package org.deegree.tools.security;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import org.deegree.framework.mail.EMailMessage;
import org.deegree.framework.mail.MailHelper;
import org.deegree.framework.mail.SendMailException;
import org.deegree.security.GeneralSecurityException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.ManagementException;
import org.deegree.security.drm.SecurityAccess;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.SecurityHelper;
import org.deegree.security.drm.SecurityTransaction;
import org.deegree.security.drm.UnknownException;
import org.deegree.security.drm.model.Group;
import org.deegree.security.drm.model.User;

/* loaded from: input_file:org/deegree/tools/security/ActiveDirectoryImporter.class */
public class ActiveDirectoryImporter {
    private SecurityAccessManager manager;
    private SecurityAccess access;
    private SecurityTransaction trans;
    private User admin;
    private Hashtable<String, String> env;
    private LdapContext ctx;
    private Properties config;
    private static String mailSender;
    private static String mailRcpt;
    private static String mailHost;
    private static boolean mailLog;
    private int pageSize = 500;
    private StringBuffer logBuffer = new StringBuffer(1000);

    ActiveDirectoryImporter(Properties properties) throws NamingException, GeneralSecurityException {
        this.config = properties;
        mailSender = getPropertySafe("mailSender");
        mailRcpt = getPropertySafe("mailRcpt");
        mailHost = getPropertySafe("mailHost");
        mailLog = getPropertySafe("mailLog").equals("true") || getPropertySafe("mailLog").equals("yes");
        Properties properties2 = new Properties();
        properties2.put("driver", getPropertySafe("sqlDriver"));
        properties2.put("url", getPropertySafe("sqlLogon"));
        properties2.put("user", getPropertySafe("sqlUser"));
        properties2.put("password", getPropertySafe("sqlPass"));
        long j = 1200000;
        try {
            j = Long.parseLong(getPropertySafe("timeout"));
        } catch (NumberFormatException e) {
            this.logBuffer.append("Specified property value for timeout invalid. Defaulting to 1200 (secs).");
        }
        if (!SecurityAccessManager.isInitialized()) {
            SecurityAccessManager.initialize("org.deegree.security.drm.SQLRegistry", properties2, j);
        }
        this.manager = SecurityAccessManager.getInstance();
        this.admin = this.manager.getUserByName(getPropertySafe("u3rAdminName"));
        this.admin.authenticate(getPropertySafe("u3rAdminPassword"));
        String str = "ldap://" + getPropertySafe("ldapHost") + ":389/";
        this.env = new Hashtable<>();
        this.env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        this.env.put("java.naming.provider.url", str);
        this.env.put("java.naming.security.authentication", "simple");
        this.env.put("java.naming.security.principal", getPropertySafe("ldapUser"));
        this.env.put("java.naming.security.credentials", getPropertySafe("ldapPass"));
        this.env.put("java.naming.referral", "ignore");
        this.access = this.manager.acquireAccess(this.admin);
        this.trans = this.manager.acquireTransaction(this.admin);
        this.ctx = new InitialLdapContext(this.env, (Control[]) null);
    }

    private String getPropertySafe(String str) {
        String property = this.config.getProperty(str);
        if (property == null) {
            throw new RuntimeException("Configuration does not define needed property '" + str + "'.");
        }
        return property;
    }

    HashMap synchronizeGroups() throws NamingException, IOException, UnauthorizedException, GeneralSecurityException {
        Group registerGroup;
        HashMap hashMap = new HashMap(20);
        HashMap hashMap2 = new HashMap(20);
        HashMap hashMap3 = new HashMap(20);
        byte[] bArr = (byte[]) null;
        String[] strArr = {"distinguishedName", getPropertySafe("groupName"), getPropertySafe("groupTitle"), getPropertySafe("groupMemberOf")};
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(2);
        String propertySafe = getPropertySafe("groupFilter");
        String propertySafe2 = getPropertySafe("groupContext");
        this.ctx.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, false)});
        do {
            NamingEnumeration search = this.ctx.search(propertySafe2, propertySafe, searchControls);
            while (search.hasMoreElements()) {
                Attributes attributes = ((SearchResult) search.nextElement()).getAttributes();
                String str = (String) attributes.get("distinguishedName").get();
                String str2 = (String) attributes.get(getPropertySafe("groupName")).get();
                String str3 = (String) attributes.get(getPropertySafe("groupTitle")).get();
                try {
                    registerGroup = this.access.getGroupByName(str2);
                } catch (UnknownException e) {
                    this.logBuffer.append("Registering group: " + str2 + "\n");
                    registerGroup = this.trans.registerGroup(str2, str3);
                }
                hashMap.put(str2, registerGroup);
                hashMap2.put(str, registerGroup);
                if (attributes.get(getPropertySafe("groupMemberOf")) != null) {
                    hashMap3.put(str2, attributes.get(getPropertySafe("groupMemberOf")).getAll());
                }
            }
            PagedResultsResponseControl[] responseControls = this.ctx.getResponseControls();
            if (responseControls != null) {
                for (int i = 0; i < responseControls.length; i++) {
                    if (responseControls[i] instanceof PagedResultsResponseControl) {
                        bArr = responseControls[i].getCookie();
                    }
                }
            }
            if (bArr != null) {
                this.ctx.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, bArr, true)});
            }
        } while (bArr != null);
        Group[] allGroups = this.access.getAllGroups();
        for (int i2 = 0; i2 < allGroups.length; i2++) {
            if (hashMap.get(allGroups[i2].getName()) == null && allGroups[i2].getID() != 2 && !allGroups[i2].getName().equals("SEC_ALL")) {
                this.logBuffer.append("Deregistering group: " + allGroups[i2].getName() + "\n");
                this.trans.deregisterGroup(allGroups[i2]);
            }
        }
        for (String str4 : hashMap.keySet()) {
            Group group = (Group) hashMap.get(str4);
            NamingEnumeration namingEnumeration = (NamingEnumeration) hashMap3.get(str4);
            ArrayList arrayList = new ArrayList(5);
            if (namingEnumeration != null) {
                while (namingEnumeration.hasMoreElements()) {
                    String str5 = (String) namingEnumeration.nextElement();
                    Group group2 = (Group) hashMap2.get(str5);
                    if (group2 != null) {
                        arrayList.add(group2);
                    } else {
                        this.logBuffer.append("Group " + str4 + " is member of unknown group " + str5 + ". Membership ignored.\n");
                    }
                }
            }
            this.trans.setGroupsForGroup(group, (Group[]) arrayList.toArray(new Group[arrayList.size()]));
        }
        return hashMap2;
    }

    void synchronizeUsers(HashMap hashMap) throws NamingException, IOException, UnauthorizedException, GeneralSecurityException {
        User registerUser;
        HashMap hashMap2 = new HashMap(20);
        HashMap hashMap3 = new HashMap(20);
        byte[] bArr = (byte[]) null;
        String[] strArr = {getPropertySafe("userName"), getPropertySafe("userTitle"), getPropertySafe("userFirstName"), getPropertySafe("userLastName"), getPropertySafe("userMail"), getPropertySafe("userMemberOf")};
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(strArr);
        searchControls.setSearchScope(2);
        String propertySafe = getPropertySafe("userFilter");
        String propertySafe2 = getPropertySafe("userContext");
        this.ctx.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, false)});
        do {
            NamingEnumeration search = this.ctx.search(propertySafe2, propertySafe, searchControls);
            while (search.hasMoreElements()) {
                Attributes attributes = ((SearchResult) search.nextElement()).getAttributes();
                Attribute attribute = attributes.get(getPropertySafe("userName"));
                Attribute attribute2 = attributes.get(getPropertySafe("userFirstName"));
                Attribute attribute3 = attributes.get(getPropertySafe("userLastName"));
                Attribute attribute4 = attributes.get(getPropertySafe("userMail"));
                Attribute attribute5 = attributes.get(getPropertySafe("userMemberOf"));
                String str = (String) attribute.get();
                String str2 = attribute2 != null ? (String) attribute2.get() : "";
                String str3 = attribute3 != null ? (String) attribute3.get() : "";
                String str4 = attribute4 != null ? (String) attribute4.get() : "";
                try {
                    registerUser = this.access.getUserByName(str);
                } catch (UnknownException e) {
                    this.logBuffer.append("Registering user: " + str + "\n");
                    registerUser = this.trans.registerUser(str, null, str3, str2, str4);
                }
                hashMap2.put(str, registerUser);
                if (attribute5 != null) {
                    hashMap3.put(str, attribute5.getAll());
                }
            }
            PagedResultsResponseControl[] responseControls = this.ctx.getResponseControls();
            if (responseControls != null) {
                for (int i = 0; i < responseControls.length; i++) {
                    if (responseControls[i] instanceof PagedResultsResponseControl) {
                        bArr = responseControls[i].getCookie();
                    }
                }
            }
            if (bArr != null) {
                this.ctx.setRequestControls(new Control[]{new PagedResultsControl(this.pageSize, bArr, true)});
            }
        } while (bArr != null);
        User[] allUsers = this.access.getAllUsers();
        for (int i2 = 0; i2 < allUsers.length; i2++) {
            if (hashMap2.get(allUsers[i2].getName()) == null && allUsers[i2].getID() != 1) {
                this.logBuffer.append("Deregistering user: " + allUsers[i2].getName() + "\n");
                this.trans.deregisterUser(allUsers[i2]);
            }
        }
        for (String str5 : hashMap2.keySet()) {
            User user = (User) hashMap2.get(str5);
            NamingEnumeration namingEnumeration = (NamingEnumeration) hashMap3.get(str5);
            ArrayList arrayList = new ArrayList(5);
            if (namingEnumeration != null) {
                while (namingEnumeration.hasMoreElements()) {
                    String str6 = (String) namingEnumeration.nextElement();
                    Group group = (Group) hashMap.get(str6);
                    if (group != null) {
                        arrayList.add(group);
                    } else {
                        this.logBuffer.append("User " + str5 + " is member of unknown group " + str6 + ". Membership ignored.\n");
                    }
                }
            }
            this.trans.setGroupsForUser(user, (Group[]) arrayList.toArray(new Group[arrayList.size()]));
        }
    }

    void updateSecAll() throws GeneralSecurityException {
        Group registerGroup;
        try {
            registerGroup = this.access.getGroupByName("SEC_ALL");
        } catch (UnknownException e) {
            registerGroup = this.trans.registerGroup("SEC_ALL", "SEC_ALL");
        }
        this.trans.setUsersInGroup(registerGroup, this.access.getAllUsers());
    }

    void checkSubadminRoleValidity() throws ManagementException, GeneralSecurityException {
        SecurityHelper.checkSubadminRoleValidity(this.access);
    }

    public void abortChanges() {
        if (this.manager != null && this.trans != null) {
            try {
                this.manager.abortTransaction(this.trans);
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
            }
        }
        if (this.ctx != null) {
            try {
                this.ctx.close();
            } catch (NamingException e2) {
                e2.printStackTrace();
            }
        }
    }

    public void commitChanges() {
        if (this.manager != null && this.trans != null) {
            try {
                this.manager.commitTransaction(this.trans);
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
            }
        }
        if (this.ctx != null) {
            try {
                this.ctx.close();
            } catch (NamingException e2) {
                e2.printStackTrace();
            }
        }
    }

    public static void sendError(Exception exc) {
        try {
            StringWriter stringWriter = new StringWriter();
            exc.printStackTrace(new PrintWriter(stringWriter));
            MailHelper.createAndSendMail(new EMailMessage(mailSender, mailRcpt, "Fehler im ADExporter", String.valueOf(String.valueOf("Beim Synchronisieren des ActiveDirectory mit der HUIS-Sicherheitsdatenbank ist ein Fehler aufgetreten.\nDie Synchronisierung wurde NICHT durchgeführt, der letzte Stand wurde wiederhergestellt.\n") + "\n\nDie Java-Fehlermeldung lautet:\n" + ((Object) stringWriter.getBuffer())) + "\n\nMit freundlichem Gruss,\nIhr ADExporter"), mailHost);
        } catch (SendMailException e) {
            e.printStackTrace();
        }
    }

    public void sendLog() {
        try {
            MailHelper.createAndSendMail(new EMailMessage(mailSender, mailRcpt, "ActiveDirectory Sychronisierung durchgeführt", String.valueOf(this.logBuffer.length() == 0 ? String.valueOf("Die Synchronisierung der HUIS-Sicherheitsdatenbank mit dem ActiveDirectory wurde erfolgreich durchgeführt:\n\n") + "Keine Änderungen." : String.valueOf("Die Synchronisierung der HUIS-Sicherheitsdatenbank mit dem ActiveDirectory wurde erfolgreich durchgeführt:\n\n") + this.logBuffer.toString()) + "\n\nMit freundlichem Gruss,\nIhr ADExporter"), mailHost);
        } catch (SendMailException e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length != 1) {
            System.out.println("USAGE: ADExporter configfile");
            System.exit(0);
        }
        long currentTimeMillis = System.currentTimeMillis();
        System.out.println("Beginning synchronisation...");
        ActiveDirectoryImporter activeDirectoryImporter = null;
        try {
            Properties properties = new Properties();
            properties.load(new FileInputStream(strArr[0]));
            activeDirectoryImporter = new ActiveDirectoryImporter(properties);
            activeDirectoryImporter.synchronizeUsers(activeDirectoryImporter.synchronizeGroups());
            activeDirectoryImporter.updateSecAll();
            activeDirectoryImporter.checkSubadminRoleValidity();
            activeDirectoryImporter.commitChanges();
        } catch (Exception e) {
            if (activeDirectoryImporter != null) {
                activeDirectoryImporter.abortChanges();
            }
            sendError(e);
            System.err.println("Synchronisation has been aborted. Error message: ");
            e.printStackTrace();
            System.exit(0);
        }
        if (mailLog) {
            activeDirectoryImporter.sendLog();
        }
        System.out.println("Synchronisation took " + (System.currentTimeMillis() - currentTimeMillis) + " milliseconds.");
        System.exit(0);
    }
}
