package org.apache.turbine.services.security.ldap;

import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.torque.util.Criteria;
import org.apache.turbine.om.security.Group;
import org.apache.turbine.om.security.Permission;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.TurbineGroup;
import org.apache.turbine.om.security.TurbinePermission;
import org.apache.turbine.om.security.TurbineRole;
import org.apache.turbine.om.security.User;
import org.apache.turbine.services.security.BaseSecurityService;
import org.apache.turbine.services.security.TurbineSecurity;
import org.apache.turbine.util.security.AccessControlList;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.GroupSet;
import org.apache.turbine.util.security.PermissionSet;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.security.UnknownEntityException;

/* loaded from: input_file:org/apache/turbine/services/security/ldap/LDAPSecurityService.class */
public class LDAPSecurityService extends BaseSecurityService {
    private static Log log;
    static Class class$org$apache$turbine$services$security$ldap$LDAPSecurityService;

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public AccessControlList getACL(User user) throws DataBackendException, UnknownEntityException {
        if (!TurbineSecurity.accountExists(user)) {
            throw new UnknownEntityException(new StringBuffer().append("The account '").append(user.getName()).append("' does not exist").toString());
        }
        try {
            try {
                Hashtable hashtable = new Hashtable();
                Hashtable hashtable2 = new Hashtable();
                lockShared();
                Iterator it = getAllGroups().iterator();
                while (it.hasNext()) {
                    Group group = (Group) it.next();
                    RoleSet roles = getRoles(user, group);
                    hashtable.put(group, roles);
                    PermissionSet permissionSet = new PermissionSet();
                    Iterator it2 = roles.iterator();
                    while (it2.hasNext()) {
                        permissionSet.add(getPermissions((Role) it2.next()));
                    }
                    hashtable2.put(group, permissionSet);
                }
                AccessControlList aclInstance = getAclInstance(hashtable, hashtable2);
                unlockShared();
                return aclInstance;
            } catch (Exception e) {
                throw new DataBackendException(new StringBuffer().append("Failed to build ACL for user '").append(user.getName()).append("'").toString(), e);
            }
        } catch (Throwable th) {
            unlockShared();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void grant(User user, Group group, Role role) throws DataBackendException, UnknownEntityException {
        try {
            try {
                lockExclusive();
                String name = user.getName();
                String name2 = role.getName();
                String name3 = group.getName();
                if (!accountExists(user)) {
                    throw new UnknownEntityException(new StringBuffer().append("User '").append(name).append("' does not exist").toString());
                }
                if (!checkExists(role)) {
                    throw new UnknownEntityException(new StringBuffer().append("Role '").append(name2).append("' does not exist").toString());
                }
                if (!checkExists(group)) {
                    throw new UnknownEntityException(new StringBuffer().append("Group '").append(name3).append("' does not exist").toString());
                }
                String stringBuffer = new StringBuffer().append("turbineGroupName=").append(name3).append(",").append(LDAPSecurityConstants.getNameAttribute()).append("=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString();
                DirContext bindAsAdmin = LDAPUserManager.bindAsAdmin();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute("turbineRoleName", name2));
                basicAttributes.put(new BasicAttribute("objectClass", "turbineUserGroup"));
                basicAttributes.put(new BasicAttribute(LDAPSecurityConstants.LDAP_USER_USERNAME_DEFAULT, name));
                try {
                    bindAsAdmin.bind(stringBuffer, (Object) null, basicAttributes);
                } catch (NameAlreadyBoundException e) {
                    BasicAttributes basicAttributes2 = new BasicAttributes();
                    basicAttributes2.put(new BasicAttribute("turbineRoleName", name2));
                    bindAsAdmin.modifyAttributes(stringBuffer, 1, basicAttributes2);
                }
            } catch (NamingException e2) {
                throw new DataBackendException("NamingException caught", e2);
            }
        } finally {
            unlockExclusive();
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void revoke(User user, Group group, Role role) throws DataBackendException, UnknownEntityException {
        try {
            try {
                lockExclusive();
                String name = user.getName();
                String name2 = role.getName();
                String name3 = group.getName();
                if (!accountExists(user)) {
                    throw new UnknownEntityException(new StringBuffer().append("User '").append(name).append("' does not exist").toString());
                }
                if (!checkExists(role)) {
                    throw new UnknownEntityException(new StringBuffer().append("Role '").append(name2).append("' does not exist").toString());
                }
                if (!checkExists(group)) {
                    throw new UnknownEntityException(new StringBuffer().append("Group '").append(name3).append("' does not exist").toString());
                }
                String stringBuffer = new StringBuffer().append("turbineGroupName=").append(name3).append(",").append(LDAPSecurityConstants.getNameAttribute()).append("=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute("turbineRoleName", name2));
                LDAPUserManager.bindAsAdmin().modifyAttributes(stringBuffer, 3, basicAttributes);
                unlockExclusive();
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void grant(Role role, Permission permission) throws DataBackendException, UnknownEntityException {
        try {
            try {
                lockExclusive();
                String name = role.getName();
                String name2 = permission.getName();
                if (!checkExists(role)) {
                    throw new UnknownEntityException(new StringBuffer().append("Role '").append(name).append("' does not exist").toString());
                }
                if (!checkExists(permission)) {
                    throw new UnknownEntityException(new StringBuffer().append("Permission '").append(name2).append("' does not exist").toString());
                }
                String stringBuffer = new StringBuffer().append("turbineRoleName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute("turbinePermissionName", name2));
                LDAPUserManager.bindAsAdmin().modifyAttributes(stringBuffer, 1, basicAttributes);
                unlockExclusive();
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void revoke(Role role, Permission permission) throws DataBackendException, UnknownEntityException {
        try {
            try {
                lockExclusive();
                String name = role.getName();
                String name2 = permission.getName();
                if (!checkExists(role)) {
                    throw new UnknownEntityException(new StringBuffer().append("Role '").append(name).append("' does not exist").toString());
                }
                if (!checkExists(permission)) {
                    throw new UnknownEntityException(new StringBuffer().append("Permission '").append(name2).append("' does not exist").toString());
                }
                String stringBuffer = new StringBuffer().append("turbineRoleName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute("turbinePermissionName", name2));
                LDAPUserManager.bindAsAdmin().modifyAttributes(stringBuffer, 3, basicAttributes);
                unlockExclusive();
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public Group getNewGroup(String str) {
        return new TurbineGroup(str);
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public Role getNewRole(String str) {
        return new TurbineRole(str);
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public Permission getNewPermission(String str) {
        return new TurbinePermission(str);
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public GroupSet getGroups(Criteria criteria) throws DataBackendException {
        Vector vector = new Vector();
        try {
            NamingEnumeration search = LDAPUserManager.bindAsAdmin().search(LDAPSecurityConstants.getBaseSearch(), "(objectclass=turbineGroup)", new SearchControls());
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get("turbineGroupName");
                if (attribute != null && attribute.get() != null) {
                    vector.add(getNewGroup(attribute.get().toString()));
                }
            }
            return new GroupSet(vector);
        } catch (NamingException e) {
            throw new DataBackendException("NamingException caught", e);
        }
    }

    private RoleSet getRoles(User user, Group group) throws DataBackendException {
        Vector vector = new Vector(0);
        try {
            DirContext bindAsAdmin = LDAPUserManager.bindAsAdmin();
            String baseSearch = LDAPSecurityConstants.getBaseSearch();
            String stringBuffer = new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append("(& ").append("(objectclass=turbineUserGroup)").toString()).append("(turbineUserUniqueId=").append(user.getName()).append(")").toString()).append("(turbineGroupName=").append(group.getName()).append(")").toString()).append(")").toString();
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = bindAsAdmin.search(baseSearch, stringBuffer, searchControls);
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get("turbineRoleName");
                if (attribute != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMore()) {
                        vector.add(getNewRole(all.next().toString()));
                    }
                } else {
                    log.error("Role doesn't have a name");
                }
            }
            return new RoleSet(vector);
        } catch (NamingException e) {
            throw new DataBackendException("NamingException caught:", e);
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public RoleSet getRoles(Criteria criteria) throws DataBackendException {
        Vector vector = new Vector(0);
        try {
            NamingEnumeration search = LDAPUserManager.bindAsAdmin().search(LDAPSecurityConstants.getBaseSearch(), "(objectclass=turbineRole)", new SearchControls());
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get("turbineRoleName");
                if (attribute == null || attribute.get() == null) {
                    log.error("Role doesn't have a name");
                } else {
                    vector.add(getNewRole(attribute.get().toString()));
                }
            }
            return new RoleSet(vector);
        } catch (NamingException e) {
            throw new DataBackendException("NamingException caught", e);
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public PermissionSet getPermissions(Criteria criteria) throws DataBackendException {
        Vector vector = new Vector();
        try {
            NamingEnumeration search = LDAPUserManager.bindAsAdmin().search(LDAPSecurityConstants.getBaseSearch(), "(objectClass=turbinePermission)", new SearchControls());
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get("turbinePermissionName");
                if (attribute == null || attribute.get() == null) {
                    log.error("Permission doesn't have a name");
                } else {
                    vector.add(getNewPermission(attribute.get().toString()));
                }
            }
            return new PermissionSet(vector);
        } catch (NamingException e) {
            throw new DataBackendException("The LDAP server specified is unavailable", e);
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public PermissionSet getPermissions(Role role) throws DataBackendException, UnknownEntityException {
        Hashtable hashtable = new Hashtable();
        try {
            NamingEnumeration search = LDAPUserManager.bindAsAdmin().search(LDAPSecurityConstants.getBaseSearch(), new StringBuffer().append(new StringBuffer().append(new StringBuffer().append("(& ").append("(objectClass=turbineRole)").toString()).append("(turbineRoleName=").append(role.getName()).append(")").toString()).append(")").toString(), new SearchControls());
            while (search.hasMore()) {
                Attribute attribute = ((SearchResult) search.next()).getAttributes().get("turbinePermissionName");
                if (attribute != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMore()) {
                        Permission newPermission = getNewPermission(all.next().toString());
                        hashtable.put(newPermission.getName(), newPermission);
                    }
                }
            }
            return new PermissionSet(hashtable.values());
        } catch (NamingException e) {
            throw new DataBackendException("The LDAP server specified is unavailable", e);
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public void saveGroup(Group group) throws DataBackendException, UnknownEntityException {
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public void saveRole(Role role) throws DataBackendException, UnknownEntityException {
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public void savePermission(Permission permission) throws DataBackendException, UnknownEntityException {
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized Group addGroup(Group group) throws DataBackendException, EntityExistsException {
        try {
            try {
                lockExclusive();
                String name = group.getName();
                if (checkExists(group)) {
                    throw new EntityExistsException(new StringBuffer().append("Group '").append(name).append("' already exists").toString());
                }
                String stringBuffer = new StringBuffer().append("turbineGroupName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute("objectClass", "turbineGroup"));
                basicAttributes.put(new BasicAttribute("turbineGroupName", name));
                LDAPUserManager.bindAsAdmin().bind(stringBuffer, (Object) null, basicAttributes);
                getAllGroups().add(group);
                unlockExclusive();
                return group;
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized Role addRole(Role role) throws DataBackendException, EntityExistsException {
        try {
            try {
                lockExclusive();
                String name = role.getName();
                if (checkExists(role)) {
                    throw new EntityExistsException(new StringBuffer().append("Role '").append(name).append("' already exists").toString());
                }
                String stringBuffer = new StringBuffer().append("turbineRoleName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute("objectClass", "turbineRole"));
                basicAttributes.put(new BasicAttribute("turbineRoleName", name));
                LDAPUserManager.bindAsAdmin().bind(stringBuffer, (Object) null, basicAttributes);
                getAllRoles().add(role);
                unlockExclusive();
                return role;
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized Permission addPermission(Permission permission) throws DataBackendException, EntityExistsException {
        try {
            try {
                lockExclusive();
                String name = permission.getName();
                if (checkExists(permission)) {
                    throw new EntityExistsException(new StringBuffer().append("Permission '").append(name).append("' already exists").toString());
                }
                String stringBuffer = new StringBuffer().append("turbinePermissionName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute("objectClass", "turbinePermission"));
                basicAttributes.put(new BasicAttribute("turbinePermissionName", name));
                LDAPUserManager.bindAsAdmin().bind(stringBuffer, (Object) null, basicAttributes);
                getAllPermissions().add(permission);
                unlockExclusive();
                return permission;
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void removeGroup(Group group) throws DataBackendException, UnknownEntityException {
        try {
            try {
                lockExclusive();
                String name = group.getName();
                if (!checkExists(group)) {
                    throw new UnknownEntityException(new StringBuffer().append("Group '").append(name).append("' does not exist").toString());
                }
                LDAPUserManager.bindAsAdmin().unbind(new StringBuffer().append("turbineGroupName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString());
                getAllGroups().remove(group);
                unlockExclusive();
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void removeRole(Role role) throws DataBackendException, UnknownEntityException {
        try {
            try {
                lockExclusive();
                String name = role.getName();
                if (!checkExists(role)) {
                    throw new UnknownEntityException(new StringBuffer().append("Role '").append(name).append("' does not exist").toString());
                }
                LDAPUserManager.bindAsAdmin().unbind(new StringBuffer().append("turbineRoleName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString());
                getAllRoles().remove(role);
                unlockExclusive();
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void removePermission(Permission permission) throws DataBackendException, UnknownEntityException {
        try {
            try {
                lockExclusive();
                String name = permission.getName();
                if (!checkExists(permission)) {
                    throw new UnknownEntityException(new StringBuffer().append("Permission '").append(name).append("' does not exist").toString());
                }
                LDAPUserManager.bindAsAdmin().unbind(new StringBuffer().append("turbinePermissionName=").append(name).append(",").append(LDAPSecurityConstants.getBaseSearch()).toString());
                getAllPermissions().remove(permission);
                unlockExclusive();
            } catch (NamingException e) {
                throw new DataBackendException("NamingException caught", e);
            }
        } catch (Throwable th) {
            unlockExclusive();
            throw th;
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void renameGroup(Group group, String str) throws DataBackendException, UnknownEntityException {
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void renameRole(Role role, String str) throws DataBackendException, UnknownEntityException {
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public synchronized void renamePermission(Permission permission, String str) throws DataBackendException, UnknownEntityException {
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public void revokeAll(User user) throws DataBackendException, UnknownEntityException {
        Iterator it = getAllGroups().iterator();
        while (it.hasNext()) {
            Group group = (Group) it.next();
            Iterator it2 = getRoles(user, group).iterator();
            while (it2.hasNext()) {
                revoke(user, group, (Role) it2.next());
            }
        }
    }

    @Override // org.apache.turbine.services.security.BaseSecurityService, org.apache.turbine.services.security.SecurityService
    public void revokeAll(Role role) throws DataBackendException, UnknownEntityException {
        Iterator it = getPermissions(role).iterator();
        while (it.hasNext()) {
            revoke(role, (Permission) it.next());
        }
    }

    public void revokeAll(Group group) throws DataBackendException, UnknownEntityException {
        for (User user : getUserList(new Criteria())) {
            Iterator it = getRoles(user, group).iterator();
            while (it.hasNext()) {
                revoke(user, group, (Role) it.next());
            }
        }
    }

    public boolean checkExists(Role role) throws DataBackendException {
        return getRoles(new Criteria()).contains(role);
    }

    public boolean checkExists(Group group) throws DataBackendException {
        return getGroups(new Criteria()).contains(group);
    }

    public boolean checkExists(Permission permission) throws DataBackendException {
        return getPermissions(new Criteria()).contains(permission);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$turbine$services$security$ldap$LDAPSecurityService == null) {
            cls = class$("org.apache.turbine.services.security.ldap.LDAPSecurityService");
            class$org$apache$turbine$services$security$ldap$LDAPSecurityService = cls;
        } else {
            cls = class$org$apache$turbine$services$security$ldap$LDAPSecurityService;
        }
        log = LogFactory.getLog(cls);
    }
}
