package com.atlassian.crowd.directory;

import com.atlassian.crowd.directory.ldap.LDAPPropertiesMapperImpl;
import com.atlassian.crowd.directory.ldap.control.DeletedResultsControl;
import com.atlassian.crowd.directory.ldap.mapper.TombstoneContextMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.AttributeMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.ObjectGUIDMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.USNChangedMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.group.RFC4519MemberDnRangeOffsetMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.group.RFC4519MemberDnRangedMapper;
import com.atlassian.crowd.directory.ldap.name.ActiveDirectoryEncoder;
import com.atlassian.crowd.directory.ldap.name.Encoder;
import com.atlassian.crowd.directory.ldap.util.IncrementalAttributeMapper;
import com.atlassian.crowd.directory.ldap.util.ListAttributeValueProcessor;
import com.atlassian.crowd.directory.ldap.util.RangeOption;
import com.atlassian.crowd.exception.InvalidCredentialException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.model.Tombstone;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplateWithAttributes;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.search.ldap.LDAPQueryTranslater;
import com.atlassian.crowd.util.InstanceFactory;
import com.atlassian.event.api.EventPublisher;
import com.google.common.collect.Lists;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.CompositeName;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.SearchControls;
import org.apache.log4j.Logger;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.GreaterThanOrEqualsFilter;
import org.springframework.ldap.filter.HardcodedFilter;

/* loaded from: input_file:com/atlassian/crowd/directory/MicrosoftActiveDirectory.class */
public class MicrosoftActiveDirectory extends RFC4519Directory {
    private static final Logger logger = Logger.getLogger(MicrosoftActiveDirectory.class);
    private static final String PRINCIPAL_NO_SSL_CONNECTION = "Secure SSL connections for this directory are not configured; unable to perform this operation.";
    private static final int UF_ACCOUNTDISABLE = 2;
    private static final int UF_PASSWD_NOTREQD = 32;
    private static final int UF_PASSWD_CANT_CHANGE = 64;
    private static final int UF_NORMAL_ACCOUNT = 512;
    private static final int UF_DONT_EXPIRE_PASSWD = 65536;
    private static final int UF_PASSWORD_EXPIRED = 8388608;
    private static final String AD_USER_ACCOUNT_CONTROL = "userAccountControl";
    private static final String AD_SAM_ACCOUNT_NAME = "samAccountName";
    private static final String AD_PASSWORD_ENCODED = "UTF-16LE";
    private static final String AD_MEMBEROF = "memberOf";
    private static final String AD_HIGHEST_COMMITTED_USN = "highestCommittedUSN";
    private static final String AD_IS_DELETED = "isDeleted";
    private static final String AD_OBJECT_CLASS = "objectClass";
    private static final String DELETED_OBJECTS_DN_ADDITION = "CN=Deleted Objects";
    private static final String ROOT_DOMAIN_NAMING_CONTEXT = "rootDomainNamingContext";
    private static final String GROUP_TYPE_NAME = "groupType";
    private static final String GROUP_TYPE_VALUE = "2";

    public MicrosoftActiveDirectory(LDAPQueryTranslater lDAPQueryTranslater, EventPublisher eventPublisher, InstanceFactory instanceFactory) {
        super(lDAPQueryTranslater, eventPublisher, instanceFactory);
    }

    public static String getStaticDirectoryType() {
        return "Microsoft Active Directory";
    }

    public String getDescriptiveName() {
        return getStaticDirectoryType();
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected Encoder getEncoder() {
        return new ActiveDirectoryEncoder();
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected String getInitialGroupMemberDN() {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public byte[] encodePassword(String str) throws InvalidCredentialException {
        try {
            return ("\"" + str + "\"").getBytes(AD_PASSWORD_ENCODED);
        } catch (UnsupportedEncodingException e) {
            throw new InvalidCredentialException(e.getMessage(), e);
        }
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected void getNewUserDirectorySpecificAttributes(User user, Attributes attributes) {
        attributes.put(AD_SAM_ACCOUNT_NAME, user.getName());
        attributes.put(new BasicAttribute(AD_USER_ACCOUNT_CONTROL, user.isActive() ? Integer.toString(8389152) : Integer.toString(8389154)));
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected void getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes) {
        attributes.put(GROUP_TYPE_NAME, GROUP_TYPE_VALUE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory, com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomUserAttributeMappers() {
        List<AttributeMapper> customUserAttributeMappers = super.getCustomUserAttributeMappers();
        customUserAttributeMappers.add(new ObjectGUIDMapper());
        customUserAttributeMappers.add(new USNChangedMapper());
        return customUserAttributeMappers;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory, com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomGroupAttributeMappers() {
        List<AttributeMapper> customGroupAttributeMappers = super.getCustomGroupAttributeMappers();
        customGroupAttributeMappers.add(new ObjectGUIDMapper());
        customGroupAttributeMappers.add(new USNChangedMapper());
        return customGroupAttributeMappers;
    }

    @Override // com.atlassian.crowd.directory.RFC4519Directory
    protected List<AttributeMapper> getMemberDnMappers() {
        return Arrays.asList(new RFC4519MemberDnRangedMapper(this.ldapPropertiesMapper.getGroupMemberAttribute(), this.ldapPropertiesMapper.isRelaxedDnStandardisation()), new RFC4519MemberDnRangeOffsetMapper(this.ldapPropertiesMapper.getGroupMemberAttribute()));
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> list) {
        ArrayList newArrayList = Lists.newArrayList();
        for (LDAPGroupWithAttributes lDAPGroupWithAttributes : list) {
            if (lDAPGroupWithAttributes.getValue(RFC4519MemberDnRangeOffsetMapper.ATTRIBUTE_KEY) != null) {
                ListAttributeValueProcessor listAttributeValueProcessor = new ListAttributeValueProcessor();
                IncrementalAttributeMapper incrementalAttributeMapper = new IncrementalAttributeMapper(this.ldapPropertiesMapper.getGroupMemberAttribute(), listAttributeValueProcessor, new RangeOption(Integer.valueOf(lDAPGroupWithAttributes.getValue(RFC4519MemberDnRangeOffsetMapper.ATTRIBUTE_KEY)).intValue()));
                while (incrementalAttributeMapper.hasMore()) {
                    this.ldapTemplate.lookup(lDAPGroupWithAttributes.getDn(), incrementalAttributeMapper.getAttributesArray(), incrementalAttributeMapper);
                }
                Set<String> values = lDAPGroupWithAttributes.getValues("memberDNs");
                HashSet hashSet = new HashSet(values.size() + listAttributeValueProcessor.getValues().size());
                hashSet.addAll(values);
                Iterator<String> it = listAttributeValueProcessor.getValues().iterator();
                while (it.hasNext()) {
                    hashSet.add(standardiseDN(it.next()));
                }
                GroupTemplateWithAttributes groupTemplateWithAttributes = new GroupTemplateWithAttributes(lDAPGroupWithAttributes);
                groupTemplateWithAttributes.setAttribute("memberDNs", hashSet);
                groupTemplateWithAttributes.removeAttribute(RFC4519MemberDnRangeOffsetMapper.ATTRIBUTE_KEY);
                newArrayList.add(new LDAPGroupWithAttributes(lDAPGroupWithAttributes.getDn(), groupTemplateWithAttributes));
            } else {
                newArrayList.add(lDAPGroupWithAttributes);
            }
        }
        return newArrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public Map<String, String> getBaseEnvironmentProperties() {
        Map<String, String> baseEnvironmentProperties = super.getBaseEnvironmentProperties();
        baseEnvironmentProperties.put(LDAPPropertiesMapperImpl.CONNECTION_BINARY_ATTRIBUTES, ObjectGUIDMapper.ATTRIBUTE_KEY);
        return baseEnvironmentProperties;
    }

    public long fetchHighestCommittedUSN() throws OperationFailedException {
        try {
            long parseLong = Long.parseLong((String) ((DirContextAdapter) this.ldapTemplate.lookup("")).getAttributes().get(AD_HIGHEST_COMMITTED_USN).get(0));
            if (logger.isDebugEnabled()) {
                logger.debug("Fetched highest committed uSN of " + parseLong);
            }
            return parseLong;
        } catch (NamingException e) {
            logger.error("Error retrieving highestCommittedUSN from AD root", e);
            throw new OperationFailedException("Error retrieving highestCommittedUSN from AD root", e);
        } catch (org.springframework.ldap.NamingException e2) {
            logger.error("Error looking up attributes for highestCommittedUSN", e2);
            throw new OperationFailedException("Error looking up attributes for highestCommittedUSN", e2);
        }
    }

    public List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long j) throws OperationFailedException {
        return findAddedOrUpdatedObjectsSince(j, this.searchDN.getUser(), this.ldapPropertiesMapper.getUserFilter(), getUserContextMapper());
    }

    public List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long j) throws OperationFailedException {
        return findAddedOrUpdatedObjectsSince(j, this.searchDN.getGroup(), this.ldapPropertiesMapper.getGroupFilter(), getGroupContextMapper(GroupType.GROUP));
    }

    public List<Tombstone> findUserTombstonesSince(long j) throws OperationFailedException {
        return findTombstonesSince(j, this.searchDN.getUser(), this.ldapPropertiesMapper.getUserObjectClass());
    }

    public List<Tombstone> findGroupTombstonesSince(long j) throws OperationFailedException {
        return findTombstonesSince(j, this.searchDN.getGroup(), this.ldapPropertiesMapper.getGroupObjectClass());
    }

    protected List findAddedOrUpdatedObjectsSince(long j, Name name, String str, ContextMapper contextMapper) throws OperationFailedException {
        AndFilter andFilter = new AndFilter();
        andFilter.and(new HardcodedFilter(str));
        andFilter.and(new GreaterThanOrEqualsFilter(USNChangedMapper.ATTRIBUTE_KEY, Long.toString(j + 1)));
        logger.debug("Performing polling search: baseDN = " + name + " - filter = " + andFilter.encode());
        return searchEntities(name, andFilter.encode(), contextMapper, 0, -1);
    }

    private Name getDeletedObjectsDN() {
        try {
            return new CompositeName(new StringBuffer(DELETED_OBJECTS_DN_ADDITION).append(",").append(((DirContextAdapter) this.ldapTemplate.lookup("")).getStringAttribute(ROOT_DOMAIN_NAMING_CONTEXT)).toString());
        } catch (NamingException e) {
            return this.searchDN.getNamingContext();
        }
    }

    protected List<Tombstone> findTombstonesSince(long j, Name name, String str) throws OperationFailedException {
        SearchControls subTreeSearchControl = getSubTreeSearchControl();
        subTreeSearchControl.setReturningAttributes(new String[]{ObjectGUIDMapper.ATTRIBUTE_KEY, USNChangedMapper.ATTRIBUTE_KEY});
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(AD_IS_DELETED, "TRUE"));
        andFilter.and(new EqualsFilter(AD_OBJECT_CLASS, str));
        andFilter.and(new GreaterThanOrEqualsFilter(USNChangedMapper.ATTRIBUTE_KEY, Long.toString(j + 1)));
        Name deletedObjectsDN = getDeletedObjectsDN();
        logger.debug("Performing tombstones search: baseDN = " + deletedObjectsDN + " - filter = " + andFilter.encode());
        return searchEntitiesWithRequestControls(deletedObjectsDN, andFilter.encode(), new TombstoneContextMapper(), subTreeSearchControl, new DeletedResultsControl(), 0, -1);
    }
}
