package com.liferay.portal.security.ldap.internal.exportimport;

import com.liferay.expando.kernel.model.ExpandoBridge;
import com.liferay.expando.kernel.util.ExpandoConverterUtil;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.bean.BeanProperties;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.PwdEncryptorException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Contact;
import com.liferay.portal.kernel.model.Image;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.model.UserGroup;
import com.liferay.portal.kernel.security.auth.PasswordModificationThreadLocal;
import com.liferay.portal.kernel.security.ldap.LDAPSettings;
import com.liferay.portal.kernel.security.pwd.PasswordEncryptor;
import com.liferay.portal.kernel.service.ImageLocalService;
import com.liferay.portal.kernel.service.ListTypeService;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Props;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.exportimport.UserOperation;
import com.liferay.portal.security.ldap.SafeLdapName;
import com.liferay.portal.security.ldap.SafeLdapNameFactory;
import com.liferay.portal.security.ldap.SafePortalLDAP;
import com.liferay.portal.security.ldap.authenticator.configuration.LDAPAuthConfiguration;
import com.liferay.portal.security.ldap.configuration.ConfigurationProvider;
import com.liferay.portal.security.ldap.configuration.LDAPServerConfiguration;
import com.liferay.portal.security.ldap.exportimport.Modifications;
import com.liferay.portal.security.ldap.exportimport.PortalToLDAPConverter;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.naming.Binding;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.Rdn;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(immediate = true, service = {PortalToLDAPConverter.class})
/* loaded from: input_file:com/liferay/portal/security/ldap/internal/exportimport/DefaultPortalToLDAPConverter.class */
public class DefaultPortalToLDAPConverter implements PortalToLDAPConverter {
    private static final String _DEFAULT_DN = "cn";
    private static final String _OBJECT_CLASS = "objectclass";
    private static final Log _log = LogFactoryUtil.getLog(DefaultPortalToLDAPConverter.class);

    @Reference
    private BeanProperties _beanProperties;
    private ImageLocalService _imageLocalService;
    private ConfigurationProvider<LDAPAuthConfiguration> _ldapAuthConfigurationProvider;
    private ConfigurationProvider<LDAPServerConfiguration> _ldapServerConfigurationProvider;
    private LDAPSettings _ldapSettings;

    @Reference
    private ListTypeService _listTypeService;
    private PasswordEncryptor _passwordEncryptor;

    @Reference
    private Props _props;

    @Reference(policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    private volatile SafePortalLDAP _safePortalLDAP;
    private final Map<String, String> _reservedContactFieldNames = new HashMap();
    private final Map<String, String> _reservedUserFieldNames = new HashMap();
    private String _userDNFieldName = "screenName";

    public DefaultPortalToLDAPConverter() {
        this._reservedUserFieldNames.put("group", "group");
        this._reservedUserFieldNames.put("password", "password");
        this._reservedUserFieldNames.put("portrait", "portrait");
        this._reservedUserFieldNames.put("screenName", "screenName");
    }

    @Deprecated
    public String getGroupDNName(long j, UserGroup userGroup, Properties properties) throws Exception {
        Binding group = this._safePortalLDAP.getGroup(j, userGroup.getCompanyId(), userGroup.getName());
        return group != null ? group.getNameInNamespace() : StringBundler.concat(new Object[]{GetterUtil.getString(properties.getProperty("groupName"), _DEFAULT_DN), "=", Rdn.escapeValue(userGroup.getName()), ",", this._safePortalLDAP.getGroupsDNSafeLdapName(j, userGroup.getCompanyId())});
    }

    public SafeLdapName getGroupSafeLdapName(long j, UserGroup userGroup, Properties properties) throws Exception {
        Binding group = this._safePortalLDAP.getGroup(j, userGroup.getCompanyId(), userGroup.getName());
        return group != null ? SafeLdapNameFactory.from(group) : SafeLdapNameFactory.from(GetterUtil.getString(properties.getProperty("groupName"), _DEFAULT_DN), userGroup.getName(), this._safePortalLDAP.getGroupsDNSafeLdapName(j, userGroup.getCompanyId()));
    }

    public Modifications getLDAPContactModifications(Contact contact, Map<String, Serializable> map, Properties properties, Properties properties2) throws Exception {
        if (properties.isEmpty() && properties2.isEmpty()) {
            return null;
        }
        if (properties2.containsKey("prefix")) {
            properties.put("prefix", properties2.getProperty("prefix"));
        }
        if (properties2.containsKey("suffix")) {
            properties.put("suffix", properties2.getProperty("suffix"));
        }
        Modifications _getModifications = _getModifications(contact, properties, this._reservedContactFieldNames);
        _populateCustomAttributeModifications(contact, contact.getExpandoBridge(), map, properties2, _getModifications);
        return _getModifications;
    }

    public Attributes getLDAPGroupAttributes(long j, UserGroup userGroup, User user, Properties properties, Properties properties2) throws Exception {
        LDAPServerConfiguration lDAPServerConfiguration = (LDAPServerConfiguration) this._ldapServerConfigurationProvider.getConfiguration(userGroup.getCompanyId(), j);
        if (lDAPServerConfiguration.ldapServerId() != j) {
            if (!_log.isDebugEnabled()) {
                return null;
            }
            _log.debug(StringBundler.concat(new Object[]{"LDAP server ", Long.valueOf(j), " is invalid because company ", Long.valueOf(userGroup.getCompanyId()), " uses ", Long.valueOf(lDAPServerConfiguration.ldapServerId())}));
            return null;
        }
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute(_OBJECT_CLASS);
        for (String str : lDAPServerConfiguration.groupDefaultObjectClasses()) {
            basicAttribute.add(str);
        }
        basicAttributes.put(basicAttribute);
        _addAttributeMapping(properties.getProperty("groupName"), userGroup.getName(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("description"), userGroup.getDescription(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("user"), getUserDNName(j, user, properties2), (Attributes) basicAttributes);
        return basicAttributes;
    }

    public Modifications getLDAPGroupModifications(long j, UserGroup userGroup, User user, Properties properties, Properties properties2, UserOperation userOperation) throws Exception {
        Modifications _getModifications = _getModifications(userGroup, properties, new HashMap());
        SafeLdapName groupSafeLdapName = getGroupSafeLdapName(j, userGroup, properties);
        SafeLdapName userSafeLdapName = getUserSafeLdapName(j, user, properties2);
        if (this._safePortalLDAP.isGroupMember(j, user.getCompanyId(), groupSafeLdapName, userSafeLdapName)) {
            if (userOperation == UserOperation.REMOVE) {
                _getModifications.addItem(3, properties.getProperty("user"), userSafeLdapName);
            }
        } else if (userOperation == UserOperation.ADD) {
            _getModifications.addItem(1, properties.getProperty("user"), userSafeLdapName);
        }
        return _getModifications;
    }

    public Attributes getLDAPUserAttributes(long j, User user, Properties properties) {
        LDAPServerConfiguration lDAPServerConfiguration = (LDAPServerConfiguration) this._ldapServerConfigurationProvider.getConfiguration(user.getCompanyId(), j);
        if (lDAPServerConfiguration.ldapServerId() != j) {
            if (!_log.isDebugEnabled()) {
                return null;
            }
            _log.debug(StringBundler.concat(new Object[]{"LDAP server ", Long.valueOf(j), " is invalid because company ", Long.valueOf(user.getCompanyId()), " uses ", Long.valueOf(lDAPServerConfiguration.ldapServerId())}));
            return null;
        }
        BasicAttributes basicAttributes = new BasicAttributes(true);
        BasicAttribute basicAttribute = new BasicAttribute(_OBJECT_CLASS);
        for (String str : lDAPServerConfiguration.userDefaultObjectClasses()) {
            basicAttribute.add(str);
        }
        basicAttributes.put(basicAttribute);
        _addAttributeMapping(properties.getProperty("uuid"), user.getUuid(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("screenName"), user.getScreenName(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("password"), _getEncryptedPasswordForLDAP(user, properties), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("emailAddress"), user.getEmailAddress(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("fullName"), user.getFullName(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("firstName"), user.getFirstName(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("middleName"), user.getMiddleName(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("lastName"), user.getLastName(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("jobTitle"), user.getJobTitle(), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("portrait"), (Object) _getUserPortrait(user), (Attributes) basicAttributes);
        _addAttributeMapping(properties.getProperty("status"), String.valueOf(user.getStatus()), (Attributes) basicAttributes);
        return basicAttributes;
    }

    public Modifications getLDAPUserGroupModifications(long j, List<UserGroup> list, User user, Properties properties) throws Exception {
        Modifications modifications = Modifications.getInstance();
        String property = properties.getProperty("group");
        if (Validator.isNull(property)) {
            return modifications;
        }
        Properties groupMappings = this._ldapSettings.getGroupMappings(j, user.getCompanyId());
        SafeLdapName userSafeLdapName = getUserSafeLdapName(j, user, properties);
        Iterator<UserGroup> it = list.iterator();
        while (it.hasNext()) {
            SafeLdapName groupSafeLdapName = getGroupSafeLdapName(j, it.next(), groupMappings);
            if (!this._safePortalLDAP.isUserGroupMember(j, user.getCompanyId(), groupSafeLdapName, userSafeLdapName)) {
                modifications.addItem(1, property, groupSafeLdapName);
            }
        }
        return modifications;
    }

    public Modifications getLDAPUserModifications(User user, Map<String, Serializable> map, Properties properties, Properties properties2) throws Exception {
        Modifications _getModifications = _getModifications(user, properties, this._reservedUserFieldNames);
        if (PasswordModificationThreadLocal.isPasswordModified() && Validator.isNotNull(PasswordModificationThreadLocal.getPasswordUnencrypted())) {
            _addModificationItem(properties.getProperty("password"), _getEncryptedPasswordForLDAP(user, properties), _getModifications);
        }
        String property = properties.getProperty("portrait");
        if (Validator.isNotNull(property)) {
            _addModificationItem(new BasicAttribute(property, _getUserPortrait(user)), _getModifications);
        }
        _populateCustomAttributeModifications(user, user.getExpandoBridge(), map, properties2, _getModifications);
        return _getModifications;
    }

    @Deprecated
    public String getUserDNName(long j, User user, Properties properties) throws Exception {
        Binding user2 = this._safePortalLDAP.getUser(j, user.getCompanyId(), user.getScreenName(), user.getEmailAddress());
        return user2 != null ? user2.getNameInNamespace() : StringBundler.concat(new Object[]{GetterUtil.getString(properties.getProperty(this._userDNFieldName), _DEFAULT_DN), "=", this._beanProperties.getStringSilent(user, this._userDNFieldName), ",", this._safePortalLDAP.getUsersDNSafeLdapName(j, user.getCompanyId())});
    }

    public SafeLdapName getUserSafeLdapName(long j, User user, Properties properties) throws Exception {
        Binding user2 = this._safePortalLDAP.getUser(j, user.getCompanyId(), user.getScreenName(), user.getEmailAddress());
        return user2 != null ? SafeLdapNameFactory.from(user2) : SafeLdapNameFactory.from(GetterUtil.getString(properties.getProperty(this._userDNFieldName), _DEFAULT_DN), this._beanProperties.getStringSilent(user, this._userDNFieldName), this._safePortalLDAP.getUsersDNSafeLdapName(j, user.getCompanyId()));
    }

    public void setContactReservedFieldNames(List<String> list) {
        for (String str : list) {
            this._reservedContactFieldNames.put(str, str);
        }
    }

    public void setUserDNFieldName(String str) {
        this._userDNFieldName = str;
    }

    public void setUserReservedFieldNames(List<String> list) {
        for (String str : list) {
            this._reservedUserFieldNames.put(str, str);
        }
    }

    @Reference(unbind = "-")
    protected void setImageLocalService(ImageLocalService imageLocalService) {
        this._imageLocalService = imageLocalService;
    }

    @Reference(target = "(factoryPid=com.liferay.portal.security.ldap.authenticator.configuration.LDAPAuthConfiguration)", unbind = "-")
    protected void setLDAPAuthConfigurationProvider(ConfigurationProvider<LDAPAuthConfiguration> configurationProvider) {
        this._ldapAuthConfigurationProvider = configurationProvider;
    }

    @Reference(target = "(factoryPid=com.liferay.portal.security.ldap.configuration.LDAPServerConfiguration)", unbind = "-")
    protected void setLDAPServerConfigurationProvider(ConfigurationProvider<LDAPServerConfiguration> configurationProvider) {
        this._ldapServerConfigurationProvider = configurationProvider;
    }

    @Reference(unbind = "-")
    protected void setLdapSettings(LDAPSettings lDAPSettings) {
        this._ldapSettings = lDAPSettings;
    }

    @Reference(unbind = "-")
    protected void setPasswordEncryptor(PasswordEncryptor passwordEncryptor) {
        this._passwordEncryptor = passwordEncryptor;
    }

    private void _addAttributeMapping(String str, Object obj, Attributes attributes) {
        if (!Validator.isNotNull(str) || obj == null) {
            return;
        }
        attributes.put(str, obj);
    }

    private void _addAttributeMapping(String str, String str2, Attributes attributes) {
        if (Validator.isNotNull(str) && Validator.isNotNull(str2)) {
            attributes.put(str, str2);
        }
    }

    private void _addModificationItem(BasicAttribute basicAttribute, Modifications modifications) {
        if (basicAttribute != null) {
            modifications.addItem(basicAttribute);
        }
    }

    private void _addModificationItem(String str, String str2, Modifications modifications) {
        if (Validator.isNotNull(str)) {
            modifications.addItem(str, str2);
        }
    }

    private Object _getAttributeValue(Object obj, String str) throws PortalException {
        boolean z = false;
        if (str.equals("prefix")) {
            str = "prefixId";
            z = true;
        } else if (str.equals("suffix")) {
            str = "suffixId";
            z = true;
        }
        Object objectSilent = this._beanProperties.getObjectSilent(obj, str);
        if (objectSilent != null && z) {
            objectSilent = this._listTypeService.getListType(((Long) objectSilent).longValue()).getName();
        }
        return objectSilent;
    }

    private String _getEncryptedPasswordForLDAP(User user, Properties properties) {
        String passwordUnencrypted = PasswordModificationThreadLocal.getPasswordUnencrypted();
        if (Validator.isNull(passwordUnencrypted)) {
            return passwordUnencrypted;
        }
        String passwordEncryptionAlgorithm = ((LDAPAuthConfiguration) this._ldapAuthConfigurationProvider.getConfiguration(user.getCompanyId())).passwordEncryptionAlgorithm();
        if (Validator.isNotNull(passwordEncryptionAlgorithm) && !passwordEncryptionAlgorithm.equals("NONE")) {
            try {
                passwordUnencrypted = this._passwordEncryptor.encrypt(passwordEncryptionAlgorithm, passwordUnencrypted, (String) null);
            } catch (PwdEncryptorException e) {
                throw new SystemException(e);
            }
        }
        if (!properties.getProperty("password").equals("unicodePwd")) {
            return passwordUnencrypted;
        }
        try {
            return new String(StringBundler.concat(new String[]{"\"", passwordUnencrypted, "\""}).getBytes("UTF-16LE"));
        } catch (UnsupportedEncodingException e2) {
            throw new SystemException(e2);
        }
    }

    private Modifications _getModifications(Object obj, Properties properties, Map<String, String> map) {
        Modifications modifications = Modifications.getInstance();
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            if (!map.containsKey(str)) {
                String str2 = (String) entry.getValue();
                try {
                    Object _getAttributeValue = _getAttributeValue(obj, str);
                    if (_getAttributeValue != null) {
                        _addModificationItem(str2, _getAttributeValue.toString(), modifications);
                    }
                } catch (Exception e) {
                    if (_log.isWarnEnabled()) {
                        _log.warn(StringBundler.concat(new Object[]{"Unable to map field ", str, " to class ", obj.getClass()}), e);
                    }
                }
            }
        }
        return modifications;
    }

    private byte[] _getUserPortrait(User user) {
        byte[] bArr = null;
        if (user.getPortraitId() == 0) {
            return null;
        }
        try {
            Image image = this._imageLocalService.getImage(user.getPortraitId());
            if (image != null) {
                bArr = image.getTextObj();
            }
        } catch (Exception e) {
            if (_log.isWarnEnabled()) {
                _log.warn("Unable to get the portrait for user " + user.getUserId(), e);
            }
        }
        return bArr;
    }

    private void _populateCustomAttributeModifications(Object obj, ExpandoBridge expandoBridge, Map<String, Serializable> map, Properties properties, Modifications modifications) {
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry entry : properties.entrySet()) {
            String str = (String) entry.getKey();
            Serializable serializable = map.get(str);
            if (serializable != null) {
                try {
                    _addModificationItem((String) entry.getValue(), ExpandoConverterUtil.getStringFromAttribute(expandoBridge.getAttributeType(str), serializable), modifications);
                } catch (Exception e) {
                    if (_log.isWarnEnabled()) {
                        _log.warn(StringBundler.concat(new Object[]{"Unable to map field ", str, " to class ", obj.getClass()}), e);
                    }
                }
            }
        }
    }
}
