package net.bluemind.system.ldap.export.conf;

import freemarker.template.Configuration;
import freemarker.template.Template;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.network.utils.NetworkHelper;
import net.bluemind.node.api.INodeClient;
import net.bluemind.node.api.NCUtils;
import net.bluemind.node.api.NodeActivator;
import net.bluemind.server.api.Server;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/ldap/export/conf/SlapdConfig.class */
public class SlapdConfig {
    private ItemValue<Server> server;
    private static final String APPARMOR_INIT_SCRIPT = "apparmor";
    private static final String APPARMOR_DISABLE_PATH = "/etc/apparmor.d/disable";
    private static final String APPARMOR_SLAPD_CONF = "/etc/apparmor.d/usr.sbin.slapd";
    private static final String APPARMOR_DISABLE_SLAPD = "/etc/apparmor.d/disable/usr.sbin.slapd";
    protected final String confPath;
    protected final String schemaPath;
    protected final String varRunPath;
    protected final String usrLibPath;
    protected final String sasl2Path;
    private final String sasl2ConfTemplate;
    protected final String slapdDefaultPath;
    protected final String slapdDefaultTemplate;
    protected final String owner;
    protected final String group;
    private Logger logger = LoggerFactory.getLogger(SlapdConfig.class);
    private final String varLibPath = "/var/lib/ldap";
    private final String sasl2ConfFile = "slapd.conf";

    public static SlapdConfig build(ItemValue<Server> itemValue) {
        INodeClient iNodeClient = NodeActivator.get(((Server) itemValue.value).address());
        String str = iNodeClient.listFiles("/var/run/saslauthd/mux.accept").isEmpty() ? "slapd.sasl2.conf" : "slapd.sasl2.conf.docker";
        return !iNodeClient.listFiles("/etc/redhat-release").isEmpty() ? new SlapdConfig(itemValue, "/etc/openldap/slapd.d", "/etc/openldap/schema", "/var/run/openldap", "/usr/lib64/openldap", "/usr/lib64/sasl2", str, "/etc/sysconfig/slapd", "slapd.default.redhat", "ldap", "ldap") : new SlapdConfig(itemValue, "/etc/ldap/slapd.d", "/etc/ldap/schema", "/var/run/slapd", "/usr/lib/ldap", "/etc/ldap/sasl2", str, "/etc/default/slapd", "slapd.default.debian", "openldap", "openldap");
    }

    private SlapdConfig(ItemValue<Server> itemValue, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10) {
        this.server = itemValue;
        this.confPath = str;
        this.schemaPath = str2;
        this.varRunPath = str3;
        this.usrLibPath = str4;
        this.sasl2Path = str5;
        this.sasl2ConfTemplate = str6;
        this.slapdDefaultPath = str7;
        this.slapdDefaultTemplate = str8;
        this.owner = str9;
        this.group = str10;
    }

    public void init() {
        INodeClient iNodeClient = NodeActivator.get(((Server) this.server.value).address());
        disableApparmor(iNodeClient);
        stopSlapd(iNodeClient);
        configureSlapd(iNodeClient);
        startSlapd(iNodeClient);
    }

    public void updateSasl() {
        INodeClient iNodeClient = NodeActivator.get(((Server) this.server.value).address());
        initSasl(iNodeClient);
        stopSlapd(iNodeClient);
        startSlapd(iNodeClient);
    }

    private void initSasl(INodeClient iNodeClient) {
        NCUtils.exec(iNodeClient, new String[]{"/bin/mkdir", "-p", this.sasl2Path});
        iNodeClient.writeFile(this.sasl2Path + "/slapd.conf", getContentFromTemplate(this.sasl2ConfTemplate, Collections.emptyMap()));
        NCUtils.exec(iNodeClient, new String[]{"/bin/chown", "-R", this.owner + ":" + this.group, this.sasl2Path});
    }

    private void stopSlapd(INodeClient iNodeClient) {
        this.logger.info("Stoping LDAP service");
        NCUtils.exec(iNodeClient, new String[]{"service", "slapd", "stop"});
    }

    private void startSlapd(INodeClient iNodeClient) {
        this.logger.info("Starting LDAP service");
        NCUtils.exec(iNodeClient, new String[]{"service", "slapd", "start"});
        new NetworkHelper(((Server) this.server.value).address()).waitForListeningPort(389, 10L, TimeUnit.SECONDS);
    }

    private void configureSlapd(INodeClient iNodeClient) {
        this.logger.info("Configuring slapd");
        List listFiles = iNodeClient.listFiles("/var/lib/ldap");
        if (!listFiles.isEmpty()) {
            ArrayList arrayList = new ArrayList(List.of("/bin/rm", "-rf"));
            arrayList.addAll(listFiles.stream().map(fileDescription -> {
                return fileDescription.getPath();
            }).toList());
            NCUtils.exec(iNodeClient, arrayList);
        }
        NCUtils.exec(iNodeClient, new String[]{"/bin/mkdir", "-p", "/var/lib/ldap"});
        NCUtils.exec(iNodeClient, new String[]{"/bin/chown", this.owner + ":" + this.group, "/var/lib/ldap"});
        HashMap hashMap = new HashMap();
        hashMap.put("varRunPath", this.varRunPath);
        hashMap.put("confPath", this.confPath);
        hashMap.put("schemaPath", this.schemaPath);
        hashMap.put("usrLibPath", this.usrLibPath);
        hashMap.put("varLibPath", "/var/lib/ldap");
        if (!initSlapd(iNodeClient, "slapd.init.bdb.ldif", hashMap) && !initSlapd(iNodeClient, "slapd.init.mdb.ldif", hashMap)) {
            throw new ServerFault("Neither bdb nor mdb are present - no valid configuration available !");
        }
        iNodeClient.writeFile(this.slapdDefaultPath, getContentFromTemplate(this.slapdDefaultTemplate, Collections.emptyMap()));
        initSasl(iNodeClient);
    }

    private boolean initSlapd(INodeClient iNodeClient, String str, Map<String, Object> map) {
        NCUtils.exec(iNodeClient, new String[]{"/bin/rm", "-rf", this.confPath});
        NCUtils.exec(iNodeClient, new String[]{"/bin/mkdir", "-p", this.confPath});
        NCUtils.exec(iNodeClient, new String[]{"/bin/chown", this.owner + ":" + this.group, this.confPath});
        iNodeClient.writeFile("/tmp/slapd.init.ldif", getContentFromTemplate(str, map));
        if (NCUtils.exec(iNodeClient, new String[]{"/usr/sbin/slapadd", "-F", this.confPath, "-b", "cn=config", "-l", "/tmp/slapd.init.ldif"}).getExitCode() != 0) {
            return false;
        }
        NCUtils.exec(iNodeClient, new String[]{"/bin/chown", "-R", this.owner + ":" + this.group, this.confPath});
        this.logger.info("{} generated from {} template", this.confPath, str);
        return true;
    }

    private ByteArrayInputStream getContentFromTemplate(String str, Map<String, Object> map) {
        Configuration configuration = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
        configuration.setClassForTemplateLoading(getClass(), "/templates");
        try {
            Template template = configuration.getTemplate(str);
            StringWriter stringWriter = new StringWriter();
            try {
                template.process(map, stringWriter);
                return new ByteArrayInputStream(stringWriter.toString().getBytes());
            } catch (Exception e) {
                throw new ServerFault(e);
            }
        } catch (IOException e2) {
            throw new ServerFault(e2);
        }
    }

    private void disableApparmor(INodeClient iNodeClient) {
        try {
            if (NCUtils.exec(iNodeClient, List.of("apparmor_status", "--enabled")).getExitCode() != 0) {
                return;
            }
            this.logger.info("Disable apparmor for LDAP service on: {}", ((Server) this.server.value).address());
            NCUtils.exec(iNodeClient, new String[]{"ln", "-s", APPARMOR_SLAPD_CONF, APPARMOR_DISABLE_SLAPD});
            NCUtils.exec(iNodeClient, new String[]{"service", APPARMOR_INIT_SCRIPT, "teardown"});
            NCUtils.exec(iNodeClient, new String[]{"service", APPARMOR_INIT_SCRIPT, "restart"});
            NCUtils.exec(iNodeClient, new String[]{"apparmor_parser", "-R", APPARMOR_DISABLE_SLAPD});
        } catch (ServerFault unused) {
            this.logger.warn("Unable to get apparmor status, assume disabled");
        }
    }
}
