package org.alfresco.repo.security.authentication.ldap;

import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.repo.security.authority.AuthorityDAO;
import org.alfresco.service.cmr.security.PermissionService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.GUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.io.OutputFormat;
import org.dom4j.io.XMLWriter;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;

/* loaded from: input_file:org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource.class */
public class LDAPGroupExportSource implements ExportSource, InitializingBean {
    private static Log s_logger = LogFactory.getLog(LDAPGroupExportSource.class);
    private String searchBase;
    private LDAPInitialDirContextFactory ldapInitialContextFactory;
    private NamespaceService namespaceService;
    private QName viewRef;
    private QName viewId;
    private QName viewAssociations;
    private QName childQName;
    private QName viewValueQName;
    private QName viewIdRef;
    private AuthorityDAO authorityDAO;
    private String groupQuery = "(objectclass=groupOfNames)";
    private String groupIdAttributeName = "cn";
    private String userIdAttributeName = "uid";
    private String groupType = "groupOfNames";
    private String personType = "inetOrgPerson";
    private String memberAttribute = "member";
    private boolean errorOnMissingMembers = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource$Group.class */
    public static class Group {
        String gid;
        String guid;
        HashSet<Group> children;
        HashSet<String> members;
        HashSet<String> distinguishedNames;

        private Group(String str) {
            this.guid = GUID.generate();
            this.children = new HashSet<>();
            this.members = new HashSet<>();
            this.distinguishedNames = new HashSet<>();
            this.gid = PermissionService.GROUP_PREFIX + str;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj instanceof Group) {
                return this.gid.equals(((Group) obj).gid);
            }
            return false;
        }

        public int hashCode() {
            return this.gid.hashCode();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource$SecondaryLink.class */
    public static class SecondaryLink {
        String from;
        String to;

        private SecondaryLink(String str, String str2) {
            this.from = str;
            this.to = str2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof Group)) {
                return false;
            }
            SecondaryLink secondaryLink = (SecondaryLink) obj;
            return EqualsHelper.nullSafeEquals(this.from, secondaryLink.from) && EqualsHelper.nullSafeEquals(this.to, secondaryLink.to);
        }

        public int hashCode() {
            int i = 0;
            if (this.from != null) {
                i = (0 * 37) + this.from.hashCode();
            }
            if (this.to != null) {
                i = (i * 37) + this.to.hashCode();
            }
            return i;
        }
    }

    public void setGroupIdAttributeName(String str) {
        this.groupIdAttributeName = str;
    }

    public void setGroupQuery(String str) {
        this.groupQuery = str;
    }

    public void setGroupType(String str) {
        this.groupType = str;
    }

    public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory lDAPInitialDirContextFactory) {
        this.ldapInitialContextFactory = lDAPInitialDirContextFactory;
    }

    public void setMemberAttribute(String str) {
        this.memberAttribute = str;
    }

    public void setNamespaceService(NamespaceService namespaceService) {
        this.namespaceService = namespaceService;
    }

    public void setPersonType(String str) {
        this.personType = str;
    }

    public void setSearchBase(String str) {
        this.searchBase = str;
    }

    public void setUserIdAttributeName(String str) {
        this.userIdAttributeName = str;
    }

    public void setErrorOnMissingMembers(boolean z) {
        this.errorOnMissingMembers = z;
    }

    public void setAuthorityDAO(AuthorityDAO authorityDAO) {
        this.authorityDAO = authorityDAO;
    }

    @Override // org.alfresco.repo.importer.ExportSource
    public void generateExport(XMLWriter xMLWriter) {
        HashSet<Group> hashSet = new HashSet<>();
        HashMap<String, Group> hashMap = new HashMap<>();
        HashSet<SecondaryLink> hashSet2 = new HashSet<>();
        buildGroupsAndRoots(hashSet, hashMap, hashSet2);
        buildXML(hashSet, hashMap, hashSet2, xMLWriter);
    }

    private void buildXML(HashSet<Group> hashSet, HashMap<String, Group> hashMap, HashSet<SecondaryLink> hashSet2, XMLWriter xMLWriter) {
        Collection<String> prefixes = this.namespaceService.getPrefixes();
        QName createQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", this.namespaceService);
        try {
            new AttributesImpl().addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, createQName.getLocalName(), createQName.toPrefixString(), null, ContentModel.TYPE_PERSON.toPrefixString(this.namespaceService));
            xMLWriter.startDocument();
            for (String str : prefixes) {
                if (!str.equals("xml")) {
                    xMLWriter.startPrefixMapping(str, this.namespaceService.getNamespaceURI(str));
                }
            }
            xMLWriter.startElement(NamespaceService.REPOSITORY_VIEW_PREFIX, NamespaceService.REPOSITORY_VIEW_PREFIX, "view:view", new AttributesImpl());
            Iterator<Group> it = hashSet.iterator();
            while (it.hasNext()) {
                addRootGroup(hashMap, it.next(), xMLWriter);
            }
            Iterator<SecondaryLink> it2 = hashSet2.iterator();
            while (it2.hasNext()) {
                addSecondarylink(hashMap, it2.next(), xMLWriter);
            }
            for (String str2 : prefixes) {
                if (!str2.equals("xml")) {
                    xMLWriter.endPrefixMapping(str2);
                }
            }
            xMLWriter.endElement(NamespaceService.REPOSITORY_VIEW_PREFIX, NamespaceService.REPOSITORY_VIEW_PREFIX, "view:view");
            xMLWriter.endDocument();
        } catch (SAXException e) {
            throw new ExportSourceImporterException("Failed to create file for import.", e);
        }
    }

    private void addSecondarylink(HashMap<String, Group> hashMap, SecondaryLink secondaryLink, XMLWriter xMLWriter) throws SAXException {
        String str = hashMap.get(secondaryLink.from).guid;
        String str2 = hashMap.get(secondaryLink.to).guid;
        AttributesImpl attributesImpl = new AttributesImpl();
        attributesImpl.addAttribute(this.viewIdRef.getNamespaceURI(), this.viewIdRef.getLocalName(), this.viewIdRef.toPrefixString(), null, str);
        xMLWriter.startElement(this.viewRef.getNamespaceURI(), this.viewRef.getLocalName(), this.viewRef.toPrefixString(this.namespaceService), attributesImpl);
        xMLWriter.startElement(this.viewAssociations.getNamespaceURI(), this.viewAssociations.getLocalName(), this.viewAssociations.toPrefixString(this.namespaceService), new AttributesImpl());
        xMLWriter.startElement(ContentModel.ASSOC_MEMBER.getNamespaceURI(), ContentModel.ASSOC_MEMBER.getLocalName(), ContentModel.ASSOC_MEMBER.toPrefixString(this.namespaceService), new AttributesImpl());
        AttributesImpl attributesImpl2 = new AttributesImpl();
        attributesImpl2.addAttribute(this.viewIdRef.getNamespaceURI(), this.viewIdRef.getLocalName(), this.viewIdRef.toPrefixString(), null, str2);
        attributesImpl2.addAttribute(this.childQName.getNamespaceURI(), this.childQName.getLocalName(), this.childQName.toPrefixString(), null, QName.createQName(ContentModel.USER_MODEL_URI, secondaryLink.to).toPrefixString(this.namespaceService));
        xMLWriter.startElement(this.viewRef.getNamespaceURI(), this.viewRef.getLocalName(), this.viewRef.toPrefixString(this.namespaceService), attributesImpl2);
        xMLWriter.endElement(this.viewRef.getNamespaceURI(), this.viewRef.getLocalName(), this.viewRef.toPrefixString(this.namespaceService));
        xMLWriter.endElement(ContentModel.ASSOC_MEMBER.getNamespaceURI(), ContentModel.ASSOC_MEMBER.getLocalName(), ContentModel.ASSOC_MEMBER.toPrefixString(this.namespaceService));
        xMLWriter.endElement(this.viewAssociations.getNamespaceURI(), this.viewAssociations.getLocalName(), this.viewAssociations.toPrefixString(this.namespaceService));
        xMLWriter.endElement(this.viewRef.getNamespaceURI(), this.viewRef.getLocalName(), this.viewRef.toPrefixString(this.namespaceService));
    }

    private void addRootGroup(HashMap<String, Group> hashMap, Group group, XMLWriter xMLWriter) throws SAXException {
        QName createQName = QName.createQName("sys:node-uuid", this.namespaceService);
        AttributesImpl attributesImpl = new AttributesImpl();
        attributesImpl.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, this.childQName.getLocalName(), this.childQName.toPrefixString(), null, QName.createQName(ContentModel.USER_MODEL_URI, group.gid).toPrefixString(this.namespaceService));
        attributesImpl.addAttribute(this.viewId.getNamespaceURI(), this.viewId.getLocalName(), this.viewId.toPrefixString(), null, group.guid);
        xMLWriter.startElement(ContentModel.TYPE_AUTHORITY_CONTAINER.getNamespaceURI(), ContentModel.TYPE_AUTHORITY_CONTAINER.getLocalName(), ContentModel.TYPE_AUTHORITY_CONTAINER.toPrefixString(this.namespaceService), attributesImpl);
        if (this.authorityDAO != null && this.authorityDAO.authorityExists(group.gid) && this.authorityDAO.getAuthorityNodeRefOrNull(group.gid) != null) {
            String id = this.authorityDAO.getAuthorityNodeRefOrNull(group.gid).getId();
            xMLWriter.startElement(createQName.getNamespaceURI(), createQName.getLocalName(), createQName.toPrefixString(this.namespaceService), new AttributesImpl());
            xMLWriter.characters(id.toCharArray(), 0, id.length());
            xMLWriter.endElement(createQName.getNamespaceURI(), createQName.getLocalName(), createQName.toPrefixString(this.namespaceService));
        }
        xMLWriter.startElement(ContentModel.PROP_AUTHORITY_NAME.getNamespaceURI(), ContentModel.PROP_AUTHORITY_NAME.getLocalName(), ContentModel.PROP_AUTHORITY_NAME.toPrefixString(this.namespaceService), new AttributesImpl());
        xMLWriter.characters(group.gid.toCharArray(), 0, group.gid.length());
        xMLWriter.endElement(ContentModel.PROP_AUTHORITY_NAME.getNamespaceURI(), ContentModel.PROP_AUTHORITY_NAME.getLocalName(), ContentModel.PROP_AUTHORITY_NAME.toPrefixString(this.namespaceService));
        if (group.members.size() > 0) {
            xMLWriter.startElement(ContentModel.PROP_MEMBERS.getNamespaceURI(), ContentModel.PROP_MEMBERS.getLocalName(), ContentModel.PROP_MEMBERS.toPrefixString(this.namespaceService), new AttributesImpl());
            Iterator<String> it = group.members.iterator();
            while (it.hasNext()) {
                String next = it.next();
                xMLWriter.startElement(this.viewValueQName.getNamespaceURI(), this.viewValueQName.getLocalName(), this.viewValueQName.toPrefixString(this.namespaceService), new AttributesImpl());
                xMLWriter.characters(next.toCharArray(), 0, next.length());
                xMLWriter.endElement(this.viewValueQName.getNamespaceURI(), this.viewValueQName.getLocalName(), this.viewValueQName.toPrefixString(this.namespaceService));
            }
            xMLWriter.endElement(ContentModel.PROP_MEMBERS.getNamespaceURI(), ContentModel.PROP_MEMBERS.getLocalName(), ContentModel.PROP_MEMBERS.toPrefixString(this.namespaceService));
        }
        Iterator<Group> it2 = group.children.iterator();
        while (it2.hasNext()) {
            addgroup(hashMap, it2.next(), xMLWriter);
        }
        xMLWriter.endElement(ContentModel.TYPE_AUTHORITY_CONTAINER.getNamespaceURI(), ContentModel.TYPE_AUTHORITY_CONTAINER.getLocalName(), ContentModel.TYPE_AUTHORITY_CONTAINER.toPrefixString(this.namespaceService));
    }

    private void addgroup(HashMap<String, Group> hashMap, Group group, XMLWriter xMLWriter) throws SAXException {
        xMLWriter.startElement(ContentModel.ASSOC_MEMBER.getNamespaceURI(), ContentModel.ASSOC_MEMBER.getLocalName(), ContentModel.ASSOC_MEMBER.toPrefixString(this.namespaceService), new AttributesImpl());
        addRootGroup(hashMap, group, xMLWriter);
        xMLWriter.endElement(ContentModel.ASSOC_MEMBER.getNamespaceURI(), ContentModel.ASSOC_MEMBER.getLocalName(), ContentModel.ASSOC_MEMBER.toPrefixString(this.namespaceService));
    }

    private void buildGroupsAndRoots(HashSet<Group> hashSet, HashMap<String, Group> hashMap, HashSet<SecondaryLink> hashSet2) {
        Attributes attributes;
        Attribute attribute;
        String str;
        InitialDirContext initialDirContext = null;
        try {
            try {
                InitialDirContext defaultIntialDirContext = this.ldapInitialContextFactory.getDefaultIntialDirContext();
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration search = defaultIntialDirContext.search(this.searchBase, this.groupQuery, searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes2 = ((SearchResult) search.next()).getAttributes();
                    Attribute attribute2 = attributes2.get(this.groupIdAttributeName);
                    if (attribute2 == null) {
                        throw new ExportSourceImporterException("Group returned by group search does not have mandatory group id attribute " + attributes2);
                    }
                    String str2 = (String) attribute2.get(0);
                    Group group = hashMap.get(str2);
                    if (group == null) {
                        group = new Group(str2);
                        hashMap.put(group.gid, group);
                        hashSet.add(group);
                    }
                    Attribute attribute3 = attributes2.get(this.memberAttribute);
                    if (attribute3 != null) {
                        for (int i = 0; i < attribute3.size(); i++) {
                            String str3 = (String) attribute3.get(i);
                            if (str3 != null) {
                                group.distinguishedNames.add(str3);
                            }
                        }
                    }
                }
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Found " + hashMap.size());
                }
                loop2: for (Group group2 : hashMap.values()) {
                    if (s_logger.isDebugEnabled()) {
                        s_logger.debug("Linking " + group2.gid);
                    }
                    Iterator<String> it = group2.distinguishedNames.iterator();
                    while (it.hasNext()) {
                        String next = it.next();
                        if (s_logger.isDebugEnabled()) {
                            s_logger.debug("... " + next);
                        }
                        Boolean bool = null;
                        SearchControls searchControls2 = new SearchControls();
                        searchControls2.setSearchScope(0);
                        try {
                            NamingEnumeration search2 = defaultIntialDirContext.search(next, "(objectClass=*)", searchControls2);
                            while (search2.hasMoreElements()) {
                                String str4 = null;
                                try {
                                    attributes = ((SearchResult) search2.next()).getAttributes();
                                    attribute = attributes.get("objectclass");
                                } catch (NamingException e) {
                                    if (this.errorOnMissingMembers) {
                                        throw e;
                                    }
                                    s_logger.warn("Failed to resolve distinguished name: " + next);
                                }
                                if (attribute == null) {
                                    throw new ExportSourceImporterException("Failed to find attribute objectclass for DN " + next);
                                }
                                int i2 = 0;
                                while (true) {
                                    if (i2 >= attribute.size()) {
                                        break;
                                    }
                                    try {
                                        str = (String) attribute.get(i2);
                                    } catch (NamingException e2) {
                                        if (this.errorOnMissingMembers) {
                                            throw e2;
                                        }
                                        s_logger.warn("Failed to resolve object class attribute for distinguished name: " + next);
                                    }
                                    if (str.equals(this.groupType)) {
                                        bool = true;
                                        try {
                                            Attribute attribute4 = attributes.get(this.groupIdAttributeName);
                                            if (attribute4 == null) {
                                                throw new ExportSourceImporterException("Group missing group id attribute DN =" + next + "  att = " + this.groupIdAttributeName);
                                                break loop2;
                                            }
                                            str4 = (String) attribute4.get(0);
                                        } catch (NamingException e3) {
                                            if (this.errorOnMissingMembers) {
                                                throw e3;
                                            }
                                            s_logger.warn("Failed to resolve group identifier " + this.groupIdAttributeName + " for distinguished name: " + next);
                                            str4 = "Unknown sub group";
                                        }
                                    } else if (str.equals(this.personType)) {
                                        bool = false;
                                        try {
                                            Attribute attribute5 = attributes.get(this.userIdAttributeName);
                                            if (attribute5 == null) {
                                                throw new ExportSourceImporterException("User missing user id attribute DN =" + next + "  att = " + this.userIdAttributeName);
                                                break loop2;
                                            }
                                            str4 = (String) attribute5.get(0);
                                        } catch (NamingException e4) {
                                            if (this.errorOnMissingMembers) {
                                                throw e4;
                                            }
                                            s_logger.warn("Failed to resolve group identifier " + this.userIdAttributeName + " for distinguished name: " + next);
                                            str4 = "Unknown member";
                                        }
                                    } else {
                                        i2++;
                                    }
                                }
                                if (str4 != null) {
                                    if (bool == null) {
                                        throw new ExportSourceImporterException("Type not recognised for DN" + next);
                                    }
                                    if (bool.booleanValue()) {
                                        if (s_logger.isDebugEnabled()) {
                                            s_logger.debug("... is sub group");
                                        }
                                        Group group3 = hashMap.get(PermissionService.GROUP_PREFIX + str4);
                                        if (group3 == null) {
                                            throw new ExportSourceImporterException("Failed to find child group " + str4);
                                        }
                                        if (hashSet.contains(group3)) {
                                            if (s_logger.isDebugEnabled()) {
                                                s_logger.debug("...       Primary created from " + group2.gid + " to " + group3.gid);
                                            }
                                            group2.children.add(group3);
                                            hashSet.remove(group3);
                                        } else {
                                            if (s_logger.isDebugEnabled()) {
                                                s_logger.debug("...      Secondary created from " + group2.gid + " to " + group3.gid);
                                            }
                                            hashSet2.add(new SecondaryLink(group2.gid, group3.gid));
                                        }
                                    } else {
                                        if (s_logger.isDebugEnabled()) {
                                            s_logger.debug("... is member");
                                        }
                                        group2.members.add(str4);
                                    }
                                }
                            }
                        } catch (NamingException e5) {
                            if (this.errorOnMissingMembers) {
                                throw e5;
                            }
                            s_logger.warn("Failed to resolve distinguished name: " + next);
                        }
                    }
                }
                if (s_logger.isDebugEnabled()) {
                    s_logger.debug("Top " + hashSet.size());
                    s_logger.debug("Secondary " + hashSet2.size());
                }
                if (defaultIntialDirContext != null) {
                    try {
                        defaultIntialDirContext.close();
                    } catch (NamingException e6) {
                        throw new ExportSourceImporterException("Failed to import people.", (Throwable) e6);
                    }
                }
            } catch (NamingException e7) {
                throw new ExportSourceImporterException("Failed to import people.", (Throwable) e7);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    initialDirContext.close();
                } catch (NamingException e8) {
                    throw new ExportSourceImporterException("Failed to import people.", (Throwable) e8);
                }
            }
            throw th;
        }
    }

    public static void main(String[] strArr) throws Exception {
        ApplicationContext applicationContext = ApplicationContextHelper.getApplicationContext();
        ExportSource exportSource = (ExportSource) applicationContext.getBean("ldapGroupExportSource");
        UserTransaction userTransaction = ((TransactionService) applicationContext.getBean("transactionComponent")).getUserTransaction();
        userTransaction.begin();
        XMLWriter createXMLExporter = createXMLExporter(new BufferedWriter(new FileWriter(new File(strArr[0]))));
        exportSource.generateExport(createXMLExporter);
        createXMLExporter.close();
        userTransaction.commit();
    }

    private static XMLWriter createXMLExporter(Writer writer) {
        OutputFormat createPrettyPrint = OutputFormat.createPrettyPrint();
        createPrettyPrint.setNewLineAfterDeclaration(false);
        createPrettyPrint.setIndentSize(3);
        createPrettyPrint.setEncoding("UTF-8");
        return new XMLWriter(writer, createPrettyPrint);
    }

    public void afterPropertiesSet() throws Exception {
        this.viewRef = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "reference", this.namespaceService);
        this.viewId = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "id", this.namespaceService);
        this.viewIdRef = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "idref", this.namespaceService);
        this.viewAssociations = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "associations", this.namespaceService);
        this.childQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", this.namespaceService);
        this.viewValueQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "value", this.namespaceService);
    }
}
