package net.bluemind.system.ldap.export.services;

import com.google.common.base.Strings;
import java.time.ZoneId;
import java.util.List;
import java.util.Optional;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.DomainSettingsKeys;
import net.bluemind.domain.api.IDomainSettings;
import net.bluemind.domain.api.IDomains;
import net.bluemind.server.api.Server;
import net.bluemind.system.ldap.export.LdapHelper;
import net.bluemind.system.ldap.export.objects.DomainDirectoryUsers;
import net.bluemind.user.api.IUser;
import net.bluemind.user.api.User;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.DefaultAttribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.message.ModifyRequest;
import org.apache.directory.api.ldap.model.message.ModifyRequestImpl;
import org.apache.directory.api.ldap.model.message.ModifyResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/ldap/export/services/PasswordUpdateService.class */
public class PasswordUpdateService {
    private static final Logger logger = LoggerFactory.getLogger(PasswordUpdateService.class);
    private final ItemValue<Server> ldapExportServer;
    private final ItemValue<Domain> domain;
    private final String passwordLifetime;
    private final ItemValue<User> user;

    public static Optional<PasswordUpdateService> build(String str, String str2) {
        if (str == null || str.isEmpty()) {
            throw new ServerFault("Invalid domain UID", ErrorCode.INVALID_PARAMETER);
        }
        if (str2 == null || str2.isEmpty()) {
            throw new ServerFault("Invalid user UID", ErrorCode.INVALID_PARAMETER);
        }
        BmContext context = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).getContext();
        List<ItemValue<Server>> ldapExportServer = LdapExportService.ldapExportServer(context, str);
        if (ldapExportServer.size() != 1) {
            return Optional.empty();
        }
        ItemValue itemValue = ((IDomains) context.provider().instance(IDomains.class, new String[]{str})).get(str);
        if (itemValue == null) {
            throw new ServerFault(String.format("Domain %s not found", str), ErrorCode.UNKNOWN);
        }
        ItemValue complete = ((IUser) context.provider().instance(IUser.class, new String[]{str})).getComplete(str2);
        if (complete == null) {
            throw new ServerFault(String.format("User %s not found", str), ErrorCode.UNKNOWN);
        }
        return Optional.of(new PasswordUpdateService(ldapExportServer.get(0), itemValue, (String) ((IDomainSettings) context.provider().instance(IDomainSettings.class, new String[]{itemValue.uid})).get().get(DomainSettingsKeys.password_lifetime.name()), complete));
    }

    public PasswordUpdateService(ItemValue<Server> itemValue, ItemValue<Domain> itemValue2, String str, ItemValue<User> itemValue3) {
        this.ldapExportServer = itemValue;
        this.domain = itemValue2;
        this.passwordLifetime = str;
        this.user = itemValue3;
    }

    /* JADX WARN: Finally extract failed */
    public void sync() throws Exception {
        Throwable th = null;
        try {
            try {
                LdapConnection connectDirectory = LdapHelper.connectDirectory(this.ldapExportServer);
                try {
                    EntryCursor search = connectDirectory.search(new DomainDirectoryUsers(this.domain).getDn(), String.format("(bmuid=%s)", this.user.uid), SearchScope.SUBTREE, new String[0]);
                    while (search.next()) {
                        Entry entry = (Entry) search.get();
                        ModifyRequest replace = new ModifyRequestImpl().setName(entry.getDn()).replace("shadowLastChange", new String[]{Long.toString(((User) this.user.value).passwordLastChange.toInstant().atZone(ZoneId.systemDefault()).toLocalDate().toEpochDay())});
                        if (!((User) this.user.value).passwordNeverExpires && !Strings.isNullOrEmpty(this.passwordLifetime)) {
                            replace.replace("shadowMax", new String[]{this.passwordLifetime});
                        } else if (entry.containsAttribute(new String[]{"shadowMax"})) {
                            replace.remove(new DefaultAttribute("shadowMax"));
                        }
                        ModifyResponse modify = connectDirectory.modify(replace);
                        if (modify.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
                            logger.error("Fail to update user {}@{}: {} - {}", new Object[]{((User) this.user.value).login, ((Domain) this.domain.value).name, modify.getLdapResult().getResultCode(), modify.getLdapResult().getDiagnosticMessage()});
                        }
                    }
                    if (connectDirectory != null) {
                        connectDirectory.close();
                    }
                } catch (Throwable th2) {
                    if (connectDirectory != null) {
                        connectDirectory.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            logger.error("Fail to update password last change for user {}@{}", ((User) this.user.value).login, ((Domain) this.domain.value).name);
            throw e;
        }
    }
}
