
            this.roleAttribute = child5.getChildText("role");
            this.nameAttribute = child5.getChildText("name");
            this.userAccountControl = child5.getChildText("userAccountControl");
            Element child6 = child5.getChild(UserFactoryConstants.USER_ATTRIBUTES);
            if (child6 != null) {
                this.firstNameAttribute = child6.getChildText(UserFactoryConstants.USER_FIRST_NAME);
                this.lastNameAttribute = child6.getChildText(UserFactoryConstants.USER_LAST_NAME);
                this.homePhoneAttribute = child6.getChildText(UserFactoryConstants.USER_HOME_PHONE);
                this.businessPhoneAttribute = child6.getChildText(UserFactoryConstants.USER_BUSINESS_PHONE);
                this.mobilePhoneAttribute = child6.getChildText(UserFactoryConstants.USER_MOBILE_PHONE);
                this.emailAttribute = child6.getChildText(UserFactoryConstants.USER_EMAIL);
                this.addressAttribute = child6.getChildText(UserFactoryConstants.USER_ADDRESS);
                this.customerIdAttribute = child6.getChildText(UserFactoryConstants.USER_CUSTOMER_ID);
            }
        }
    }

    private synchronized DirContext getContext() {
        if (initialContext == null) {
            initialContext = getContext(this.staticPrincipal, this.staticPassword, this.useSslForBinding);
        }
        return initialContext;
    }

    private synchronized DirContext getSecureContext() {
        if (initialSecureContext == null) {
            initialSecureContext = getContext(this.staticPrincipal, this.staticPassword, true);
        }
        return initialSecureContext;
    }

    private synchronized DirContext getContext(String str, String str2, boolean z) {
        InitialDirContext initialDirContext = null;
        if (this.uri != null) {
            Hashtable hashtable = new Hashtable();
            if (this.factory != null) {
                hashtable.put("java.naming.factory.initial", this.factory);
                if (z) {
                    hashtable.put("java.naming.provider.url", this.uris);
                } else {
                    hashtable.put("java.naming.provider.url", this.uri);
                }
            }
            if (z) {
                hashtable.put("java.naming.security.protocol", "ssl");
            }
            hashtable.put("java.naming.security.principal", new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).append(",").append(this.root).toString());
            hashtable.put("java.naming.security.credentials", str2);
            try {
                initialDirContext = new InitialDirContext(hashtable);
            } catch (NamingException e) {
                log.error(new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e).getLogString());
            }
        } else {
            log.error("Null provider");
        }
        return initialDirContext;
    }

    private Attributes getModifiableAttributes(User user) {
        return updateModifiableUserAttributes(new BasicAttributes(), user);
    }

    private Attributes updateModifiableUserAttributes(Attributes attributes, User user) {
        BasicAttribute basicAttribute = attributes.get(this.roleAttribute);
        if (basicAttribute == null) {
            BasicAttribute basicAttribute2 = new BasicAttribute(this.roleAttribute);
            basicAttribute = basicAttribute2;
            attributes.put(basicAttribute2);
        }
        for (int size = this.roles.size() - 1; size >= 0; size--) {
            String str = (String) this.roles.get(size);
            if (!user.isInRole(str)) {
                basicAttribute.remove(str);
            } else if (!basicAttribute.contains(str)) {
                basicAttribute.add(str);
            }
        }
        if (basicAttribute.size() == 0) {
            User user2 = null;
            try {
                user2 = findUser(user.getName());
            } catch (Exception e) {
            }
            if (user2 == null || user2.getRoles() == null || user2.getRoles().size() == 0) {
                attributes.remove(this.roleAttribute);
            }
        }
        addValueToAttributes(attributes, this.firstNameAttribute, user.getFirstName());
        addValueToAttributes(attributes, this.lastNameAttribute, user.getLastName());
        addValueToAttributes(attributes, this.homePhoneAttribute, user.getHomePhone());
        addValueToAttributes(attributes, this.businessPhoneAttribute, user.getBusinessPhone());
        addValueToAttributes(attributes, this.mobilePhoneAttribute, user.getMobilePhone());
        addValueToAttributes(attributes, this.emailAttribute, user.getEmail());
        addValueToAttributes(attributes, this.addressAttribute, user.getAddress());
        if (user.getCustomerId() > 0) {
            attributes.put(this.customerIdAttribute, String.valueOf(user.getCustomerId()));
        } else {
            attributes.remove(this.customerIdAttribute);
        }
        return attributes;
    }

    private Attributes updateUserAttributes(Attributes attributes, User user) {
        attributes.put(this.nameAttribute, user.getName());
        BasicAttribute basicAttribute = attributes.get("objectClass");
        if (basicAttribute == null) {
            BasicAttribute basicAttribute2 = new BasicAttribute("objectClass");
            basicAttribute = basicAttribute2;
            attributes.put(basicAttribute2);
        }
        basicAttribute.add(this.userClass);
        if (user.getPassword() != null && user.getPassword().length() > 0) {
            attributes.put(AD_PASSWORD_ATTRIBUTE, user.getPassword());
        }
        updateModifiableUserAttributes(attributes, user);
        return attributes;
    }

    private void updateGroupMembership(User user) {
        String stringBuffer = new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(user.getName()).append(",").append(this.root).toString();
        try {
            if (getContext() != null) {
                for (int size = this.roles.size() - 1; size >= 0; size--) {
                    String str = (String) this.roles.get(size);
                    Attributes attributes = getContext().getAttributes(new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).toString());
                    if (attributes != null) {
                        BasicAttribute basicAttribute = attributes.get(AD_MEMBER_ATTRIBUTE);
                        if (basicAttribute == null) {
                            basicAttribute = new BasicAttribute(AD_MEMBER_ATTRIBUTE);
                        }
                        String str2 = null;
                        NamingEnumeration all = basicAttribute.getAll();
                        while (all.hasMoreElements() && str2 == null) {
                            String str3 = (String) all.nextElement();
                            if (str3.equalsIgnoreCase(stringBuffer)) {
                                str2 = str3;
                            }
                        }
                        if (user.isInRole(str) && str2 == null) {
                            basicAttribute.add(stringBuffer);
                            BasicAttributes basicAttributes = new BasicAttributes();
                            basicAttributes.put(basicAttribute);
                            getSecureContext().modifyAttributes(new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).toString(), 2, basicAttributes);
                        }
                        if (!user.isInRole(str) && str2 != null) {
                            basicAttribute.remove(str2);
                            BasicAttributes basicAttributes2 = new BasicAttributes();
                            basicAttributes2.put(basicAttribute);
                            getSecureContext().modifyAttributes(new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).toString(), 2, basicAttributes2);
                        }
                    }
                }
            }
        } catch (NamingException e) {
            if (e instanceof CommunicationException) {
                initialContext = null;
                initialSecureContext = null;
            }
            log.error(new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e).getLogString());
        }
    }

    protected Attributes getUserAttributes(User user) {
        return updateUserAttributes(new BasicAttributes(), user);
    }

    @Override // com.thinkdynamics.users.UserFactory
    public User findUser(String str, String str2) {
        String str3;
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            if (this.useSAM) {
                DirContext context = getContext(this.staticPrincipal, this.staticPassword, false);
                if (context == null) {
                    log.error("Could not bind to the directory as the search user and cannot go further. Login will fail");
                    return null;
                }
                NamingEnumeration search = context.search("", new StringBuffer().append("(&(objectClass=").append(this.userClass).append(")(sAMAccountName=").append(str).append("))").toString(), searchControls);
                if (!search.hasMoreElements()) {
                    log.warn(new StringBuffer().append("Could not find sAMAccountName=").append(str).append(". Login will fail").toString());
                    return null;
                }
                Attributes attributes = ((SearchResult) search.nextElement()).getAttributes();
                if (attributes == null) {
                    log.error(new StringBuffer().append("Found an attributeless user with sAMAccountName=").append(str).append(" and cannot go further. Login will fail").toString());
                    return null;
                }
                str3 = (String) attributes.get(this.nameAttribute).get();
            } else {
                str3 = str;
            }
            DirContext context2 = getContext(str3, str2, this.useSslForBinding);
            if (context2 == null) {
                return null;
            }
            NamingEnumeration search2 = context2.search("", new StringBuffer().append("(&(objectClass=").append(this.userClass).append(")(").append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str3).append("))").toString(), searchControls);
            if (search2.hasMoreElements()) {
                return loadUser(((SearchResult) search2.nextElement()).getAttributes());
            }
            log.warn(new StringBuffer().append("Could not find ").append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).append(". Login will fail").toString());
            return null;
        } catch (NamingException e) {
            if (e instanceof CommunicationException) {
                initialContext = null;
                initialSecureContext = null;
            }
            log.error(new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e).getLogString());
            return null;
        }
    }

    @Override // com.thinkdynamics.users.UserFactory
    public User findUser(String str) {
        try {
            if (getContext() != null) {
                return loadUser(getContext().getAttributes(new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).toString()));
            }
            return null;
        } catch (NamingException e) {
            if (e instanceof CommunicationException) {
                initialContext = null;
                initialSecureContext = null;
            }
            log.error(new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e).getLogString());
            return null;
        }
    }

    @Override // com.thinkdynamics.users.UserFactory
    public Collection findAllUsers() {
        TreeSet treeSet = new TreeSet(new Comparator(this) { // from class: com.thinkdynamics.users.ADLdapUserFactory.1
            protected Collator collator = Collator.getInstance();
            private final ADLdapUserFactory this$0;

            {
                this.this$0 = this;
            }

            @Override // java.util.Comparator
            public int compare(Object obj, Object obj2) throws ClassCastException {
                Class cls;
                if (obj != null && (obj instanceof User) && obj2 != null && (obj2 instanceof User)) {
                    return this.collator.compare(((User) obj).getName(), ((User) obj2).getName());
                }
                StringBuffer append = new StringBuffer().append("The objects are expected to be of type ");
                if (ADLdapUserFactory.class$com$thinkdynamics$users$User == null) {
                    cls = ADLdapUserFactory.class$("com.thinkdynamics.users.User");
                    ADLdapUserFactory.class$com$thinkdynamics$users$User = cls;
                } else {
                    cls = ADLdapUserFactory.class$com$thinkdynamics$users$User;
                }
                throw new ClassCastException(append.append(cls.getName()).toString());
            }

            @Override // java.util.Comparator
            public boolean equals(Object obj) {
                return equals(obj);
            }
        });
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        if (getContext() == null) {
            return treeSet;
        }
        try {
            NamingEnumeration search = getContext().search("", new StringBuffer().append("(&(objectClass=").append(this.userClass).append("))").toString(), searchControls);
            while (search.hasMoreElements()) {
                User loadUser = loadUser(((SearchResult) search.nextElement()).getAttributes());
                if (loadUser != null && !UserFactory.isHiddenUser(loadUser.getName())) {
                    treeSet.add(loadUser);
                }
            }
        } catch (NamingException e) {
            if (e instanceof CommunicationException) {
                initialContext = null;
                initialSecureContext = null;
            }
            log.error(new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e).getLogString());
        }
        return treeSet;
    }

    @Override // com.thinkdynamics.users.UserFactory
    public void createUser(User user) throws UserFactoryException {
        if (getContext() != null) {
            try {
                Attributes userAttributes = getUserAttributes(user);
                String stringBuffer = new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append((String) userAttributes.get(this.nameAttribute).get()).toString();
                String str = (String) userAttributes.get(AD_PASSWORD_ATTRIBUTE).get();
                userAttributes.remove(AD_PASSWORD_ATTRIBUTE);
                userAttributes.put(new BasicAttribute("sAMAccountName", userAttributes.get(this.nameAttribute).get()));
                userAttributes.put(new BasicAttribute("userPrincipalName", userAttributes.get(this.nameAttribute).get()));
                userAttributes.put(new BasicAttribute("userAccountControl", this.userAccountControl));
                getContext().bind(stringBuffer, (Object) null, userAttributes);
                BasicAttribute basicAttribute = new BasicAttribute(AD_PASSWORD_ATTRIBUTE, encodePassword(str));
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(basicAttribute);
                getSecureContext().modifyAttributes(stringBuffer, 2, basicAttributes);
                updateGroupMembership(user);
            } catch (UnsupportedEncodingException e) {
                throw new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, e);
            } catch (NamingException e2) {
                if (e2 instanceof CommunicationException) {
                    initialContext = null;
                    initialSecureContext = null;
                }
                throw new UserFactoryException(e2 instanceof NameAlreadyBoundException ? ErrorCode.COPCOM131EuiDuplicateUser : ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e2);
            }
        }
    }

    @Override // com.thinkdynamics.users.UserFactory
    public void updateUser(User user) throws UserFactoryException {
        if (getContext() != null) {
            try {
                String str = null;
                if (user.getPassword() != null && user.getPassword().length() > 0) {
                    str = user.getPassword();
                }
                Attributes modifiableAttributes = getModifiableAttributes(user);
                ModificationItem[] modificationItemArr = new ModificationItem[modifiableAttributes.size()];
                NamingEnumeration all = modifiableAttributes.getAll();
                int i = 0;
                while (all.hasMoreElements()) {
                    int i2 = i;
                    i++;
                    modificationItemArr[i2] = new ModificationItem(2, (BasicAttribute) all.nextElement());
                }
                getContext().modifyAttributes(new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(user.getName()).toString(), modificationItemArr);
                if (str != null) {
                    updatePassword(user.getName(), str);
                }
                updateGroupMembership(user);
            } catch (NamingException e) {
                if (e instanceof CommunicationException) {
                    initialContext = null;
                    initialSecureContext = null;
                }
                throw new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e);
            }
        }
    }

    public void updatePassword(String str, String str2) throws UserFactoryException {
        if (getContext() != null) {
            try {
                String stringBuffer = new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).toString();
                BasicAttribute basicAttribute = new BasicAttribute(AD_PASSWORD_ATTRIBUTE, encodePassword(str2));
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(basicAttribute);
                getSecureContext().modifyAttributes(stringBuffer, 2, basicAttributes);
            } catch (UnsupportedEncodingException e) {
                throw new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, e);
            } catch (NamingException e2) {
                if (e2 instanceof CommunicationException) {
                    initialContext = null;
                    initialSecureContext = null;
                }
                throw new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e2);
            }
        }
    }

    @Override // com.thinkdynamics.users.UserFactory
    public void deleteUser(String str) throws UserFactoryException {
        if (getContext() != null) {
            try {
                getContext().unbind(new StringBuffer().append(this.nameAttribute).append(JMSConstants.URL_PROP_VALUE_SEPARATOR).append(str).toString());
            } catch (NamingException e) {
                if (e instanceof CommunicationException) {
                    initialContext = null;
                    initialSecureContext = null;
                }
                throw new UserFactoryException(ErrorCode.COPCOM138EuiUserGeneric, (Throwable) e);
            }
        }
    }

    public void overrideSamSetting(boolean z) {
        this.useSAM = z;
    }

    public DirContext getADContext() {
        return getContext();
    }

    public String getDomain() {
        return this.root;
    }

    private byte[] encodePassword(String str) throws UnsupportedEncodingException {
        byte[] bytes = new StringBuffer().append("\"").append(str).append("\"").toString().getBytes(AD_PASSWORD_ENCODING);
        byte[] bArr = new byte[bytes.length - 2];
        System.arraycopy(bytes, 2, bArr, 0, bytes.length - 2);
        return bArr;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$thinkdynamics$users$ADLdapUserFactory == null) {
            cls = class$("com.thinkdynamics.users.ADLdapUserFactory");
            class$com$thinkdynamics$users$ADLdapUserFactory = cls;
        } else {
            cls = class$com$thinkdynamics$users$ADLdapUserFactory;
        }
        log = Logger.getLogger(cls);
    }
}
