package com.aurel.track.util;

import com.aurel.track.admin.customize.category.filter.FieldExpressionBL;
import com.aurel.track.admin.server.siteConfig.accessConfig.ldap.LdapBL;
import com.aurel.track.admin.server.siteConfig.accessConfig.ldap.LdapTO;
import com.aurel.track.admin.user.person.PersonBL;
import com.aurel.track.beans.TPersonBean;
import com.aurel.track.beans.TSiteBean;
import com.aurel.track.json.JSONUtility;
import com.aurel.track.lucene.util.StringPool;
import com.aurel.track.prop.ApplicationBean;
import com.aurel.track.user.TpPasswordEncoder;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:lib/tp-core-5.6.0.jar:com/aurel/track/util/LdapUtil.class */
public class LdapUtil {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) LdapUtil.class);
    private static final String FAILED_WITH = " failed with ";

    /* loaded from: input_file:lib/tp-core-5.6.0.jar:com/aurel/track/util/LdapUtil$LDAP_CONFIG.class */
    public interface LDAP_CONFIG {
        public static final String ENABLE_AUTOMATIC_SYNC = "enabled";
    }

    public static String getBaseURL(String str) {
        String str2 = null;
        URI uri = null;
        try {
            uri = new URI(str);
        } catch (URISyntaxException e) {
            LOGGER.warn("Creating an URI from " + str + FAILED_WITH + e.getMessage());
            LOGGER.debug(e);
        }
        if (uri != null) {
            String str3 = uri.getScheme() + "://" + uri.getHost();
            if (uri.getPort() > 0) {
                str3 = str3 + ":" + uri.getPort();
            }
            str2 = str3 + "/";
            LOGGER.debug("Base url from " + str + " is " + str2);
        }
        return str2;
    }

    public static boolean authenticate(TPersonBean tPersonBean, String str) {
        try {
            String trim = tPersonBean.getLoginName().trim();
            LOGGER.debug("Attempting to authenticate the user on LDAP server, loginName: " + trim);
            LdapTO personsHostLdapTO = LdapBL.getPersonsHostLdapTO(tPersonBean);
            if (personsHostLdapTO != null) {
                LOGGER.debug("The user's hostedByLDAP has been found!");
                if (authenticate(personsHostLdapTO, trim, str)) {
                    LOGGER.debug("The user is authenticated on host LDAP server, server name: " + personsHostLdapTO.getConnectionName());
                    return true;
                }
            }
            LOGGER.debug("The user's hostedByLDAP field is null or the authentication failed, the system will try other available LDAP server(s)!");
            List<LdapTO> ldapTOs = LdapBL.getLdapTOs();
            if (ldapTOs != null && !ldapTOs.isEmpty()) {
                for (LdapTO ldapTO : ldapTOs) {
                    boolean z = false;
                    try {
                        LOGGER.debug("Trying to authenticate user: " + trim + " on ldap: " + ldapTO.getConnectionName());
                        z = authenticate(ldapTO, trim, str);
                        LOGGER.debug("Authenticating the user succeeded: " + z);
                    } catch (Exception e) {
                        LOGGER.debug("Failed to authenticate user: " + trim + " on ldap: " + ldapTO.getConnectionName());
                        LOGGER.debug(ExceptionUtils.getStackTrace(e));
                    }
                    if (z) {
                        LOGGER.debug("The user is  authenticated on LDAP server: " + ldapTO.getConnectionName());
                        LdapBL.setPersonHostedByLdapField(tPersonBean.getObjectID(), ldapTO.getConnectionID());
                        return true;
                    }
                }
            }
            LOGGER.debug("Authenticating the user on LDAP server(s) failed!");
            return false;
        } catch (NamingException e2) {
            LOGGER.debug("authenticate failed with " + e2);
            return false;
        }
    }

    public static boolean authenticate(LdapTO ldapTO, String str, String str2) throws NamingException {
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        arrayList.add("Ldap trying to authenticate user with loginname >" + str + "<");
        if (ldapTO.getServerURL().startsWith("ldaps:")) {
            System.setProperty("javax.net.ssl.trustStore", LdapBL.PATH_TO_KEY_STORE);
        }
        String userCn = LdapBL.getUserCn(ldapTO, str);
        if (userCn != null) {
            try {
                String str3 = userCn + StringPool.COMMA + LdapBL.getFullUserDn(ldapTO);
                arrayList.add("Using keyDn >" + str3 + "<");
                Hashtable hashtable = new Hashtable(11);
                hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                hashtable.put("java.naming.provider.url", ldapTO.getServerURL());
                hashtable.put("java.naming.security.authentication", FieldExpressionBL.SIMPLE);
                hashtable.put("java.naming.security.principal", str3);
                hashtable.put("java.naming.security.credentials", str2);
                new InitialDirContext(hashtable).close();
                z = true;
            } catch (NamingException e) {
                e.printStackTrace();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    LOGGER.warn((String) it.next());
                }
                throw e;
            }
        }
        return z;
    }

    public static TPersonBean getPersonBean(SearchResult searchResult, String str, String str2, String str3, String str4, String str5, String str6) {
        Attribute attribute;
        Attribute attribute2;
        Attribute attribute3;
        Attributes attributes = searchResult.getAttributes();
        if (attributes == null) {
            LOGGER.warn("No attributes found in LDAP search result " + searchResult.getName());
            return null;
        }
        TPersonBean tPersonBean = new TPersonBean();
        try {
            attribute = attributes.get(str);
        } catch (Exception e) {
            LOGGER.warn("Problem setting attributes from LDAP: " + e.getMessage());
            LOGGER.warn("This is probably a configuration error in the LDAP mapping section of quartz-jobs.xml");
            LOGGER.debug(ExceptionUtils.getStackTrace(e));
        }
        if (attribute == null) {
            LOGGER.info("No loginame attribute " + str);
            return null;
        }
        String str7 = (String) attribute.get();
        LOGGER.debug("Loginname: " + str7);
        if (str7 == null || "".equals(str7)) {
            LOGGER.info("No value for loginame attribute " + str);
            return null;
        }
        tPersonBean.setLoginName(str7);
        Attribute attribute4 = attributes.get(str4);
        if (attribute4 == null) {
            LOGGER.info("No e-mail attribute " + str4);
            return null;
        }
        String str8 = (String) attribute4.get();
        LOGGER.debug("E-mail: " + str8);
        if (str8 == null || "".equals(str8)) {
            LOGGER.info("No value for e-mail attribute " + str4);
            return null;
        }
        tPersonBean.setEmail(str8);
        Attribute attribute5 = attributes.get(str2);
        if (attribute5 != null) {
            String str9 = (String) attribute5.get();
            LOGGER.debug("Firstname: " + str9);
            tPersonBean.setFirstName(str9);
        }
        Attribute attribute6 = attributes.get(str3);
        if (attribute6 != null) {
            String str10 = (String) attribute6.get();
            LOGGER.debug("Lastname: " + str10);
            if (str10 == null || "".equals(str10)) {
                LOGGER.info("No value for lastname attribute " + str3);
                return null;
            }
            tPersonBean.setLastName(str10);
        }
        if (str5 != null && (attribute3 = attributes.get(str5)) != null) {
            String str11 = (String) attribute3.get();
            LOGGER.debug("Phone: " + str11);
            tPersonBean.setPhone(str11);
        }
        if (str6 != null && (attribute2 = attributes.get(str6)) != null) {
            LOGGER.debug("LDAP entry cn: " + ((String) attribute2.get()));
        }
        LOGGER.debug("Processed " + tPersonBean.getLoginName() + " (" + tPersonBean.getFirstName() + " " + tPersonBean.getLastName() + ")");
        tPersonBean.setLastEdit(new Date());
        return tPersonBean;
    }

    public static Map<String, TPersonBean> getLdapGroupsByList(String str, LdapTO ldapTO, Map<String, List<String>> map, Map<String, String> map2) throws NamingException {
        return LdapGroupUtil.getLdapGroupsByList(str, ldapTO, map, map2, ldapTO.getCnFieldName());
    }

    public static Map<String, TPersonBean> getLdapGroupsPaged(String str, LdapTO ldapTO, String str2, String str3, Map<String, List<String>> map) throws NamingException {
        return LdapGroupUtil.getLdapGroupsPaged(str, ldapTO, str2, str3, map, ldapTO.getCnFieldName());
    }

    public static Map<String, List<TPersonBean>> getGroupToPersonMaps(String str, LdapTO ldapTO, Map<String, List<String>> map) {
        return LdapGroupUtil.getGroupToPersonMaps(str, ldapTO, map);
    }

    public static HashMap<String, TPersonBean> getAllLdapPersonsPaged(LdapTO ldapTO, String str) throws Exception {
        if (str == null || "".equals(str) || "*".equals(str)) {
            str = ldapTO.getLoginNameField() + "=*";
        }
        if (!str.startsWith("(") || !str.endsWith(")")) {
            str = "(" + str + ")";
        }
        LOGGER.debug("User filter expression " + str);
        String userName = ldapTO.getUserName();
        String decryptedPassword = ldapTO.getDecryptedPassword();
        HashMap<String, TPersonBean> hashMap = new HashMap<>();
        LdapContext initialContext = LdapBL.getInitialContext(ldapTO.getServerURL(), userName, decryptedPassword);
        if (initialContext == null) {
            return hashMap;
        }
        int i = 0;
        SearchControls searchControls = null;
        try {
            try {
                try {
                    byte[] bArr = null;
                    initialContext.setRequestControls(new Control[]{new PagedResultsControl(5, false)});
                    searchControls = new SearchControls();
                    searchControls.setSearchScope(2);
                    searchControls.setCountLimit(((ApplicationBean.getInstance().getMaxNumberOfFullUsers() + ApplicationBean.getInstance().getMaxNumberOfLimitedUsers()) * 3) + 10);
                    String firstNameField = ldapTO.getFirstNameField();
                    String lastNameField = ldapTO.getLastNameField();
                    String emailField = ldapTO.getEmailField();
                    String phoneField = ldapTO.getPhoneField();
                    String loginNameField = ldapTO.getLoginNameField();
                    do {
                        NamingEnumeration search = initialContext.search(LdapBL.getFullUserDn(ldapTO), str, searchControls);
                        while (search != null && search.hasMore()) {
                            TPersonBean personBean = getPersonBean((SearchResult) search.next(), loginNameField, firstNameField, lastNameField, emailField, phoneField, ldapTO.getCnFieldName());
                            if (personBean != null) {
                                hashMap.put(personBean.getLoginName(), personBean);
                            }
                            i++;
                        }
                        PagedResultsResponseControl[] responseControls = initialContext.getResponseControls();
                        if (responseControls != null) {
                            for (int i2 = 0; i2 < responseControls.length; i2++) {
                                if (responseControls[i2] instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl = responseControls[i2];
                                    int resultSize = pagedResultsResponseControl.getResultSize();
                                    if (resultSize != 0) {
                                        LOGGER.debug("***************** END-OF-PAGE (total : " + resultSize + ") *****************\n");
                                    } else {
                                        LOGGER.debug("***************** END-OF-PAGE (total: unknown) ***************\n");
                                    }
                                    bArr = pagedResultsResponseControl.getCookie();
                                }
                            }
                        } else {
                            LOGGER.debug("No controls were sent from the server");
                        }
                        initialContext.setRequestControls(new Control[]{new PagedResultsControl(5, bArr, true)});
                    } while (bArr != null);
                    if (initialContext != null) {
                        initialContext.close();
                    }
                } catch (NamingException e) {
                    LOGGER.error("PagedSearch failed.");
                    LOGGER.debug(ExceptionUtils.getStackTrace(e));
                    if (initialContext != null) {
                        initialContext.close();
                    }
                }
            } catch (SizeLimitExceededException e2) {
                if (i < searchControls.getCountLimit()) {
                    LOGGER.error("Searching LDAP asked for more entries than permitted by the LDAP server.");
                    LOGGER.error("Size limit exceeded error occurred after record " + i + " with " + e2.getMessage());
                    LOGGER.error("You have to ask your LDAP server admin to increase the limit or specify a more suitable search base or filter.");
                } else {
                    LOGGER.error("Searching LDAP asked for more entries than permitted by the Track+ server (" + i + ").");
                    LOGGER.error("You have to get more user licenses for Track+ or specify a more suitable search base or filter.");
                }
                LOGGER.error("The LDAP synchronization is most likely incomplete.");
                if (initialContext != null) {
                    initialContext.close();
                }
            } catch (IOException e3) {
                LOGGER.error("PagedSearch failed.");
                LOGGER.debug(ExceptionUtils.getStackTrace(e3));
                if (initialContext != null) {
                    initialContext.close();
                }
            }
            return hashMap;
        } catch (Throwable th) {
            if (initialContext != null) {
                initialContext.close();
            }
            throw th;
        }
    }

    public static boolean isOnLdapServer(LdapTO ldapTO, String str) {
        try {
            return LdapBL.getUserCn(ldapTO, str) != null;
        } catch (NamingException e) {
            LOGGER.error(e.getMessage());
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TPersonBean getLdapUser(LdapTO ldapTO, String str, String str2, String str3, String str4, String str5) throws Exception {
        LdapContext ldapContext = null;
        try {
            try {
                LdapContext initialContext = LdapBL.getInitialContext(str, str2, str3);
                if (initialContext == null) {
                    LOGGER.warn("The context is null");
                    if (initialContext != null) {
                        initialContext.close();
                    }
                    return null;
                }
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                String firstNameField = ldapTO.getFirstNameField();
                String lastNameField = ldapTO.getLastNameField();
                String emailField = ldapTO.getEmailField();
                String phoneField = ldapTO.getPhoneField();
                NamingEnumeration search = initialContext.search(LdapBL.getFullUserDn(ldapTO), str5, searchControls);
                if (search == null || !search.hasMore()) {
                    if (initialContext == null) {
                        return null;
                    }
                    initialContext.close();
                    return null;
                }
                TPersonBean personBean = getPersonBean((SearchResult) search.next(), str4, firstNameField, lastNameField, emailField, phoneField, ldapTO.getCnFieldName());
                if (initialContext != null) {
                    initialContext.close();
                }
                return personBean;
            } catch (NamingException e) {
                LOGGER.warn("Searching from " + str + " by filter " + str5 + FAILED_WITH + e.getMessage());
                LOGGER.debug(ExceptionUtils.getStackTrace(e));
                if (0 == 0) {
                    return null;
                }
                ldapContext.close();
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                ldapContext.close();
            }
            throw th;
        }
    }

    static List<TPersonBean> getLdapUsers(LdapTO ldapTO, LdapContext ldapContext, String str, List<String> list) {
        ArrayList arrayList = new ArrayList();
        String firstNameField = ldapTO.getFirstNameField();
        String lastNameField = ldapTO.getLastNameField();
        String emailField = ldapTO.getEmailField();
        String phoneField = ldapTO.getPhoneField();
        for (String str2 : list) {
            LOGGER.debug("Searching by filter " + str2);
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            try {
                NamingEnumeration search = ldapContext.search(LdapBL.getFullUserDn(ldapTO), str2, searchControls);
                while (search != null && search.hasMore()) {
                    TPersonBean personBean = getPersonBean((SearchResult) search.next(), str, firstNameField, lastNameField, emailField, phoneField, ldapTO.getCnFieldName());
                    if (personBean != null) {
                        LOGGER.debug("Search successful " + str2);
                        arrayList.add(personBean);
                    }
                }
            } catch (NamingException e) {
                LOGGER.warn("Search failed with " + e.getMessage());
                LOGGER.debug(ExceptionUtils.getStackTrace(e));
            }
        }
        return arrayList;
    }

    public static void importLDAPUsersIntoTrackDB(Map<String, TPersonBean> map, Integer num) throws Exception {
        boolean z;
        List<TPersonBean> loadPersons = PersonBL.loadPersons();
        HashMap hashMap = new HashMap();
        for (TPersonBean tPersonBean : loadPersons) {
            hashMap.put(tPersonBean.getLoginName(), tPersonBean);
        }
        int i = 0;
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            TPersonBean tPersonBean2 = map.get(it.next());
            String loginName = tPersonBean2.getLoginName();
            String firstName = tPersonBean2.getFirstName();
            String lastName = tPersonBean2.getLastName();
            String email = tPersonBean2.getEmail();
            String phone = tPersonBean2.getPhone();
            TPersonBean tPersonBean3 = (TPersonBean) hashMap.get(loginName);
            if (tPersonBean3 != null) {
                z = !PersonBL.isLdapPersonSame(tPersonBean3, tPersonBean2);
                if (z) {
                    PersonBL.updateLdapPerson(tPersonBean3, firstName, lastName, email, phone);
                    LOGGER.info("Existing user " + firstName + " " + lastName + " (" + email + ") to be changed in Track+ database.");
                }
            } else {
                z = true;
                tPersonBean3 = PersonBL.createLdapPerson(loginName, firstName, lastName, email, phone);
                i++;
                LOGGER.info("Adding user " + tPersonBean2.getFirstName() + " " + tPersonBean2.getLastName() + " (" + tPersonBean2.getEmail() + ") to Track+ database.");
            }
            if (z) {
                LdapBL.setPersonHostedByLdapField(PersonBL.saveAndAddMenuFilters(tPersonBean3), num);
            }
        }
        if (i > 0) {
            ApplicationBean.getInstance().setActualUsers();
        }
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("User sync results for " + map.size() + " ldap persons:");
            if (i == 0) {
                LOGGER.info("LDAP directory users in sync with Track+ database.");
            } else {
                LOGGER.info(i + " user(s) from LDAP directory added to Track+ database.");
            }
        }
    }

    public static String exportTrackUsersIntoLDAP(boolean z, String str, Integer num) {
        List<TPersonBean> loadAllUsers;
        TSiteBean siteBean = ApplicationBean.getInstance().getSiteBean();
        List<Integer> splitSelectionAsInteger = StringArrayParameterUtils.splitSelectionAsInteger(str, StringPool.COMMA);
        if (splitSelectionAsInteger == null || splitSelectionAsInteger.isEmpty()) {
            LOGGER.debug("Loading all persons to export into ldap, isUser (or client): " + z);
            loadAllUsers = z ? PersonBL.loadAllUsers() : PersonBL.loadAllClients();
        } else {
            loadAllUsers = PersonBL.loadByKeys(splitSelectionAsInteger);
        }
        if (loadAllUsers != null && !loadAllUsers.isEmpty()) {
            LOGGER.info("Started exporting Track+ users into LDAP, number of users to export: " + loadAllUsers.size());
            loadAllUsers.forEach(tPersonBean -> {
                LOGGER.debug("Exporting user to LDAP server: " + tPersonBean.getLoginName());
                try {
                    if (tPersonBean.isDisabled()) {
                        LOGGER.debug("The system won't import user: " + tPersonBean.getLoginName() + " because the user is disabled!");
                    } else {
                        LOGGER.debug("Importing user: " + tPersonBean.getLoginName());
                        saveUserModificationsOnLdap(tPersonBean, tPersonBean.getLoginName(), null, null, 1, siteBean, num);
                    }
                } catch (Exception e) {
                    LOGGER.error(e);
                }
            });
            LOGGER.info("Finished exporting Track+ users into LDAP!");
        }
        return JSONUtility.encodeJSONSuccess();
    }

    public static void deactivateUsers(Map<String, TPersonBean> map) throws Exception {
        List<TPersonBean> loadActivePersons = PersonBL.loadActivePersons();
        if (ApplicationBean.getInstance().getSiteBean().getIsLDAPOnBool().booleanValue()) {
            LOGGER.info("Number of users found on LDAP server: " + map.size());
            LOGGER.info("Number of active users found in Track+ after LDAP sync: " + loadActivePersons.size());
            if (loadActivePersons == null || map == null) {
                return;
            }
            ArrayList arrayList = new ArrayList();
            loadActivePersons.forEach(tPersonBean -> {
                String loginName = tPersonBean.getLoginName();
                if (map.containsKey(loginName)) {
                    return;
                }
                String lowerCase = loginName.toLowerCase();
                if (TPersonBean.ADMIN_USER.equals(lowerCase) || TPersonBean.GUEST_USER.equals(lowerCase) || tPersonBean.getObjectID().intValue() <= 100) {
                    LOGGER.debug("We do not deactivate admin, guest, or anything with OID below 100");
                } else {
                    arrayList.add(tPersonBean.getObjectID());
                    LOGGER.debug("Deactivating " + lowerCase);
                }
            });
            if (arrayList.isEmpty()) {
                LOGGER.info("No user were deactivated");
            } else {
                PersonBL.activateDeactivatePersons(arrayList, true);
                LOGGER.info(arrayList.size() + " user(s) were deactivated");
            }
        }
    }

    static List<TPersonBean> getAllLdapUsersDescendants(LdapTO ldapTO, String str, String str2, String str3, String str4, String str5) throws Exception {
        ArrayList arrayList = new ArrayList();
        if (str5 == null || "".equals(str5) || "*".equals(str5)) {
            str5 = str4 + "=*";
        }
        int i = 0;
        SearchControls searchControls = null;
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = LdapBL.getInitialContext(str, str2, str3);
            } catch (IOException e) {
                LOGGER.error("PagedSearch failed.");
                LOGGER.debug(ExceptionUtils.getStackTrace(e));
                if (ldapContext != null) {
                    ldapContext.close();
                }
            } catch (SizeLimitExceededException e2) {
                if (i < searchControls.getCountLimit()) {
                    LOGGER.error("Searching LDAP asked for more entries than permitted by the LDAP server.");
                    LOGGER.error("Size limit exceeded error occurred after record " + i + " with " + e2.getMessage());
                    LOGGER.error("You have to ask your LDAP server admin to increase the limit or specify a more suitable search base or filter.");
                } else {
                    LOGGER.error("Searching LDAP asked for more entries than permitted by the Track+ server (" + i + ").");
                    LOGGER.error("You have to get more user licenses for Track+ or specify a more suitable search base or filter.");
                }
                LOGGER.error("The LDAP synchronization is most likely incomplete.");
                if (ldapContext != null) {
                    ldapContext.close();
                }
            } catch (NamingException e3) {
                LOGGER.error("PagedSearch failed.");
                LOGGER.debug(ExceptionUtils.getStackTrace(e3));
                if (ldapContext != null) {
                    ldapContext.close();
                }
            }
            if (ldapContext == null) {
                if (ldapContext != null) {
                    ldapContext.close();
                }
                return arrayList;
            }
            ldapContext.setRequestControls(new Control[]{new PagedResultsControl(5, false)});
            String str6 = "(" + str5 + ")";
            searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            searchControls.setCountLimit(((ApplicationBean.getInstance().getMaxNumberOfFullUsers() + ApplicationBean.getInstance().getMaxNumberOfLimitedUsers()) * 3) + 10);
            String firstNameField = ldapTO.getFirstNameField();
            String lastNameField = ldapTO.getLastNameField();
            String emailField = ldapTO.getEmailField();
            String phoneField = ldapTO.getPhoneField();
            byte[] bArr = new byte[0];
            while (bArr != null) {
                NamingEnumeration search = ldapContext.search(LdapBL.getFullUserDn(ldapTO), str6, searchControls);
                while (search != null && search.hasMore()) {
                    TPersonBean personBean = getPersonBean((SearchResult) search.next(), str4, firstNameField, lastNameField, emailField, phoneField, ldapTO.getCnFieldName());
                    if (personBean != null) {
                        arrayList.add(personBean);
                        i++;
                    }
                }
                PagedResultsResponseControl[] responseControls = ldapContext.getResponseControls();
                if (responseControls != null) {
                    for (int i2 = 0; i2 < responseControls.length; i2++) {
                        if (responseControls[i2] instanceof PagedResultsResponseControl) {
                            PagedResultsResponseControl pagedResultsResponseControl = responseControls[i2];
                            int resultSize = pagedResultsResponseControl.getResultSize();
                            if (resultSize != 0) {
                                LOGGER.debug("***************** END-OF-PAGE (total : " + resultSize + ") *****************\n");
                            } else {
                                LOGGER.debug("***************** END-OF-PAGE (total: unknown) ***************\n");
                            }
                            bArr = pagedResultsResponseControl.getCookie();
                        }
                    }
                } else {
                    LOGGER.debug("No controls were sent from the server");
                }
                ldapContext.setRequestControls(new Control[]{new PagedResultsControl(5, bArr, true)});
            }
            if (ldapContext != null) {
                ldapContext.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (ldapContext != null) {
                ldapContext.close();
            }
            throw th;
        }
    }

    public static void changeUserPasswordOnLdap(TPersonBean tPersonBean, String str, String str2, LdapTO ldapTO) throws LdapException {
        LdapContext ldapContext = null;
        StringBuilder sb = new StringBuilder();
        if (!isOnLdapServer(ldapTO, tPersonBean.getLoginName())) {
            if (!ldapTO.writeUserDataToLdap()) {
                LOGGER.debug("The selected user does not exist on LDAP server and the system does not have write permission to create it!");
                return;
            } else {
                LOGGER.debug("The selected user does not exist on LDAP server, the system will try to create it. ");
                createLdapUser(tPersonBean, str, str2, ldapTO);
                return;
            }
        }
        try {
            ldapContext = LdapBL.getInitialContext(ldapTO.getServerURL(), ldapTO.getUserName(), ldapTO.getDecryptedPassword());
        } catch (LdapException e) {
            LOGGER.error("Getting LDAP context failed with: " + e.getMessage());
            LOGGER.error(ExceptionUtils.getStackTrace(e));
            sb.append(e.getMessage());
        }
        if (ldapContext != null) {
            LOGGER.debug("Changing user password on LDAP server: " + tPersonBean.getLoginName());
            ModificationItem[] modificationItemArr = new ModificationItem[1];
            try {
                modificationItemArr[0] = new ModificationItem(2, new BasicAttribute(ldapTO.getPasswordField(), createLDAPPasswordAttributeValue(str, str2, true)));
                String userCn = LdapBL.getUserCn(ldapTO, tPersonBean.getLoginName());
                if (userCn != null) {
                    ldapContext.modifyAttributes(userCn + StringPool.COMMA + LdapBL.getFullUserDn(ldapTO), modificationItemArr);
                } else {
                    LOGGER.error("Failed to obtain user cn!");
                }
            } catch (NamingException e2) {
                sb.append(e2.getMessage());
                LOGGER.error("Changing the user's password failed with: " + e2.getMessage());
                LOGGER.error(ExceptionUtils.getStackTrace(e2));
            }
        }
        if (sb.length() > 0) {
            throw new LdapException(sb.toString());
        }
    }

    public static void updateUserDataOnLdap(TPersonBean tPersonBean, String str, String str2, String str3, LdapTO ldapTO) throws LdapException {
        Map<String, String> userLdapFieldsToModify;
        try {
            LdapContext initialContext = LdapBL.getInitialContext(ldapTO.getServerURL(), ldapTO.getUserName(), ldapTO.getDecryptedPassword());
            if (initialContext != null && (userLdapFieldsToModify = getUserLdapFieldsToModify(tPersonBean, str, str2, ldapTO)) != null && !userLdapFieldsToModify.isEmpty()) {
                LOGGER.debug("Modifying person field (except user name) on LDAP server!");
                ModificationItem[] modificationItemArr = new ModificationItem[userLdapFieldsToModify.size()];
                int i = 0;
                for (Map.Entry<String, String> entry : userLdapFieldsToModify.entrySet()) {
                    String value = entry.getValue();
                    if (!entry.getKey().equals(ldapTO.getPasswordField()) || value == null || value.isEmpty()) {
                        modificationItemArr[i] = new ModificationItem(2, new BasicAttribute(entry.getKey(), value));
                    } else {
                        modificationItemArr[i] = new ModificationItem(2, new BasicAttribute(entry.getKey(), createLDAPPasswordAttributeValue(value, str3, true)));
                    }
                    i++;
                }
                String userCn = LdapBL.getUserCn(ldapTO, str);
                if (userCn == null) {
                    throw new LdapException("Failed obtaining the user cn!");
                }
                initialContext.modifyAttributes(userCn + StringPool.COMMA + LdapBL.getFullUserDn(ldapTO), modificationItemArr);
            }
        } catch (LdapException | NamingException e) {
            LOGGER.error(ExceptionUtils.getStackTrace(e));
            throw new LdapException(e.getMessage());
        }
    }

    private static Map<String, String> getUserLdapFieldsToModify(TPersonBean tPersonBean, String str, String str2, LdapTO ldapTO) {
        HashMap hashMap = new HashMap();
        if (hasStrValue(ldapTO.getLoginNameField()) && str != null && tPersonBean.getLoginName() != null && !str.equals(tPersonBean.getLoginName())) {
            hashMap.put(ldapTO.getLoginNameField(), tPersonBean.getLoginName());
        }
        if (hasStrValue(ldapTO.getPasswordField()) && str2 != null && !str2.isEmpty()) {
            hashMap.put(ldapTO.getPasswordField(), str2);
        }
        if (hasStrValue(ldapTO.getEmailField())) {
            hashMap.put(ldapTO.getEmailField(), tPersonBean.getEmail());
        }
        if (hasStrValue(ldapTO.getPhoneField()) && tPersonBean.getPhone() != null && !tPersonBean.getPhone().isEmpty()) {
            hashMap.put(ldapTO.getPhoneField(), tPersonBean.getPhone());
        }
        if (hasStrValue(ldapTO.getLastNameField())) {
            hashMap.put(ldapTO.getLastNameField(), tPersonBean.getLastName());
        }
        if (hasStrValue(ldapTO.getFirstNameField())) {
            hashMap.put(ldapTO.getFirstNameField(), tPersonBean.getFirstName());
        }
        return hashMap;
    }

    private static boolean hasStrValue(String str) {
        return (str == null || str.isEmpty()) ? false : true;
    }

    public static void createLdapUser(TPersonBean tPersonBean, String str, String str2, LdapTO ldapTO) throws LdapException {
        String createLDAPPasswordAttributeValue;
        LdapContext ldapContext = null;
        StringBuilder sb = new StringBuilder();
        try {
            ldapContext = LdapBL.getInitialContext(ldapTO.getServerURL(), ldapTO.getUserName(), ldapTO.getDecryptedPassword());
        } catch (LdapException e) {
            LOGGER.error("Getting LDAP context failed with: " + e.getMessage());
            LOGGER.error(ExceptionUtils.getStackTrace(e));
            sb.append(e.getMessage());
        }
        if (ldapContext != null) {
            BasicAttributes basicAttributes = new BasicAttributes();
            LdapBL.addAdditionalAttributes(basicAttributes, ldapTO.getUserCreationAttributes());
            BasicAttribute basicAttribute = new BasicAttribute(ldapTO.getLoginNameField());
            basicAttribute.add(tPersonBean.getLoginName());
            basicAttributes.put(basicAttribute);
            BasicAttribute basicAttribute2 = new BasicAttribute(ldapTO.getLastNameField());
            basicAttribute2.add(tPersonBean.getLastName());
            basicAttributes.put(basicAttribute2);
            BasicAttribute basicAttribute3 = new BasicAttribute(ldapTO.getFirstNameField());
            basicAttribute3.add(tPersonBean.getFirstName());
            basicAttributes.put(basicAttribute3);
            BasicAttribute basicAttribute4 = new BasicAttribute(ldapTO.getEmailField());
            basicAttribute4.add(tPersonBean.getEmail());
            basicAttributes.put(basicAttribute4);
            boolean z = false;
            String passwd = tPersonBean.getPasswd();
            if (str != null && !str.isEmpty()) {
                z = true;
                passwd = str;
            }
            if (passwd != null && !passwd.isEmpty() && (createLDAPPasswordAttributeValue = createLDAPPasswordAttributeValue(passwd, str2, z)) != null && createLDAPPasswordAttributeValue.length() > 0) {
                BasicAttribute basicAttribute5 = new BasicAttribute(ldapTO.getPasswordField());
                basicAttribute5.add(createLDAPPasswordAttributeValue);
                basicAttributes.put(basicAttribute5);
            }
            try {
                ldapContext.createSubcontext(ldapTO.getCnFieldName() + StringPool.EQUAL + tPersonBean.getLoginName() + StringPool.COMMA + LdapBL.getFullUserDn(ldapTO), basicAttributes);
            } catch (NamingException e2) {
                LOGGER.error("Error while creating new user on LDAP server, username: " + tPersonBean.getLoginName());
                LOGGER.error(ExceptionUtils.getStackTrace(e2));
                throw new LdapException(e2.getMessage());
            }
        }
    }

    public static void saveUserModificationsOnLdap(TPersonBean tPersonBean, String str, String str2, String str3, Integer num, TSiteBean tSiteBean, Integer num2) throws LdapException {
        LdapTO defaultLdapTOByconnectionID = num2 != null ? LdapBL.getDefaultLdapTOByconnectionID(num2) : LdapBL.getLdapTOForPerson(tPersonBean);
        if (defaultLdapTOByconnectionID == null) {
            LOGGER.error("Failed to retrieve LDAP configuration for saving user data! User: " + tPersonBean.getLoginName());
            return;
        }
        boolean hasPermToWriteUserDataToLdap = LdapBL.hasPermToWriteUserDataToLdap(tSiteBean, defaultLdapTOByconnectionID);
        LOGGER.debug("Push user data to ldap server: " + hasPermToWriteUserDataToLdap);
        StringBuilder sb = new StringBuilder();
        if (hasPermToWriteUserDataToLdap) {
            try {
                ApplicationBean.getInstance().getSiteBean();
                LOGGER.debug("Pushing data to LDAP server for user: " + tPersonBean.getLoginName());
                if (num.intValue() == 2) {
                    LOGGER.debug("After admin added a new user into Track+, the system will create the LDAP user too.");
                    createLdapUser(tPersonBean, str2, str3, defaultLdapTOByconnectionID);
                }
                if (num.intValue() == 0) {
                    createLdapUser(tPersonBean, str2, str3, defaultLdapTOByconnectionID);
                }
                if ((num.intValue() == 1 || num.intValue() == 3) && defaultLdapTOByconnectionID != null) {
                    if (isOnLdapServer(defaultLdapTOByconnectionID, str)) {
                        updateUserDataOnLdap(tPersonBean, str, str2, str3, defaultLdapTOByconnectionID);
                    } else {
                        createLdapUser(tPersonBean, str2, str3, defaultLdapTOByconnectionID);
                    }
                }
            } catch (LdapException e) {
                LOGGER.error(ExceptionUtils.getStackTrace(e));
                sb.append(e.getMessage());
            }
        }
        if (sb.length() > 0) {
            throw new LdapException(sb.toString());
        }
    }

    public static void deleteUsers(TPersonBean tPersonBean) {
        String userCn;
        if (tPersonBean != null) {
            try {
                LOGGER.debug("Deleting user from LDAP: " + tPersonBean.getLoginName());
                LdapTO ldapTOForPerson = LdapBL.getLdapTOForPerson(tPersonBean);
                if (LdapBL.hasPermToWriteUserDataToLdap(ApplicationBean.getInstance().getSiteBean(), ldapTOForPerson) && (userCn = LdapBL.getUserCn(ldapTOForPerson, tPersonBean.getLoginName())) != null) {
                    String str = userCn + StringPool.COMMA + LdapBL.getFullUserDn(ldapTOForPerson);
                    LdapContext initialContext = LdapBL.getInitialContext(ldapTOForPerson.getServerURL(), ldapTOForPerson.getUserName(), ldapTOForPerson.getDecryptedPassword());
                    if (initialContext != null) {
                        initialContext.unbind(str);
                        LOGGER.debug("Deleting user from LDAP succeeded, loginName: " + tPersonBean.getLoginName());
                    }
                }
            } catch (Exception e) {
                LOGGER.error("Failed to delete the user: " + e.getMessage());
                LOGGER.error(ExceptionUtils.getStackTrace(e));
            }
        }
    }

    private static String createLDAPPasswordAttributeValue(String str, String str2, boolean z) {
        return z ? new TpPasswordEncoder().encodePasswordCryptSha512(str, str2) : str;
    }
}
