package net.bluemind.system.ldap.export.services;

import com.google.common.base.Strings;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.DomainSettingsKeys;
import net.bluemind.domain.api.IDomainSettings;
import net.bluemind.domain.api.IDomains;
import net.bluemind.server.api.Server;
import net.bluemind.system.ldap.export.LdapHelper;
import net.bluemind.system.ldap.export.objects.DomainDirectoryUsers;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
import org.apache.directory.api.ldap.model.message.ModifyResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/ldap/export/services/PasswordLifetimeService.class */
public class PasswordLifetimeService {
    private static final Logger logger = LoggerFactory.getLogger(PasswordLifetimeService.class);
    private final ItemValue<Server> ldapExportServer;
    private final ItemValue<Domain> domain;
    private final String passwordLifetime;

    public static Optional<PasswordLifetimeService> build(String str) {
        if (str == null || str.isEmpty()) {
            throw new ServerFault("Invalid domain UID", ErrorCode.INVALID_PARAMETER);
        }
        BmContext context = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).getContext();
        List<ItemValue<Server>> ldapExportServer = LdapExportService.ldapExportServer(context, str);
        if (ldapExportServer.size() != 1) {
            return Optional.empty();
        }
        ItemValue itemValue = ((IDomains) context.provider().instance(IDomains.class, new String[]{str})).get(str);
        if (itemValue == null) {
            throw new ServerFault(String.format("Domain %s not found", str), ErrorCode.UNKNOWN);
        }
        return Optional.of(new PasswordLifetimeService(ldapExportServer.get(0), itemValue, (String) ((IDomainSettings) context.provider().instance(IDomainSettings.class, new String[]{itemValue.uid})).get().get(DomainSettingsKeys.password_lifetime.name())));
    }

    private PasswordLifetimeService(ItemValue<Server> itemValue, ItemValue<Domain> itemValue2, String str) {
        this.ldapExportServer = itemValue;
        this.domain = itemValue2;
        this.passwordLifetime = str;
    }

    /* JADX WARN: Finally extract failed */
    public void sync() throws Exception {
        Throwable th = null;
        try {
            try {
                LdapConnection connectDirectory = LdapHelper.connectDirectory(this.ldapExportServer);
                try {
                    if (Strings.isNullOrEmpty(this.passwordLifetime)) {
                        disablePasswordLifetime(connectDirectory, this.passwordLifetime, getEntriesToUpdate(connectDirectory, "(&(bmuid=*)(&(shadowMax=*)(!(shadowMax=0))))"));
                        if (connectDirectory != null) {
                            connectDirectory.close();
                            return;
                        }
                        return;
                    }
                    Set<String> neverExpireUserUid = getNeverExpireUserUid();
                    EntryCursor entriesToUpdate = getEntriesToUpdate(connectDirectory, "(&(bmuid=*)(!(shadowMax=0)))");
                    while (entriesToUpdate.next()) {
                        logger.info(((Entry) entriesToUpdate.get()).getDn().getName());
                        if (!neverExpireUserUid.contains(((Entry) entriesToUpdate.get()).get("bmUid").get().toString())) {
                            ModifyResponse modify = connectDirectory.modify(new ModifyRequestImpl().setName(((Entry) entriesToUpdate.get()).getDn()).replace("shadowMax", new String[]{this.passwordLifetime}));
                            if (modify.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
                                logger.error("Fail to update LDAP for domain {} with domain settings changes: {} - {}", new Object[]{((Domain) this.domain.value).name, modify.getLdapResult().getResultCode(), modify.getLdapResult().getDiagnosticMessage()});
                            }
                        }
                    }
                    if (connectDirectory != null) {
                        connectDirectory.close();
                    }
                } catch (Throwable th2) {
                    if (connectDirectory != null) {
                        connectDirectory.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            logger.error("Fail to update LDAP for domain {} with domain settings changes", this.domain.uid);
            throw e;
        }
    }

    private EntryCursor getEntriesToUpdate(LdapConnection ldapConnection, String str) throws LdapException {
        return ldapConnection.search(new DomainDirectoryUsers(this.domain).getDn(), str, SearchScope.SUBTREE, new String[]{"bmUid"});
    }

    /* JADX WARN: Finally extract failed */
    private Set<String> getNeverExpireUserUid() throws SQLException {
        HashSet hashSet = new HashSet();
        String format = String.format("SELECT tci.uid AS uid FROM t_domain_user tdu INNER JOIN t_container_item tci ON tci.id=tdu.item_id INNER JOIN t_container tc ON tc.id=tci.container_id WHERE password_neverexpires AND tc.domain_uid='%s'", this.domain.uid);
        Throwable th = null;
        try {
            Connection connection = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).getContext().getDataSource().getConnection();
            try {
                PreparedStatement prepareStatement = connection.prepareStatement(format);
                try {
                    ResultSet executeQuery = prepareStatement.executeQuery();
                    while (executeQuery.next()) {
                        try {
                            hashSet.add(executeQuery.getString("uid"));
                        } catch (Throwable th2) {
                            if (executeQuery != null) {
                                executeQuery.close();
                            }
                            throw th2;
                        }
                    }
                    if (executeQuery != null) {
                        executeQuery.close();
                    }
                    if (prepareStatement != null) {
                        prepareStatement.close();
                    }
                    if (connection != null) {
                        connection.close();
                    }
                    return hashSet;
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    if (prepareStatement != null) {
                        prepareStatement.close();
                    }
                    throw th;
                }
            } catch (Throwable th4) {
                if (0 == 0) {
                    th = th4;
                } else if (null != th4) {
                    th.addSuppressed(th4);
                }
                if (connection != null) {
                    connection.close();
                }
                throw th;
            }
        } catch (Throwable th5) {
            if (0 == 0) {
                th = th5;
            } else if (null != th5) {
                th.addSuppressed(th5);
            }
            throw th;
        }
    }

    private void disablePasswordLifetime(LdapConnection ldapConnection, String str, EntryCursor entryCursor) throws LdapException, CursorException {
        while (entryCursor.next()) {
            ModifyResponse modify = ldapConnection.modify(new ModifyRequestImpl().setName(((Entry) entryCursor.get()).getDn()).remove(new DefaultAttribute("shadowMax")));
            if (modify.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
                logger.error("Fail to update LDAP for domain {} with domain settings changes: {} - {}", new Object[]{((Domain) this.domain.value).name, modify.getLdapResult().getResultCode(), modify.getLdapResult().getDiagnosticMessage()});
            }
        }
    }
}
