package com.identity4j.connector.activedirectory;

import com.identity4j.connector.ConnectorCapability;
import com.identity4j.connector.ConnectorConfigurationParameters;
import com.identity4j.connector.Media;
import com.identity4j.connector.directory.DirectoryConnector;
import com.identity4j.connector.directory.DirectoryExceptionParser;
import com.identity4j.connector.directory.DirectoryIdentity;
import com.identity4j.connector.directory.LdapService;
import com.identity4j.connector.exception.ConnectorException;
import com.identity4j.connector.exception.PasswordChangeRequiredException;
import com.identity4j.connector.exception.PasswordPolicyViolationException;
import com.identity4j.connector.principal.AccountStatus;
import com.identity4j.connector.principal.AccountStatusType;
import com.identity4j.connector.principal.Identity;
import com.identity4j.connector.principal.PasswordStatus;
import com.identity4j.connector.principal.PasswordStatusType;
import com.identity4j.connector.principal.Role;
import com.identity4j.util.CollectionUtil;
import com.identity4j.util.StringUtil;
import com.identity4j.util.Util;
import com.identity4j.util.passwords.PasswordCharacteristics;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.BasicControl;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/identity4j/connector/activedirectory/ActiveDirectoryConnector.class */
public class ActiveDirectoryConnector extends DirectoryConnector {
    private static final String UTF_16 = "UTF-16LE";
    static final String PWD_HISTORY_LENGTH = "pwdHistoryLength";
    private static final int CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG = 0;
    private static final int CHANGE_PASSWORD_AT_NEXT_LOGON_CANCEL_FLAG = -1;
    private static final int DOMAIN_PASSWORD_COMPLEX = 1;
    private List<String> identityAttributesToRetrieve = new ArrayList(ALL_USER_ATTRIBUTES);
    final byte[] controlData = {48, -124, 0, 0, 0, 3, 2, 1, 1};
    BasicControl[] controls = new BasicControl[1];
    final String LDAP_SERVER_POLICY_HINTS_OID = "1.2.840.113556.1.4.2066";
    private static final Iterator<String> STRING_ITERATOR = CollectionUtil.emptyIterator(String.class);
    static final Log LOG = LogFactory.getLog(ActiveDirectoryConnector.class);
    private static final String MEMBER_ATTRIBUTE = "member";
    private static final String OBJECT_GUID_ATTRIBUTE = "objectGUID";
    private static final String OU_ATTRIBUTE = "ou";
    private static final String DISTINGUISHED_NAME_ATTRIBUTE = "distinguishedName";
    private static final String PRIMARY_GROUP_ID_ATTRIBUTE = "primaryGroupId";
    private static Collection<String> DEFAULT_USER_ATTRIBUTES = Arrays.asList(MEMBER_ATTRIBUTE, OBJECT_GUID_ATTRIBUTE, OU_ATTRIBUTE, DISTINGUISHED_NAME_ATTRIBUTE, PRIMARY_GROUP_ID_ATTRIBUTE);
    private static final String USER_PRINCIPAL_NAME_ATTRIBUTE = "userPrincipalName";
    private static final String SAM_ACCOUNT_NAME_ATTRIBUTE = "sAMAccountName";
    private static final String USER_ACCOUNT_CONTROL_ATTRIBUTE = "userAccountControl";
    private static final String LAST_LOGON_ATTRIBUTE = "lastLogon";
    private static final String LAST_LOGON_TIMESTAMP_ATTRIBUTE = "lastLogontimeStamp";
    private static final String PWD_LAST_SET_ATTRIBUTE = "pwdLastSet";
    private static Collection<String> ATTRIBUTES_TO_EXCLUDE_FROM_UPDATE = Arrays.asList(USER_PRINCIPAL_NAME_ATTRIBUTE, SAM_ACCOUNT_NAME_ATTRIBUTE, USER_ACCOUNT_CONTROL_ATTRIBUTE, LAST_LOGON_ATTRIBUTE, LAST_LOGON_TIMESTAMP_ATTRIBUTE, PWD_LAST_SET_ATTRIBUTE, OU_ATTRIBUTE);
    private static final String ACCOUNT_EXPIRES_ATTRIBUTE = "accountExpires";
    private static final String LOCKOUT_TIME_ATTRIBUTE = "lockoutTime";
    private static final String LOCKOUT_DURATION_ATTRIBUTE = "lockoutDuration";
    static final String MINIMUM_PASSWORD_AGE_ATTRIBUTE = "minPwdAge";
    static final String MAXIMUM_PASSWORD_AGE_ATTRIBUTE = "maxPwdAge";
    private static final String COMMON_NAME_ATTRIBUTE = "cn";
    private static final String MEMBER_OF_ATTRIBUTE = "memberOf";
    private static final String OBJECT_SID_ATTRIBUTE = "objectSID";
    private static final String PWD_PROPERTIES_ATTRIBUTE = "pwdProperties";
    private static final String MAIL_ATTRIBUTE = "mail";
    private static final String PHONE_NUMBER_ATTRIBUTE = "telephoneNumber";
    private static final String MOBILE_PHONE_NUMBER_ATTRIBUTE = "mobile";
    private static final String OTHER_PHONE_NUMBER_ATTRIBUTE = "otherTelephone";
    private static Collection<String> ALL_USER_ATTRIBUTES = Arrays.asList(SAM_ACCOUNT_NAME_ATTRIBUTE, USER_PRINCIPAL_NAME_ATTRIBUTE, USER_ACCOUNT_CONTROL_ATTRIBUTE, ACCOUNT_EXPIRES_ATTRIBUTE, LOCKOUT_TIME_ATTRIBUTE, LOCKOUT_DURATION_ATTRIBUTE, LAST_LOGON_ATTRIBUTE, LAST_LOGON_TIMESTAMP_ATTRIBUTE, PWD_LAST_SET_ATTRIBUTE, MINIMUM_PASSWORD_AGE_ATTRIBUTE, MAXIMUM_PASSWORD_AGE_ATTRIBUTE, COMMON_NAME_ATTRIBUTE, MEMBER_OF_ATTRIBUTE, OBJECT_SID_ATTRIBUTE, PWD_PROPERTIES_ATTRIBUTE, MAIL_ATTRIBUTE, PHONE_NUMBER_ATTRIBUTE, MOBILE_PHONE_NUMBER_ATTRIBUTE, OTHER_PHONE_NUMBER_ATTRIBUTE, OU_ATTRIBUTE, DISTINGUISHED_NAME_ATTRIBUTE);
    private static Collection<String> ALL_ROLE_ATTRIBUTES = Arrays.asList(OBJECT_SID_ATTRIBUTE, OBJECT_GUID_ATTRIBUTE, COMMON_NAME_ATTRIBUTE, DISTINGUISHED_NAME_ATTRIBUTE);

    public Set<ConnectorCapability> getCapabilities() {
        if (!capabilities.contains(ConnectorCapability.hasPasswordPolicy)) {
            capabilities.add(ConnectorCapability.hasPasswordPolicy);
            capabilities.add(ConnectorCapability.caseInsensitivePrincipalNames);
        }
        return capabilities;
    }

    public PasswordCharacteristics getPasswordCharacteristics() {
        boolean z = CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG;
        String attributeValue = getAttributeValue(getRootDn(), PWD_PROPERTIES_ATTRIBUTE);
        if (!StringUtil.isNullOrEmpty(attributeValue)) {
            z = (Integer.parseInt(attributeValue) & 1) != 0;
        }
        String attributeValue2 = getAttributeValue(getRootDn(), "minPwdLength");
        return new ADPasswordCharacteristics(z, attributeValue2 == null ? 6 : Integer.parseInt(attributeValue2), getPasswordHistoryLength(), getMaximumPasswordAge(), getMinimumPasswordAge());
    }

    protected void onOpen(ConnectorConfigurationParameters connectorConfigurationParameters) {
        super.onOpen(connectorConfigurationParameters);
        Collection<String> identityAttributesToRetrieve = connectorConfigurationParameters.getIdentityAttributesToRetrieve();
        if (identityAttributesToRetrieve != null) {
            for (String str : identityAttributesToRetrieve) {
                if (!this.identityAttributesToRetrieve.contains(str)) {
                    this.identityAttributesToRetrieve.add(str);
                }
            }
        }
    }

    public void deleteIdentity(String str) throws ConnectorException {
        try {
            LdapService.getInstance().unbind(new LdapName(getIdentityByName(str).getAttribute(DISTINGUISHED_NAME_ATTRIBUTE)));
        } catch (InvalidNameException e) {
            LOG.error("Problem in delete identity", e);
        } catch (NamingException e2) {
            LOG.error("Problem in delete identity", e2);
        } catch (IOException e3) {
            LOG.error("Problem in delete identity", e3);
        }
    }

    public void updateIdentity(Identity identity) throws ConnectorException {
        try {
            ArrayList arrayList = new ArrayList();
            Identity identityByName = getIdentityByName(identity.getPrincipalName());
            ActiveDirectoryConfiguration activeDirectoryConfiguration = getActiveDirectoryConfiguration();
            LdapName ldapName = new LdapName(identity.getAttribute(DISTINGUISHED_NAME_ATTRIBUTE));
            String principalName = identity.getPrincipalName();
            for (Map.Entry entry : identity.getAttributes().entrySet()) {
                if (!isExcludeForUpdate((String) entry.getKey())) {
                    if (identityByName.getAttributes().containsKey(entry.getKey())) {
                        String attribute = identityByName.getAttribute((String) entry.getKey());
                        String attribute2 = identity.getAttribute((String) entry.getKey());
                        if (Util.differs(attribute, attribute2)) {
                            arrayList.add(new ModificationItem(2, new BasicAttribute((String) entry.getKey(), attribute2)));
                        }
                    } else if (((String[]) entry.getValue()).length > 0 && ((String[]) entry.getValue())[CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG].length() > 0) {
                        arrayList.add(new ModificationItem(1, new BasicAttribute((String) entry.getKey(), identity.getAttribute((String) entry.getKey()))));
                    }
                }
            }
            if (Util.differs(identityByName.getFullName(), identity.getFullName())) {
                arrayList.add(new ModificationItem(2, new BasicAttribute(COMMON_NAME_ATTRIBUTE, identity.getFullName())));
            }
            String str = String.valueOf(principalName) + "@" + activeDirectoryConfiguration.getDomain();
            if (Util.differs(identityByName.getAttribute(USER_PRINCIPAL_NAME_ATTRIBUTE), str)) {
                arrayList.add(new ModificationItem(2, new BasicAttribute(USER_PRINCIPAL_NAME_ATTRIBUTE, str)));
            }
            String address = identity.getAddress(Media.mobile);
            if (!StringUtil.isNullOrEmpty(address)) {
                arrayList.add(new ModificationItem(2, new BasicAttribute(MOBILE_PHONE_NUMBER_ATTRIBUTE, address)));
            }
            LdapService.getInstance().update(ldapName, (ModificationItem[]) arrayList.toArray(new ModificationItem[CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG]));
        } catch (NamingException e) {
            LOG.error("Problem in update identity", e);
        } catch (IOException e2) {
            LOG.error("Problem in update identity", e2);
        }
    }

    private boolean isExcludeForUpdate(String str) {
        return ATTRIBUTES_TO_EXCLUDE_FROM_UPDATE.contains(str);
    }

    public Identity createIdentity(Identity identity, char[] cArr) throws ConnectorException {
        LdapName ldapName;
        try {
            ActiveDirectoryConfiguration activeDirectoryConfiguration = getActiveDirectoryConfiguration();
            String attribute = identity.getAttribute(OU_ATTRIBUTE);
            if (StringUtil.isNullOrEmpty(attribute)) {
                ldapName = new LdapName(getRootDn().toString());
                if (StringUtil.isNullOrEmpty(activeDirectoryConfiguration.getOU())) {
                    ldapName.add(new Rdn("CN=Users"));
                } else {
                    ldapName.add(new Rdn(activeDirectoryConfiguration.getOU()));
                }
            } else {
                ldapName = new LdapName(attribute);
            }
            LdapName ldapName2 = new LdapName(ldapName.toString());
            String principalName = identity.getPrincipalName();
            ldapName2.add("CN=" + identity.getFullName());
            Name baseDn = getConfiguration().getBaseDn();
            if (!ldapName2.toString().endsWith(baseDn.toString())) {
                throw new ConnectorException("The User DN (" + ldapName2 + ") must be a child of the Base DN (" + baseDn + " configured for the Active Directory connector.");
            }
            ArrayList arrayList = new ArrayList();
            for (Map.Entry entry : identity.getAttributes().entrySet()) {
                String[] strArr = (String[]) entry.getValue();
                if (strArr.length > 0) {
                    arrayList.add(new BasicAttribute((String) entry.getKey(), strArr[CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG]));
                }
            }
            String[] strArr2 = {"top", "user", "person", "organizationalPerson"};
            BasicAttribute basicAttribute = new BasicAttribute("objectClass");
            int length = strArr2.length;
            for (int i = CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG; i < length; i++) {
                basicAttribute.add(strArr2[i]);
            }
            arrayList.add(basicAttribute);
            arrayList.add(new BasicAttribute(COMMON_NAME_ATTRIBUTE, identity.getFullName()));
            String str = String.valueOf(principalName) + "@" + activeDirectoryConfiguration.getDomain();
            arrayList.add(new BasicAttribute(USER_PRINCIPAL_NAME_ATTRIBUTE, str));
            if (!StringUtil.isNullOrEmpty(identity.getAddress(Media.mobile))) {
                arrayList.add(new BasicAttribute(MOBILE_PHONE_NUMBER_ATTRIBUTE, identity.getAddress(Media.mobile)));
            }
            LdapService.getInstance().bind(ldapName2, (Attribute[]) arrayList.toArray(new Attribute[CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG]));
            LdapService.getInstance().setPassword(ldapName2.toString(), cArr);
            DirectoryIdentity directoryIdentity = (DirectoryIdentity) getIdentityByName(str);
            setForcePasswordChangeAtNextLogon(directoryIdentity, false);
            enableIdentity(directoryIdentity);
            return directoryIdentity;
        } catch (NamingException e) {
            LOG.error("Problem in create identity", e);
            return identity;
        } catch (IOException e2) {
            LOG.error("Problem in create identity", e2);
            return identity;
        } catch (InvalidNameException e3) {
            LOG.error("Problem in create identity", e3);
            return identity;
        }
    }

    public void unlockIdentity(Identity identity) throws ConnectorException {
        if (!(identity instanceof DirectoryIdentity)) {
            throw new IllegalArgumentException("May only unlock LDAP identities.");
        }
        if (identity.getAccountStatus().getType().equals(AccountStatusType.expired)) {
            throw new IllegalStateException("May not unlock expired accounts.");
        }
        if (identity.getAccountStatus().getType().equals(AccountStatusType.unlocked)) {
            throw new IllegalStateException("Account already unlocked.");
        }
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new ModificationItem(2, new BasicAttribute(LOCKOUT_TIME_ATTRIBUTE, "0")));
            LdapService.getInstance().update(((DirectoryIdentity) identity).getDn(), (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]));
            identity.getAccountStatus().unlock();
        } catch (Exception e) {
            throw new ConnectorException("Lock account failure during write", e);
        }
    }

    public void lockIdentity(Identity identity) throws ConnectorException {
        if (!(identity instanceof DirectoryIdentity)) {
            throw new IllegalArgumentException("May only lock LDAP identities.");
        }
        if (identity.getAccountStatus().getType().equals(AccountStatusType.expired)) {
            throw new IllegalStateException("May not lock expired accounts.");
        }
        if (identity.getAccountStatus().getType().equals(AccountStatusType.locked)) {
            throw new IllegalStateException("Account already locked.");
        }
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new ModificationItem(2, new BasicAttribute(LOCKOUT_TIME_ATTRIBUTE, String.valueOf(ActiveDirectoryDateUtil.javaDataToADTime(new Date())))));
            LdapService.getInstance().update(((DirectoryIdentity) identity).getDn(), (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]));
            identity.getAccountStatus().lock();
        } catch (Exception e) {
            throw new ConnectorException("Lock account failure during write", e);
        }
    }

    public void disableIdentity(Identity identity) throws ConnectorException {
        try {
            if (!(identity instanceof DirectoryIdentity)) {
                throw new IllegalArgumentException("May only disable LDAP identities.");
            }
            if (identity.getAccountStatus().getType().equals(AccountStatusType.disabled)) {
                throw new IllegalStateException("Account already disabled.");
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new ModificationItem(2, new BasicAttribute(USER_ACCOUNT_CONTROL_ATTRIBUTE, String.valueOf(UserAccountControl.getUserAccountControlFlag(Integer.valueOf(((DirectoryIdentity) identity).getAttributeOrDefault(USER_ACCOUNT_CONTROL_ATTRIBUTE, "0")).intValue(), false, Collections.emptyMap())))));
            LdapService.getInstance().update(((DirectoryIdentity) identity).getDn(), (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]));
        } catch (NamingException e) {
            LOG.error("Problem in disable identity", e);
        } catch (IOException e2) {
            LOG.error("Problem in disable identity", e2);
        }
    }

    public void enableIdentity(Identity identity) throws ConnectorException {
        try {
            if (!(identity instanceof DirectoryIdentity)) {
                throw new IllegalArgumentException("May only disable LDAP identities.");
            }
            if (!identity.getAccountStatus().getType().equals(AccountStatusType.disabled)) {
                throw new IllegalStateException("Account already enabled.");
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new ModificationItem(2, new BasicAttribute(USER_ACCOUNT_CONTROL_ATTRIBUTE, String.valueOf(UserAccountControl.getUserAccountControlFlag(Integer.valueOf(((DirectoryIdentity) identity).getAttributeOrDefault(USER_ACCOUNT_CONTROL_ATTRIBUTE, "0")).intValue(), true, Collections.emptyMap())))));
            LdapService.getInstance().update(((DirectoryIdentity) identity).getDn(), (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]));
        } catch (NamingException e) {
            LOG.error("Problem in enable identity", e);
        } catch (IOException e2) {
            LOG.error("Problem in enable identity", e2);
        }
    }

    protected void setForcePasswordChangeAtNextLogon(DirectoryIdentity directoryIdentity, boolean z) {
        try {
            ArrayList arrayList = new ArrayList();
            if (z) {
                arrayList.add(new ModificationItem(2, new BasicAttribute(PWD_LAST_SET_ATTRIBUTE, String.valueOf(CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG))));
            } else {
                arrayList.add(new ModificationItem(3, new BasicAttribute(PWD_LAST_SET_ATTRIBUTE)));
                arrayList.add(new ModificationItem(1, new BasicAttribute(PWD_LAST_SET_ATTRIBUTE, String.valueOf(CHANGE_PASSWORD_AT_NEXT_LOGON_CANCEL_FLAG))));
            }
            LdapService.getInstance().update(directoryIdentity.getDn(), (ModificationItem[]) arrayList.toArray(new ModificationItem[arrayList.size()]));
        } catch (NamingException e) {
            LOG.error("Problem in force password change at next logon", e);
        } catch (IOException e2) {
            LOG.error("Problem in force password change at next logon", e2);
        }
    }

    private int getMinimumPasswordAge() {
        return getPasswordAge(MINIMUM_PASSWORD_AGE_ATTRIBUTE);
    }

    private int getMaximumPasswordAge() {
        int maxPasswordAgeDays = ((ActiveDirectoryConfiguration) getConfiguration()).getMaxPasswordAgeDays();
        return maxPasswordAgeDays < 1 ? getPasswordAge(MAXIMUM_PASSWORD_AGE_ATTRIBUTE) : maxPasswordAgeDays;
    }

    private int getPasswordHistoryLength() {
        String attributeValue = getAttributeValue(getRootDn(), PWD_HISTORY_LENGTH);
        return StringUtil.isNullOrEmpty(attributeValue) ? CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG : Integer.parseInt(attributeValue);
    }

    private int getPasswordAge(String str) {
        String attributeValue = getAttributeValue(getConfiguration().getBaseDn(), str);
        return StringUtil.isNullOrEmpty(attributeValue) ? CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG : ActiveDirectoryDateUtil.adTimeToJavaDays(Long.parseLong(attributeValue));
    }

    protected Iterator<Role> getRoles(String str) {
        try {
            return LdapService.getInstance().search(str, new LdapService.ResultMapper<Role>() { // from class: com.identity4j.connector.activedirectory.ActiveDirectoryConnector.1
                /* renamed from: apply, reason: merged with bridge method [inline-methods] */
                public Role m2apply(SearchResult searchResult) throws NamingException {
                    return ActiveDirectoryConnector.this.m1mapRole(searchResult);
                }
            });
        } catch (NamingException e) {
            LOG.error("Problem in getting roles", e);
            return ROLE_ITERATOR;
        } catch (IOException e2) {
            LOG.error("Problem in getting roles", e2);
            return ROLE_ITERATOR;
        }
    }

    protected SearchControls configureSearchControls(SearchControls searchControls) {
        SearchControls configureSearchControls = super.configureSearchControls(searchControls);
        ArrayList arrayList = new ArrayList(this.identityAttributesToRetrieve);
        arrayList.addAll(DEFAULT_USER_ATTRIBUTES);
        configureSearchControls.setReturningAttributes((String[]) arrayList.toArray(new String[CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG]));
        return configureSearchControls;
    }

    protected SearchControls configureRoleSearchControls(SearchControls searchControls) {
        SearchControls configureSearchControls = super.configureSearchControls(searchControls);
        configureSearchControls.setReturningAttributes((String[]) new ArrayList(ALL_ROLE_ATTRIBUTES).toArray(new String[CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG]));
        return configureSearchControls;
    }

    protected final void changePassword(Identity identity, char[] cArr, char[] cArr2) {
        try {
            ActiveDirectoryConfiguration activeDirectoryConfiguration = (ActiveDirectoryConfiguration) getConfiguration();
            String str = "\"" + new String(cArr2) + "\"";
            LdapService.getInstance().update(((DirectoryIdentity) identity).getDn(), new ModificationItem[]{new ModificationItem(3, new BasicAttribute(activeDirectoryConfiguration.getIdentityPasswordAttribute(), ("\"" + new String(cArr) + "\"").getBytes(UTF_16))), new ModificationItem(1, new BasicAttribute(activeDirectoryConfiguration.getIdentityPasswordAttribute(), str.getBytes(UTF_16)))});
        } catch (IOException e) {
            LOG.error("Problem in change password for identity", e);
        } catch (NamingException e2) {
            try {
                throw new ConnectorException("Failed to set password. Reason code " + processNamingException(e2) + ". Please see the logs for more detail.");
            } catch (PasswordChangeRequiredException e3) {
                LOG.warn("Could not use change password because 'Change Password At Next Login' was set. Falling back to setPassword. Depending on the version of Active Directory in use, this may bypass password history checks.");
                setPassword(identity, cArr2, false);
            }
        }
    }

    protected String processNamingException(NamingException namingException) {
        String str;
        DirectoryExceptionParser directoryExceptionParser = new DirectoryExceptionParser(namingException);
        String reason = directoryExceptionParser.getReason();
        if (reason.equals("0000052D")) {
            str = "The new password does not comply with current rules.";
            int minimumPasswordAge = getMinimumPasswordAge();
            str = minimumPasswordAge > 0 ? String.valueOf(str) + " Your password policy also has a minimum password age of " + minimumPasswordAge + " days, you will not be able to change password until your current password is older than this." : "The new password does not comply with current rules.";
            int passwordHistoryLength = getPasswordHistoryLength();
            if (passwordHistoryLength > 0) {
                str = String.valueOf(str) + " Your password policy also has password history enabled, you will not be able to use any of your " + passwordHistoryLength + " previous passwords.";
            }
            throw new PasswordPolicyViolationException(str);
        }
        if (reason.equals("00000056") || reason.equals("00000057")) {
            throw new PasswordPolicyViolationException("The new password does not comply with the rules enforced by Active Directory. It is also likely you very recently made another password change.");
        }
        if (reason.equals("00000524")) {
            throw new ConnectorException("Attempt to create account with username that already exists.");
        }
        if (reason.equals("0000001F")) {
            throw new ConnectorException("Could not perform the requested operation. Please configure the server to connect to your Active Directory securely over SSL. http://bit.ly/16wQTMi");
        }
        if (reason.equals("80090308") && "773".equals(directoryExceptionParser.getData())) {
            throw new PasswordChangeRequiredException("Cannot change password when changePasswordPasswordAtNextLogin is set, must use setPassword");
        }
        LOG.error(String.valueOf(namingException.getMessage()) + ". Reason code give was " + reason, namingException);
        return reason;
    }

    protected void checkNamingException(String str, NamingException namingException) throws ConnectorException {
        processNamingException(namingException);
        String reason = new DirectoryExceptionParser(namingException).getReason();
        LOG.error(String.valueOf(str) + ". Reason code give was " + reason, namingException);
        throw new ConnectorException("Failed to perform operation. Reason code " + reason + ". Please see the logs for more detail.");
    }

    protected void setPassword(Identity identity, char[] cArr, boolean z) throws ConnectorException {
        try {
            LdapService.getInstance().setPassword(((DirectoryIdentity) identity).getDn().toString(), ("\"" + new String(cArr) + "\"").getBytes(UTF_16));
        } catch (IOException e) {
            LOG.error("Problem in set password for identity", e);
        } catch (NamingException e2) {
            LOG.error("Problem in set password for identity", e2);
        }
    }

    protected Iterator<Identity> getIdentities(String str) {
        final ActiveDirectoryConfiguration activeDirectoryConfiguration = (ActiveDirectoryConfiguration) getConfiguration();
        final HashMap hashMap = new HashMap();
        final HashMap hashMap2 = new HashMap();
        if (activeDirectoryConfiguration.isEnableRoles()) {
            Iterator roles = getRoles();
            while (roles.hasNext()) {
                ActiveDirectoryGroup activeDirectoryGroup = (ActiveDirectoryGroup) roles.next();
                hashMap.put(activeDirectoryGroup.getDn().toString().replace("\\\\", "\\\\\\").replace("/", "\\/").toLowerCase(), activeDirectoryGroup);
                hashMap2.put(activeDirectoryGroup.getRid(), activeDirectoryGroup);
            }
        }
        final int minimumPasswordAge = getMinimumPasswordAge();
        final int maximumPasswordAge = getMaximumPasswordAge();
        final long baseLongAttribute = getBaseLongAttribute(LOCKOUT_DURATION_ATTRIBUTE);
        try {
            return LdapService.getInstance().search(str, new LdapService.ResultMapper<Identity>() { // from class: com.identity4j.connector.activedirectory.ActiveDirectoryConnector.2
                private boolean isAttributeMapped(Attribute attribute) {
                    return ActiveDirectoryConnector.DEFAULT_USER_ATTRIBUTES.contains(attribute.getID()) || ActiveDirectoryConnector.this.identityAttributesToRetrieve.contains(attribute.getID());
                }

                private String[] getElements(Attribute attribute) throws NamingException {
                    ArrayList arrayList = new ArrayList();
                    for (int i = ActiveDirectoryConnector.CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG; i < attribute.size(); i++) {
                        Object obj = attribute.get(i);
                        if (obj instanceof byte[]) {
                            arrayList.add(StringUtil.convertByteToString((byte[]) obj));
                        } else if ((obj instanceof String) || (obj instanceof Number) || (obj instanceof Boolean)) {
                            arrayList.add(obj.toString());
                        } else {
                            ActiveDirectoryConnector.LOG.warn("Unknown attribute class, assuming String.");
                            arrayList.add(obj.toString());
                        }
                    }
                    return (String[]) arrayList.toArray(new String[arrayList.size()]);
                }

                /* renamed from: apply, reason: merged with bridge method [inline-methods] */
                public Identity m3apply(SearchResult searchResult) throws NamingException {
                    Attributes attributes = searchResult.getAttributes();
                    String uuid = UUID.nameUUIDFromBytes((byte[]) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.OBJECT_GUID_ATTRIBUTE))).toString();
                    LdapName ldapName = new LdapName(searchResult.getNameInNamespace());
                    String domain = ActiveDirectoryConnector.this.getDomain(ldapName);
                    String selectUsername = ActiveDirectoryConnector.this.selectUsername(searchResult);
                    DirectoryIdentity directoryIdentity = new DirectoryIdentity(uuid, selectUsername, ldapName);
                    NamingEnumeration all = searchResult.getAttributes().getAll();
                    while (all.hasMoreElements()) {
                        Attribute attribute = (Attribute) all.nextElement();
                        if (isAttributeMapped(attribute)) {
                            directoryIdentity.setAttribute(attribute.getID(), getElements(attribute));
                        }
                    }
                    String nonNull = StringUtil.nonNull((String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.USER_PRINCIPAL_NAME_ATTRIBUTE)));
                    if (nonNull.equals(activeDirectoryConfiguration.getServiceAccountDn())) {
                        directoryIdentity.setSystem(true);
                    }
                    String otherName = ActiveDirectoryConnector.this.getOtherName(selectUsername, nonNull, domain, activeDirectoryConfiguration);
                    directoryIdentity.setAddress(Media.email, (String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.MAIL_ATTRIBUTE)));
                    directoryIdentity.setFullName((String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.COMMON_NAME_ATTRIBUTE)));
                    directoryIdentity.setOtherName(otherName);
                    String str2 = (String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.MOBILE_PHONE_NUMBER_ATTRIBUTE));
                    if (!StringUtil.isNullOrEmpty(str2)) {
                        directoryIdentity.setAddress(Media.mobile, str2);
                    }
                    String str3 = (String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.LAST_LOGON_TIMESTAMP_ATTRIBUTE));
                    if (!StringUtil.isNullOrEmpty(str3)) {
                        long parseLong = Long.parseLong(str3);
                        if (parseLong > 0) {
                            directoryIdentity.setLastSignOnDate(ActiveDirectoryDateUtil.adTimeToJavaDate(parseLong));
                        }
                    }
                    String str4 = (String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.LAST_LOGON_ATTRIBUTE));
                    if (directoryIdentity.getLastSignOnDate() == null && !StringUtil.isNullOrEmpty(str4)) {
                        long parseLong2 = Long.parseLong(str4);
                        if (parseLong2 > 0) {
                            directoryIdentity.setLastSignOnDate(ActiveDirectoryDateUtil.adTimeToJavaDate(parseLong2));
                        }
                    }
                    PasswordStatus passwordStatus = directoryIdentity.getPasswordStatus();
                    Date trimDate = ActiveDirectoryConnector.this.trimDate(ActiveDirectoryConnector.this.getDateAttribute(searchResult, ActiveDirectoryConnector.PWD_LAST_SET_ATTRIBUTE));
                    passwordStatus.setLastChange(trimDate);
                    boolean isPasswordChangeAllowed = ActiveDirectoryConnector.this.isPasswordChangeAllowed(searchResult);
                    if (isPasswordChangeAllowed) {
                        passwordStatus.setUnlocked(ActiveDirectoryConnector.this.getAgedDate(minimumPasswordAge, trimDate));
                    }
                    if (!ActiveDirectoryConnector.this.isPasswordNeverExpire(searchResult)) {
                        passwordStatus.setExpire(ActiveDirectoryConnector.this.getAgedDate(maximumPasswordAge, trimDate));
                    }
                    if (ActiveDirectoryConfiguration.buildUsername(activeDirectoryConfiguration.getBaseDn().toString(), activeDirectoryConfiguration.getDomain(), directoryIdentity.getPrincipalName()).equalsIgnoreCase(ActiveDirectoryConnector.this.getConfiguration().getServiceAccountDn())) {
                        passwordStatus.setType(PasswordStatusType.noChangeAllowed);
                    } else if (ActiveDirectoryConnector.this.isPasswordChangeRequired(searchResult)) {
                        passwordStatus.setType(PasswordStatusType.changeRequired);
                    } else {
                        passwordStatus.calculateType();
                    }
                    String str5 = (String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.USER_ACCOUNT_CONTROL_ATTRIBUTE));
                    if (passwordStatus.getType().equals(PasswordStatusType.expired) && str5.length() != 0 && UserAccountControl.isValueSet(Integer.valueOf(str5).intValue(), UserAccountControl.DONT_EXPIRE_PASSWORD_FLAG)) {
                        passwordStatus.setType(PasswordStatusType.upToDate);
                    }
                    if (!isPasswordChangeAllowed) {
                        passwordStatus.setType(PasswordStatusType.noChangeAllowed);
                    }
                    AccountStatus accountStatus = directoryIdentity.getAccountStatus();
                    accountStatus.setExpire(ActiveDirectoryConnector.this.trimDate(ActiveDirectoryConnector.this.getDateAttribute(searchResult, ActiveDirectoryConnector.ACCOUNT_EXPIRES_ATTRIBUTE)));
                    accountStatus.setLocked(ActiveDirectoryConnector.this.trimDate(ActiveDirectoryConnector.this.getDateAttribute(searchResult, ActiveDirectoryConnector.LOCKOUT_TIME_ATTRIBUTE)));
                    accountStatus.setUnlocked((Date) null);
                    if (str5.length() != 0 && UserAccountControl.isValueSet(Integer.valueOf(str5).intValue(), 2)) {
                        accountStatus.setDisabled(true);
                    }
                    accountStatus.calculateType();
                    if (accountStatus.getType().equals(AccountStatusType.locked)) {
                        accountStatus.setUnlocked(ActiveDirectoryConnector.this.trimDate(new Date(accountStatus.getLocked().getTime() - (baseLongAttribute / 1000))));
                    }
                    if (activeDirectoryConfiguration.isEnableRoles()) {
                        try {
                            ActiveDirectoryGroup activeDirectoryGroup2 = (ActiveDirectoryGroup) hashMap2.get(Long.valueOf(Long.parseLong((String) ActiveDirectoryConnector.this.getAttribute(attributes.get(ActiveDirectoryConnector.PRIMARY_GROUP_ID_ATTRIBUTE)))));
                            if (activeDirectoryGroup2 != null) {
                                directoryIdentity.addRole(activeDirectoryGroup2);
                            }
                        } catch (NumberFormatException e) {
                        }
                        try {
                            Iterator usersGroups = 1 != 0 ? ActiveDirectoryConnector.this.getUsersGroups(searchResult) : ActiveDirectoryConnector.this.getGroupsForUser(searchResult);
                            while (usersGroups.hasNext()) {
                                String replace = ((String) usersGroups.next()).replace("\\\\", "\\\\\\").replace("/", "\\/");
                                if (hashMap.containsKey(replace.toLowerCase())) {
                                    directoryIdentity.addRole((Role) hashMap.get(replace.toLowerCase()));
                                } else {
                                    try {
                                        ActiveDirectoryGroup mapRole = ActiveDirectoryConnector.this.mapRole(replace, LdapService.getInstance().lookupContext(new LdapName(replace)));
                                        if (mapRole != null) {
                                            hashMap.put(replace.toLowerCase(), mapRole);
                                            hashMap2.put(mapRole.getRid(), mapRole);
                                            directoryIdentity.addRole(mapRole);
                                        }
                                    } catch (IOException e2) {
                                        ActiveDirectoryConnector.LOG.error("Problem in getting role", e2);
                                    }
                                }
                            }
                        } catch (IOException e3) {
                            ActiveDirectoryConnector.LOG.error("Problem in getting roles", e3);
                        }
                    } else {
                        directoryIdentity.setRoles(new Role[ActiveDirectoryConnector.CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG]);
                    }
                    return directoryIdentity;
                }
            });
        } catch (IOException e) {
            LOG.error("Problem in fetching identity", e);
            return null;
        } catch (NamingException e2) {
            LOG.error("Problem in fetching identity", e2);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isPasswordChangeRequired(SearchResult searchResult) throws NamingException {
        try {
            return Long.parseLong((String) getAttribute(searchResult.getAttributes().get(PWD_LAST_SET_ATTRIBUTE))) == 0;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Date getAgedDate(int i, Date date) {
        if (i == 0) {
            return null;
        }
        Calendar calendar = Calendar.getInstance();
        if (date != null) {
            calendar.setTime(date);
        }
        calendar.add(6, i);
        return trimDate(calendar.getTime());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getOtherName(String str, String str2, String str3, ActiveDirectoryConfiguration activeDirectoryConfiguration) {
        return (str2.equals("") || (!str3.equalsIgnoreCase(activeDirectoryConfiguration.getDomain()) && str2.indexOf(64) == CHANGE_PASSWORD_AT_NEXT_LOGON_CANCEL_FLAG)) ? String.valueOf(str) + "@" + str3 : str2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getDomain(Name name) {
        Enumeration all = name.getAll();
        String str = "";
        while (all.hasMoreElements()) {
            String str2 = (String) all.nextElement();
            if (str2.toLowerCase().startsWith("dc=")) {
                str = String.valueOf(str2.substring(3)) + (str.equals("") ? "" : "." + str);
            }
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String selectUsername(SearchResult searchResult) throws NamingException {
        ActiveDirectoryConfiguration activeDirectoryConfiguration = getActiveDirectoryConfiguration();
        Attributes attributes = searchResult.getAttributes();
        String domain = getDomain(new LdapName(searchResult.getNameInNamespace()));
        boolean equalsIgnoreCase = domain.equalsIgnoreCase(activeDirectoryConfiguration.getDomain());
        String nonNull = StringUtil.nonNull((String) getAttribute(attributes.get(SAM_ACCOUNT_NAME_ATTRIBUTE)));
        String nonNull2 = StringUtil.nonNull((String) getAttribute(attributes.get(USER_PRINCIPAL_NAME_ATTRIBUTE)));
        return StringUtil.getBeforeLast(nonNull2, "@").equals(nonNull2) ? equalsIgnoreCase ? nonNull : String.valueOf(nonNull) + "@" + domain : (activeDirectoryConfiguration.isUsernameSamAccountName() && equalsIgnoreCase) ? nonNull : fixUserPrincipalName(nonNull2, domain);
    }

    private String fixUserPrincipalName(String str, String str2) {
        ActiveDirectoryConfiguration activeDirectoryConfiguration = getActiveDirectoryConfiguration();
        int lastIndexOf = str.lastIndexOf("@");
        if (lastIndexOf == CHANGE_PASSWORD_AT_NEXT_LOGON_CANCEL_FLAG && str2.equalsIgnoreCase(activeDirectoryConfiguration.getDomain())) {
            return str;
        }
        if (lastIndexOf == CHANGE_PASSWORD_AT_NEXT_LOGON_CANCEL_FLAG) {
            str = String.valueOf(str) + "@" + str2;
        }
        return StringUtil.getAfterLast(str, "@").equalsIgnoreCase(str2) ? StringUtil.getBefore(str, "@") : str;
    }

    private long getBaseLongAttribute(String str) {
        try {
            return Long.parseLong(getAttributeValue(getConfiguration().getBaseDn(), str));
        } catch (NumberFormatException e) {
            return 0L;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Date trimDate(Date date) {
        if (date == null) {
            return null;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        if (calendar.get(1) > 3999) {
            calendar.setTimeInMillis(0L);
            calendar.set(1, 3999);
        }
        return calendar.getTime();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Date getDateAttribute(SearchResult searchResult, String str) throws NamingException {
        try {
            long parseLong = Long.parseLong(StringUtil.nonNull((String) getAttribute(searchResult.getAttributes().get(str))));
            if (parseLong > 0) {
                return ActiveDirectoryDateUtil.adTimeToJavaDate(parseLong);
            }
            return null;
        } catch (NumberFormatException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isPasswordChangeAllowed(SearchResult searchResult) throws NamingException {
        String nonNull = StringUtil.nonNull((String) getAttribute(searchResult.getAttributes().get(USER_ACCOUNT_CONTROL_ATTRIBUTE)));
        if (nonNull.length() == 0) {
            return false;
        }
        try {
            return UserAccountControl.isPasswordChangePermitted(Integer.valueOf(nonNull).intValue());
        } catch (NumberFormatException e) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isPasswordNeverExpire(SearchResult searchResult) throws NamingException {
        String nonNull = StringUtil.nonNull((String) getAttribute(searchResult.getAttributes().get(USER_ACCOUNT_CONTROL_ATTRIBUTE)));
        if (nonNull.length() == 0) {
            return false;
        }
        try {
            return UserAccountControl.isPasswordNeverExpire(Integer.valueOf(nonNull).intValue());
        } catch (NumberFormatException e) {
            return true;
        }
    }

    protected String buildIdentityFilter(String str) {
        ActiveDirectoryConfiguration activeDirectoryConfiguration = getActiveDirectoryConfiguration();
        String str2 = "";
        if (!activeDirectoryConfiguration.isUsernameSamAccountName() && str.indexOf(64) == CHANGE_PASSWORD_AT_NEXT_LOGON_CANCEL_FLAG) {
            str = String.valueOf(str) + "@" + activeDirectoryConfiguration.getDomain();
            str2 = String.format("(%s=%s)", USER_PRINCIPAL_NAME_ATTRIBUTE, str);
        }
        return String.format("(&(!(%s=computer))(%s=user)(|(%s=%s)(%s=%s)%s))", "objectClass", "objectClass", SAM_ACCOUNT_NAME_ATTRIBUTE, str, USER_PRINCIPAL_NAME_ATTRIBUTE, str, str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Iterator<String> getUsersGroups(SearchResult searchResult) throws NamingException {
        Attribute attribute = searchResult.getAttributes().get(MEMBER_OF_ATTRIBUTE);
        if (attribute == null) {
            return STRING_ITERATOR;
        }
        NamingEnumeration all = attribute.getAll();
        ArrayList arrayList = new ArrayList();
        while (all.hasMore()) {
            arrayList.add((String) all.next());
        }
        return arrayList.iterator();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Iterator<String> getGroupsForUser(SearchResult searchResult) throws NamingException, IOException {
        return LdapService.getInstance().search(LdapService.getInstance().buildObjectClassFilter("group", MEMBER_ATTRIBUTE, searchResult.getNameInNamespace()), new LdapService.ResultMapper<String>() { // from class: com.identity4j.connector.activedirectory.ActiveDirectoryConnector.3
            /* renamed from: apply, reason: merged with bridge method [inline-methods] */
            public String m4apply(SearchResult searchResult2) throws NamingException {
                return searchResult2.getNameInNamespace();
            }
        });
    }

    protected void assertPasswordChangeIsAllowed(Identity identity, char[] cArr, char[] cArr2) throws ConnectorException {
        Date lastChange = identity.getPasswordStatus().getLastChange();
        if (lastChange != null) {
            Util.isDatePast(lastChange, getMinimumPasswordAge());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: mapRole, reason: merged with bridge method [inline-methods] */
    public ActiveDirectoryGroup m1mapRole(SearchResult searchResult) throws NamingException {
        return mapRole(searchResult.getNameInNamespace(), searchResult.getAttributes());
    }

    protected ActiveDirectoryGroup mapRole(String str, Attributes attributes) throws NamingException, InvalidNameException {
        String nonNull = StringUtil.nonNull((String) getAttribute(attributes.get(COMMON_NAME_ATTRIBUTE)));
        if (nonNull.length() == 0) {
            return null;
        }
        return new ActiveDirectoryGroup(new String((byte[]) getAttribute(attributes.get(OBJECT_GUID_ATTRIBUTE))), nonNull, new LdapName(str), (byte[]) getAttribute(attributes.get(OBJECT_GUID_ATTRIBUTE)));
    }

    private ActiveDirectoryConfiguration getActiveDirectoryConfiguration() {
        return (ActiveDirectoryConfiguration) getConfiguration();
    }

    protected Name getRootDn() {
        Name baseDn = getActiveDirectoryConfiguration().getBaseDn();
        for (int i = CHANGE_PASSWORD_AT_NEXT_LOGON_FLAG; i < baseDn.size(); i++) {
            if (!baseDn.get(i).toLowerCase().startsWith("dc=")) {
                return baseDn.getPrefix(i);
            }
        }
        return (Name) baseDn.clone();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Object getAttribute(Attribute attribute) throws NamingException {
        if (attribute != null) {
            return attribute.get();
        }
        return null;
    }
}
