package com.liferay.portal.security.ldap;

import com.liferay.portal.NoSuchRoleException;
import com.liferay.portal.NoSuchUserGroupException;
import com.liferay.portal.kernel.bean.BeanPropertiesUtil;
import com.liferay.portal.kernel.cache.PortalCache;
import com.liferay.portal.kernel.cache.SingleVMPoolUtil;
import com.liferay.portal.kernel.dao.shard.ShardUtil;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.ldap.LDAPUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.pacl.DoPrivileged;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.CalendarFactoryUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.LocaleUtil;
import com.liferay.portal.kernel.util.SetUtil;
import com.liferay.portal.kernel.util.StringBundler;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.Company;
import com.liferay.portal.model.Contact;
import com.liferay.portal.model.Group;
import com.liferay.portal.model.Role;
import com.liferay.portal.model.User;
import com.liferay.portal.model.UserGroup;
import com.liferay.portal.service.CompanyLocalServiceUtil;
import com.liferay.portal.service.GroupLocalServiceUtil;
import com.liferay.portal.service.LockLocalServiceUtil;
import com.liferay.portal.service.RoleLocalServiceUtil;
import com.liferay.portal.service.ServiceContext;
import com.liferay.portal.service.UserGroupLocalServiceUtil;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.util.PrefsPropsUtil;
import com.liferay.portal.util.PropsValues;
import com.liferay.portlet.expando.model.ExpandoBridge;
import com.liferay.portlet.expando.service.ExpandoValueLocalServiceUtil;
import com.liferay.portlet.expando.util.ExpandoConverterUtil;
import com.liferay.portlet.usersadmin.search.UserDisplayTerms;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.naming.Binding;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;

@DoPrivileged
/* loaded from: input_file:WEB-INF/lib/portal-impl.jar:com/liferay/portal/security/ldap/PortalLDAPImporterImpl.class */
public class PortalLDAPImporterImpl implements PortalLDAPImporter {
    private static final String _IMPORT_BY_GROUP = "group";
    private static final String _IMPORT_BY_USER = "user";
    private static final String _USER_PASSWORD_SCREEN_NAME = "screenName";
    private LDAPToPortalConverter _ldapToPortalConverter;
    private Set<String> _ldapUserIgnoreAttributes = SetUtil.fromArray(PropsValues.LDAP_USER_IGNORE_ATTRIBUTES);
    private PortalCache<String, Long> _portalCache = SingleVMPoolUtil.getCache(PortalLDAPImporter.class.getName(), false);
    private static final String[] _CONTACT_PROPERTY_NAMES = {"aimSn", "employeeNumber", "facebookSn", "icqSn", "jabberSn", "male", "msnSn", "mySpaceSn", "prefixId", "skypeSn", "smsSn", "suffixId", "twitterSn", "ymSn"};
    private static final String[] _USER_PROPERTY_NAMES = {"comments", "emailAddress", "firstName", "greeting", "jobTitle", "languageId", "lastName", UserDisplayTerms.MIDDLE_NAME, "openId", "portraitId", "timeZoneId"};
    private static Log _log = LogFactoryUtil.getLog(PortalLDAPImporterImpl.class);

    public void importFromLDAP() throws Exception {
        Iterator it2 = CompanyLocalServiceUtil.getCompanies(false).iterator();
        while (it2.hasNext()) {
            importFromLDAP(((Company) it2.next()).getCompanyId());
        }
    }

    public void importFromLDAP(long j) throws Exception {
        if (LDAPSettingsUtil.isImportEnabled(j)) {
            try {
                ShardUtil.pushCompanyService(j);
                long defaultUserId = UserLocalServiceUtil.getDefaultUserId(j);
                if (LockLocalServiceUtil.hasLock(defaultUserId, PortalLDAPImporterUtil.class.getName(), j)) {
                    if (_log.isDebugEnabled()) {
                        _log.debug("Skipping LDAP import for company " + j + " because another LDAP import is in process");
                    }
                    LockLocalServiceUtil.unlock(PortalLDAPImporterUtil.class.getName(), j);
                    ShardUtil.popCompanyService();
                    return;
                }
                LockLocalServiceUtil.lock(defaultUserId, PortalLDAPImporterUtil.class.getName(), j, PortalLDAPImporterImpl.class.getName(), false, PropsValues.LDAP_IMPORT_LOCK_EXPIRATION_TIME);
                for (long j2 : StringUtil.split(PrefsPropsUtil.getString(j, "ldap.server.ids"), 0L)) {
                    importFromLDAP(j2, j);
                }
                for (int i = 0; !Validator.isNull(PrefsPropsUtil.getString(j, "ldap.base.provider.url" + LDAPSettingsUtil.getPropertyPostfix(i))); i++) {
                    importFromLDAP(i, j);
                }
            } finally {
                LockLocalServiceUtil.unlock(PortalLDAPImporterUtil.class.getName(), j);
                ShardUtil.popCompanyService();
            }
        }
    }

    public void importFromLDAP(long j, long j2) throws Exception {
        if (LDAPSettingsUtil.isImportEnabled(j2)) {
            LdapContext context = PortalLDAPUtil.getContext(j, j2);
            try {
                if (context == null) {
                    return;
                }
                try {
                    Properties userMappings = LDAPSettingsUtil.getUserMappings(j, j2);
                    Properties userExpandoMappings = LDAPSettingsUtil.getUserExpandoMappings(j, j2);
                    Properties contactMappings = LDAPSettingsUtil.getContactMappings(j, j2);
                    Properties contactExpandoMappings = LDAPSettingsUtil.getContactExpandoMappings(j, j2);
                    Properties groupMappings = LDAPSettingsUtil.getGroupMappings(j, j2);
                    String string = PrefsPropsUtil.getString(j2, "ldap.import.method");
                    if (string.equals("group")) {
                        importFromLDAPByGroup(j, j2, context, userMappings, userExpandoMappings, contactMappings, contactExpandoMappings, groupMappings);
                    } else if (string.equals("user")) {
                        importFromLDAPByUser(j, j2, context, userMappings, userExpandoMappings, contactMappings, contactExpandoMappings, groupMappings);
                    }
                    if (context != null) {
                        context.close();
                    }
                } catch (Exception e) {
                    _log.error("Error importing LDAP users and groups", e);
                    if (context != null) {
                        context.close();
                    }
                }
            } catch (Throwable th) {
                if (context != null) {
                    context.close();
                }
                throw th;
            }
        }
    }

    public User importLDAPUser(long j, long j2, LdapContext ldapContext, Attributes attributes, String str) throws Exception {
        Properties userMappings = LDAPSettingsUtil.getUserMappings(j, j2);
        User importUser = importUser(j, j2, attributes, userMappings, LDAPSettingsUtil.getUserExpandoMappings(j, j2), LDAPSettingsUtil.getContactMappings(j, j2), LDAPSettingsUtil.getContactExpandoMappings(j, j2), str);
        importGroups(j, j2, ldapContext, attributes, importUser, userMappings, LDAPSettingsUtil.getGroupMappings(j, j2));
        return importUser;
    }

    public User importLDAPUser(long j, long j2, String str, String str2) throws Exception {
        LdapContext ldapContext = null;
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                String propertyPostfix = LDAPSettingsUtil.getPropertyPostfix(j);
                String string = PrefsPropsUtil.getString(j2, "ldap.base.dn" + propertyPostfix);
                LdapContext context = PortalLDAPUtil.getContext(j, j2);
                if (context == null) {
                    _log.error("Unable to bind to the LDAP server");
                    if (0 != 0) {
                        namingEnumeration.close();
                    }
                    if (context == null) {
                        return null;
                    }
                    context.close();
                    return null;
                }
                String string2 = PrefsPropsUtil.getString(j2, "ldap.auth.search.filter" + propertyPostfix);
                if (_log.isDebugEnabled()) {
                    _log.debug("Search filter before transformation " + string2);
                }
                String replace = StringUtil.replace(string2, new String[]{"@company_id@", "@email_address@", "@screen_name@"}, new String[]{String.valueOf(j2), str, str2});
                LDAPUtil.validateFilter(replace);
                if (_log.isDebugEnabled()) {
                    _log.debug("Search filter after transformation " + replace);
                }
                NamingEnumeration search = context.search(string, replace, new SearchControls(2, 1L, 0, new String[]{StringUtil.toLowerCase(GetterUtil.getString(LDAPSettingsUtil.getUserMappings(j, j2).getProperty("screenName")))}, false, false));
                if (!search.hasMoreElements()) {
                    if (search != null) {
                        search.close();
                    }
                    if (context == null) {
                        return null;
                    }
                    context.close();
                    return null;
                }
                if (_log.isDebugEnabled()) {
                    _log.debug("Search filter returned at least one result");
                }
                User importLDAPUser = importLDAPUser(j, j2, context, PortalLDAPUtil.getUserAttributes(j, j2, context, PortalLDAPUtil.getNameInNamespace(j, j2, (Binding) search.nextElement())), "");
                if (search != null) {
                    search.close();
                }
                if (context != null) {
                    context.close();
                }
                return importLDAPUser;
            } catch (Exception e) {
                if (_log.isWarnEnabled()) {
                    _log.warn("Problem accessing LDAP server " + e.getMessage());
                }
                if (_log.isDebugEnabled()) {
                    _log.debug(e, e);
                }
                throw new SystemException("Problem accessing LDAP server " + e.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                namingEnumeration.close();
            }
            if (0 != 0) {
                ldapContext.close();
            }
            throw th;
        }
    }

    public User importLDAPUser(long j, String str, String str2) throws Exception {
        for (long j2 : StringUtil.split(PrefsPropsUtil.getString(j, "ldap.server.ids"), 0L)) {
            User importLDAPUser = importLDAPUser(j2, j, str, str2);
            if (importLDAPUser != null) {
                return importLDAPUser;
            }
        }
        for (int i = 0; !Validator.isNull(PrefsPropsUtil.getString(j, "ldap.base.provider.url" + LDAPSettingsUtil.getPropertyPostfix(i))); i++) {
            User importLDAPUser2 = importLDAPUser(i, j, str, str2);
            if (importLDAPUser2 != null) {
                return importLDAPUser2;
            }
        }
        if (!_log.isDebugEnabled()) {
            return null;
        }
        if (Validator.isNotNull(str)) {
            _log.debug("User with the email address " + str + " was not found in any LDAP servers");
            return null;
        }
        _log.debug("User with the screen name " + str2 + " was not found in any LDAP servers");
        return null;
    }

    public User importLDAPUserByScreenName(long j, String str) throws Exception {
        long ldapServerId = PortalLDAPUtil.getLdapServerId(j, str, "");
        SearchResult user = PortalLDAPUtil.getUser(ldapServerId, j, str, "");
        if (user == null) {
            if (!_log.isWarnEnabled()) {
                return null;
            }
            _log.warn("No user was found in LDAP with screenName " + str);
            return null;
        }
        LdapContext context = PortalLDAPUtil.getContext(ldapServerId, j);
        User importLDAPUser = importLDAPUser(ldapServerId, j, context, PortalLDAPUtil.getUserAttributes(ldapServerId, j, context, PortalLDAPUtil.getNameInNamespace(ldapServerId, j, user)), "");
        context.close();
        return importLDAPUser;
    }

    public void setLDAPToPortalConverter(LDAPToPortalConverter lDAPToPortalConverter) {
        this._ldapToPortalConverter = lDAPToPortalConverter;
    }

    protected void addRole(long j, LDAPGroup lDAPGroup, UserGroup userGroup) throws Exception {
        Role addRole;
        if (PropsValues.LDAP_IMPORT_CREATE_ROLE_PER_GROUP) {
            try {
                addRole = RoleLocalServiceUtil.getRole(j, lDAPGroup.getGroupName());
            } catch (NoSuchRoleException unused) {
                User defaultUser = UserLocalServiceUtil.getDefaultUser(j);
                HashMap hashMap = new HashMap();
                hashMap.put(LocaleUtil.getDefault(), "Autogenerated role from LDAP import");
                addRole = RoleLocalServiceUtil.addRole(defaultUser.getUserId(), (String) null, 0L, lDAPGroup.getGroupName(), (Map) null, hashMap, 1, (String) null, (ServiceContext) null);
            }
            Group group = userGroup.getGroup();
            if (GroupLocalServiceUtil.hasRoleGroup(addRole.getRoleId(), group.getGroupId())) {
                return;
            }
            GroupLocalServiceUtil.addRoleGroups(addRole.getRoleId(), new long[]{group.getGroupId()});
        }
    }

    protected User addUser(long j, LDAPUser lDAPUser, String str) throws Exception {
        if (_log.isDebugEnabled()) {
            _log.debug("Adding user " + lDAPUser.getEmailAddress());
        }
        boolean isAutoPassword = lDAPUser.isAutoPassword();
        if (!PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) {
            isAutoPassword = PropsValues.LDAP_IMPORT_USER_PASSWORD_AUTOGENERATED && !PropsValues.AUTH_PIPELINE_ENABLE_LIFERAY_CHECK;
            if (!isAutoPassword) {
                String str2 = PropsValues.LDAP_IMPORT_USER_PASSWORD_DEFAULT;
                if (StringUtil.equalsIgnoreCase(str2, "screenName")) {
                    str2 = lDAPUser.getScreenName();
                }
                str = str2;
            }
        }
        Calendar calendar = CalendarFactoryUtil.getCalendar();
        calendar.setTime(lDAPUser.getBirthday());
        User addUser = UserLocalServiceUtil.addUser(lDAPUser.getCreatorUserId(), j, isAutoPassword, str, str, lDAPUser.isAutoScreenName(), lDAPUser.getScreenName(), lDAPUser.getEmailAddress(), 0L, "", lDAPUser.getLocale(), lDAPUser.getFirstName(), lDAPUser.getMiddleName(), lDAPUser.getLastName(), 0, 0, lDAPUser.isMale(), calendar.get(2), calendar.get(5), calendar.get(1), "", lDAPUser.getGroupIds(), lDAPUser.getOrganizationIds(), lDAPUser.getRoleIds(), lDAPUser.getUserGroupIds(), lDAPUser.isSendEmail(), lDAPUser.getServiceContext());
        if (lDAPUser.isUpdatePortrait()) {
            byte[] portraitBytes = lDAPUser.getPortraitBytes();
            if (ArrayUtil.isNotEmpty(portraitBytes)) {
                addUser = UserLocalServiceUtil.updatePortrait(addUser.getUserId(), portraitBytes);
            }
        }
        return addUser;
    }

    protected void addUserGroupsNotAddedByLDAPImport(long j, Set<Long> set) throws Exception {
        for (UserGroup userGroup : UserGroupLocalServiceUtil.getUserUserGroups(j)) {
            if (!userGroup.isAddedByLDAPImport()) {
                set.add(Long.valueOf(userGroup.getUserGroupId()));
            }
        }
    }

    protected String escapeValue(String str) {
        return StringUtil.replace(str, "\\,", "\\\\,");
    }

    protected User getUser(long j, LDAPUser lDAPUser) throws Exception {
        return (!PrefsPropsUtil.getString(j, "company.security.auth.type", PropsValues.COMPANY_SECURITY_AUTH_TYPE).equals("screenName") || lDAPUser.isAutoScreenName()) ? UserLocalServiceUtil.fetchUserByEmailAddress(j, lDAPUser.getEmailAddress()) : UserLocalServiceUtil.fetchUserByScreenName(j, lDAPUser.getScreenName());
    }

    protected Attribute getUsers(long j, long j2, LdapContext ldapContext, Attributes attributes, UserGroup userGroup, Properties properties) throws Exception {
        Attribute attribute = attributes.get(properties.getProperty("user"));
        if (attribute == null) {
            return null;
        }
        String propertyPostfix = LDAPSettingsUtil.getPropertyPostfix(j);
        String string = PrefsPropsUtil.getString(j2, "ldap.base.dn" + propertyPostfix);
        StringBundler stringBundler = new StringBundler(7);
        stringBundler.append("(&");
        stringBundler.append(PrefsPropsUtil.getString(j2, "ldap.import.group.search.filter" + propertyPostfix));
        stringBundler.append("(");
        stringBundler.append(properties.getProperty("groupName"));
        stringBundler.append("=");
        stringBundler.append(escapeValue(userGroup.getName()));
        stringBundler.append("))");
        return PortalLDAPUtil.getMultivaluedAttribute(j2, ldapContext, string, stringBundler.toString(), attribute);
    }

    protected void importFromLDAPByGroup(long j, long j2, LdapContext ldapContext, Properties properties, Properties properties2, Properties properties3, Properties properties4, Properties properties5) throws Exception {
        byte[] bArr = new byte[0];
        while (bArr != null) {
            ArrayList<SearchResult> arrayList = new ArrayList();
            bArr = PortalLDAPUtil.getGroups(j, j2, ldapContext, bArr, 0, new String[]{StringUtil.toLowerCase(GetterUtil.getString(properties5.getProperty("groupName")))}, arrayList);
            for (SearchResult searchResult : arrayList) {
                try {
                    Attributes groupAttributes = PortalLDAPUtil.getGroupAttributes(j, j2, ldapContext, PortalLDAPUtil.getNameInNamespace(j, j2, searchResult), true);
                    UserGroup importUserGroup = importUserGroup(j2, groupAttributes, properties5);
                    Attribute users = getUsers(j, j2, ldapContext, groupAttributes, importUserGroup, properties5);
                    if (users != null) {
                        importUsers(j, j2, ldapContext, properties, properties2, properties3, properties4, importUserGroup.getUserGroupId(), users);
                    } else if (_log.isInfoEnabled()) {
                        _log.info("No users found in " + importUserGroup.getName());
                    }
                } catch (Exception e) {
                    _log.error("Unable to import group " + searchResult, e);
                }
            }
        }
    }

    protected void importFromLDAPByUser(long j, long j2, LdapContext ldapContext, Properties properties, Properties properties2, Properties properties3, Properties properties4, Properties properties5) throws Exception {
        byte[] bArr = new byte[0];
        while (bArr != null) {
            ArrayList<SearchResult> arrayList = new ArrayList();
            bArr = PortalLDAPUtil.getUsers(j, j2, ldapContext, bArr, 0, new String[]{StringUtil.toLowerCase(GetterUtil.getString(properties.getProperty("screenName")))}, arrayList);
            for (SearchResult searchResult : arrayList) {
                try {
                    Attributes userAttributes = PortalLDAPUtil.getUserAttributes(j, j2, ldapContext, PortalLDAPUtil.getNameInNamespace(j, j2, searchResult));
                    importGroups(j, j2, ldapContext, userAttributes, importUser(j, j2, userAttributes, properties, properties2, properties3, properties4, ""), properties, properties5);
                } catch (Exception e) {
                    _log.error("Unable to import user " + searchResult, e);
                }
            }
        }
    }

    protected Set<Long> importGroup(long j, long j2, LdapContext ldapContext, String str, User user, Properties properties, Set<Long> set) throws Exception {
        String str2 = null;
        Long l = null;
        if (PropsValues.LDAP_IMPORT_GROUP_CACHE_ENABLED) {
            StringBundler stringBundler = new StringBundler(5);
            stringBundler.append(j);
            stringBundler.append("_");
            stringBundler.append(j2);
            stringBundler.append("_");
            stringBundler.append(str);
            str2 = stringBundler.toString();
            l = (Long) this._portalCache.get(str2);
        }
        if (l == null) {
            if (_log.isDebugEnabled()) {
                _log.debug("Importing full group DN " + str);
            }
            Attributes attributes = null;
            try {
                attributes = PortalLDAPUtil.getGroupAttributes(j, j2, ldapContext, str);
            } catch (NameNotFoundException e) {
                _log.error("LDAP group not found with full group DN " + str, e);
            }
            UserGroup importUserGroup = importUserGroup(j2, attributes, properties);
            if (importUserGroup == null) {
                return set;
            }
            l = Long.valueOf(importUserGroup.getUserGroupId());
            if (PropsValues.LDAP_IMPORT_GROUP_CACHE_ENABLED) {
                this._portalCache.put(str2, l);
            }
        } else if (_log.isDebugEnabled()) {
            _log.debug("Skipping reimport of full group DN " + str);
        }
        if (_log.isDebugEnabled()) {
            _log.debug("Adding " + user.getUserId() + " to group " + l);
        }
        set.add(l);
        return set;
    }

    protected void importGroups(long j, long j2, LdapContext ldapContext, Attributes attributes, User user, Properties properties, Properties properties2) throws Exception {
        Attribute attribute;
        Set<Long> linkedHashSet = new LinkedHashSet();
        if (PrefsPropsUtil.getBoolean(j2, "ldap.import.group.search.filter.enabled")) {
            String propertyPostfix = LDAPSettingsUtil.getPropertyPostfix(j);
            String string = PrefsPropsUtil.getString(j2, "ldap.base.dn" + propertyPostfix);
            String nameInNamespace = PortalLDAPUtil.getNameInNamespace(j, j2, PortalLDAPUtil.getUser(j, j2, user.getScreenName(), user.getEmailAddress()));
            StringBundler stringBundler = new StringBundler(9);
            stringBundler.append("(");
            stringBundler.append("&");
            stringBundler.append(PrefsPropsUtil.getString(j2, "ldap.import.group.search.filter" + propertyPostfix));
            stringBundler.append("(");
            stringBundler.append(properties2.getProperty("user"));
            stringBundler.append("=");
            stringBundler.append(escapeValue(nameInNamespace));
            stringBundler.append(")");
            stringBundler.append(")");
            byte[] bArr = new byte[0];
            while (bArr != null) {
                ArrayList arrayList = new ArrayList();
                bArr = PortalLDAPUtil.searchLDAP(j2, ldapContext, bArr, 0, string, stringBundler.toString(), new String[]{StringUtil.toLowerCase(GetterUtil.getString(properties2.getProperty("groupName")))}, arrayList);
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    linkedHashSet = importGroup(j, j2, ldapContext, PortalLDAPUtil.getNameInNamespace(j, j2, (SearchResult) it2.next()), user, properties2, linkedHashSet);
                }
            }
        } else {
            String property = properties.getProperty("group");
            if (Validator.isNull(property) || (attribute = attributes.get(property)) == null) {
                return;
            }
            for (int i = 0; i < attribute.size(); i++) {
                linkedHashSet = importGroup(j, j2, ldapContext, (String) attribute.get(i), user, properties2, linkedHashSet);
            }
        }
        addUserGroupsNotAddedByLDAPImport(user.getUserId(), linkedHashSet);
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        Iterator it3 = UserGroupLocalServiceUtil.getUserUserGroups(user.getUserId()).iterator();
        while (it3.hasNext()) {
            linkedHashSet2.add(Long.valueOf(((UserGroup) it3.next()).getUserGroupId()));
        }
        if (linkedHashSet2.equals(linkedHashSet)) {
            return;
        }
        UserGroupLocalServiceUtil.setUserUserGroups(user.getUserId(), ArrayUtil.toLongArray(linkedHashSet));
    }

    protected User importUser(long j, long j2, Attributes attributes, Properties properties, Properties properties2, Properties properties3, Properties properties4, String str) throws Exception {
        LDAPUserTransactionThreadLocal.setOriginatesFromLDAP(true);
        try {
            Attributes transformUser = AttributesTransformerFactory.getInstance().transformUser(attributes);
            LDAPUser importLDAPUser = this._ldapToPortalConverter.importLDAPUser(j2, transformUser, properties, properties2, properties3, properties4, str);
            User user = getUser(j2, importLDAPUser);
            if (user != null && user.isDefaultUser()) {
                LDAPUserTransactionThreadLocal.setOriginatesFromLDAP(false);
                return user;
            }
            importLDAPUser.getServiceContext().setAttribute("ldapServerId", Long.valueOf(j));
            boolean z = false;
            if (user == null) {
                user = addUser(j2, importLDAPUser, str);
                z = true;
            }
            User updateUser = updateUser(j2, importLDAPUser, user, properties, properties3, str, LDAPUtil.getAttributeString(transformUser, "modifyTimestamp"), z);
            updateExpandoAttributes(updateUser, importLDAPUser, properties2, properties4);
            LDAPUserTransactionThreadLocal.setOriginatesFromLDAP(false);
            return updateUser;
        } catch (Throwable th) {
            LDAPUserTransactionThreadLocal.setOriginatesFromLDAP(false);
            throw th;
        }
    }

    protected UserGroup importUserGroup(long j, Attributes attributes, Properties properties) throws Exception {
        LDAPGroup importLDAPGroup = this._ldapToPortalConverter.importLDAPGroup(j, AttributesTransformerFactory.getInstance().transformGroup(attributes), properties);
        UserGroup userGroup = null;
        try {
            userGroup = UserGroupLocalServiceUtil.getUserGroup(j, importLDAPGroup.getGroupName());
            if (!Validator.equals(userGroup.getDescription(), importLDAPGroup.getDescription())) {
                UserGroupLocalServiceUtil.updateUserGroup(j, userGroup.getUserGroupId(), importLDAPGroup.getGroupName(), importLDAPGroup.getDescription(), (ServiceContext) null);
            }
        } catch (NoSuchUserGroupException unused) {
            if (_log.isDebugEnabled()) {
                _log.debug("Adding user group to portal " + importLDAPGroup.getGroupName());
            }
            long defaultUserId = UserLocalServiceUtil.getDefaultUserId(j);
            LDAPUserGroupTransactionThreadLocal.setOriginatesFromLDAP(true);
            try {
                try {
                    userGroup = UserGroupLocalServiceUtil.addUserGroup(defaultUserId, j, importLDAPGroup.getGroupName(), importLDAPGroup.getDescription(), (ServiceContext) null);
                } catch (Exception e) {
                    if (_log.isWarnEnabled()) {
                        _log.warn("Unable to create user group " + importLDAPGroup.getGroupName());
                    }
                    if (_log.isDebugEnabled()) {
                        _log.debug(e, e);
                    }
                    LDAPUserGroupTransactionThreadLocal.setOriginatesFromLDAP(false);
                }
            } finally {
                LDAPUserGroupTransactionThreadLocal.setOriginatesFromLDAP(false);
            }
        }
        addRole(j, importLDAPGroup, userGroup);
        return userGroup;
    }

    protected void importUsers(long j, long j2, LdapContext ldapContext, Properties properties, Properties properties2, Properties properties3, Properties properties4, long j3, Attribute attribute) throws Exception {
        LinkedHashSet linkedHashSet = new LinkedHashSet(attribute.size());
        for (int i = 0; i < attribute.size(); i++) {
            String str = (String) attribute.get(i);
            try {
                Attributes userAttributes = PortalLDAPUtil.getUserAttributes(j, j2, ldapContext, str);
                try {
                    User importUser = importUser(j, j2, userAttributes, properties, properties2, properties3, properties4, "");
                    if (importUser != null) {
                        if (_log.isDebugEnabled()) {
                            _log.debug("Adding " + importUser.getUserId() + " to group " + j3);
                        }
                        UserLocalServiceUtil.addUserGroupUsers(j3, new long[]{importUser.getUserId()});
                        linkedHashSet.add(Long.valueOf(importUser.getUserId()));
                    }
                } catch (Exception e) {
                    _log.error("Unable to load user " + userAttributes, e);
                }
            } catch (NameNotFoundException e2) {
                _log.error("LDAP user not found with fullUserDN " + str, e2);
            }
        }
        for (User user : UserLocalServiceUtil.getUserGroupUsers(j3)) {
            if (!linkedHashSet.contains(Long.valueOf(user.getUserId()))) {
                UserLocalServiceUtil.deleteUserGroupUser(j3, user.getUserId());
            }
        }
    }

    protected void populateExpandoAttributes(ExpandoBridge expandoBridge, Map<String, String[]> map, Properties properties) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            String key = entry.getKey();
            if (expandoBridge.hasAttribute(key) && properties.containsKey(key) && !this._ldapUserIgnoreAttributes.contains(key)) {
                hashMap.put(key, ExpandoConverterUtil.getAttributeFromStringArray(expandoBridge.getAttributeType(key), entry.getValue()));
            }
        }
        if (hashMap.isEmpty()) {
            return;
        }
        try {
            ExpandoValueLocalServiceUtil.addValues(expandoBridge.getCompanyId(), expandoBridge.getClassName(), "CUSTOM_FIELDS", expandoBridge.getClassPK(), hashMap);
        } catch (Exception e) {
            if (_log.isWarnEnabled()) {
                _log.warn("Unable to populate expando attributes");
            }
            if (_log.isDebugEnabled()) {
                _log.debug(e, e);
            }
        }
    }

    protected void setProperty(Object obj, Object obj2, String str) {
        BeanPropertiesUtil.setProperty(obj, str, BeanPropertiesUtil.getObject(obj2, str));
    }

    protected void updateExpandoAttributes(User user, LDAPUser lDAPUser, Properties properties, Properties properties2) throws Exception {
        populateExpandoAttributes(user.getExpandoBridge(), lDAPUser.getUserExpandoAttributes(), properties);
        populateExpandoAttributes(user.getContact().getExpandoBridge(), lDAPUser.getContactExpandoAttributes(), properties2);
    }

    protected void updateLDAPUser(User user, Contact contact, User user2, Properties properties, Properties properties2) throws PortalException, SystemException {
        Contact contact2 = user2.getContact();
        for (String str : _CONTACT_PROPERTY_NAMES) {
            if (!properties2.containsKey(str) || this._ldapUserIgnoreAttributes.contains(str)) {
                setProperty(contact, contact2, str);
            }
        }
        for (String str2 : _USER_PROPERTY_NAMES) {
            if (!properties.containsKey(str2) || this._ldapUserIgnoreAttributes.contains(str2)) {
                setProperty(user, user2, str2);
            }
        }
    }

    protected User updateUser(long j, LDAPUser lDAPUser, User user, Properties properties, Properties properties2, String str, String str2, boolean z) throws Exception {
        Date date = null;
        boolean isPasswordReset = lDAPUser.isPasswordReset();
        if (PrefsPropsUtil.getBoolean(j, "ldap.export.enabled", PropsValues.LDAP_EXPORT_ENABLED)) {
            isPasswordReset = user.isPasswordReset();
        }
        try {
            if (Validator.isNotNull(str2)) {
                date = LDAPUtil.parseDate(str2);
                if (date.equals(user.getModifiedDate())) {
                    if (lDAPUser.isAutoPassword()) {
                        if (_log.isDebugEnabled()) {
                            _log.debug("Skipping user " + user.getEmailAddress() + " because he is already synchronized");
                        }
                        return user;
                    }
                    UserLocalServiceUtil.updatePassword(user.getUserId(), str, str, isPasswordReset, true);
                    if (_log.isDebugEnabled()) {
                        _log.debug("User " + user.getEmailAddress() + " is already synchronized, but updated password to avoid a blank value");
                    }
                    return user;
                }
            } else if (!z) {
                if (_log.isInfoEnabled()) {
                    _log.info("Skipping user " + user.getEmailAddress() + " because the LDAP entry was never modified");
                }
                return user;
            }
        } catch (ParseException e) {
            if (_log.isDebugEnabled()) {
                _log.debug("Unable to parse LDAP modify timestamp " + str2, e);
            }
        }
        if (!PropsValues.LDAP_IMPORT_USER_PASSWORD_ENABLED) {
            str = PropsValues.LDAP_IMPORT_USER_PASSWORD_DEFAULT;
            if (StringUtil.equalsIgnoreCase(str, "screenName")) {
                str = lDAPUser.getScreenName();
            }
        }
        if (Validator.isNull(lDAPUser.getScreenName()) || lDAPUser.isAutoScreenName()) {
            lDAPUser.setScreenName(user.getScreenName());
        }
        Calendar calendar = CalendarFactoryUtil.getCalendar();
        Contact contact = lDAPUser.getContact();
        calendar.setTime(contact.getBirthday());
        int i = calendar.get(2);
        int i2 = calendar.get(5);
        int i3 = calendar.get(1);
        if (lDAPUser.isUpdatePassword()) {
            UserLocalServiceUtil.updatePassword(user.getUserId(), str, str, isPasswordReset, true);
        }
        updateLDAPUser(lDAPUser.getUser(), contact, user, properties, properties2);
        User updateUser = UserLocalServiceUtil.updateUser(user.getUserId(), str, "", "", isPasswordReset, lDAPUser.getReminderQueryQuestion(), lDAPUser.getReminderQueryAnswer(), lDAPUser.getScreenName(), lDAPUser.getEmailAddress(), lDAPUser.getFacebookId(), lDAPUser.getOpenId(), lDAPUser.getLanguageId(), lDAPUser.getTimeZoneId(), lDAPUser.getGreeting(), lDAPUser.getComments(), lDAPUser.getFirstName(), lDAPUser.getMiddleName(), lDAPUser.getLastName(), lDAPUser.getPrefixId(), lDAPUser.getSuffixId(), lDAPUser.isMale(), i, i2, i3, lDAPUser.getSmsSn(), lDAPUser.getAimSn(), lDAPUser.getFacebookSn(), lDAPUser.getIcqSn(), lDAPUser.getJabberSn(), lDAPUser.getMsnSn(), lDAPUser.getMySpaceSn(), lDAPUser.getSkypeSn(), lDAPUser.getTwitterSn(), lDAPUser.getYmSn(), lDAPUser.getJobTitle(), lDAPUser.getGroupIds(), lDAPUser.getOrganizationIds(), lDAPUser.getRoleIds(), lDAPUser.getUserGroupRoles(), lDAPUser.getUserGroupIds(), lDAPUser.getServiceContext());
        if (date != null) {
            updateUser = UserLocalServiceUtil.updateModifiedDate(updateUser.getUserId(), date);
        }
        if (lDAPUser.isUpdatePortrait()) {
            byte[] portraitBytes = lDAPUser.getPortraitBytes();
            if (ArrayUtil.isNotEmpty(portraitBytes)) {
                UserLocalServiceUtil.updatePortrait(updateUser.getUserId(), portraitBytes);
            } else {
                UserLocalServiceUtil.deletePortrait(updateUser.getUserId());
            }
        }
        return UserLocalServiceUtil.updateStatus(updateUser.getUserId(), lDAPUser.getStatus());
    }
}
