package org.dataone.service.cn.impl.v2;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.InvalidNameException;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dataone.client.auth.CertificateManager;
import org.dataone.client.v2.itk.D1Client;
import org.dataone.cn.ldap.LDAPService;
import org.dataone.configuration.Settings;
import org.dataone.service.cn.v2.CNIdentity;
import org.dataone.service.exceptions.IdentifierNotUnique;
import org.dataone.service.exceptions.InvalidCredentials;
import org.dataone.service.exceptions.InvalidRequest;
import org.dataone.service.exceptions.InvalidToken;
import org.dataone.service.exceptions.NotAuthorized;
import org.dataone.service.exceptions.NotFound;
import org.dataone.service.exceptions.NotImplemented;
import org.dataone.service.exceptions.ServiceFailure;
import org.dataone.service.types.v1.Group;
import org.dataone.service.types.v1.NodeType;
import org.dataone.service.types.v1.Person;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.dataone.service.types.v1.util.AuthUtils;
import org.dataone.service.types.v2.Node;
import org.dataone.service.types.v2.NodeList;
import org.dataone.service.types.v2.util.ServiceMethodRestrictionUtil;

/* loaded from: input_file:org/dataone/service/cn/impl/v2/CNIdentityLDAPImpl.class */
public class CNIdentityLDAPImpl extends LDAPService implements CNIdentity {
    public static Log log = LogFactory.getLog(CNIdentityLDAPImpl.class);
    private static final Integer DEFAULT_COUNT = new Integer(100);
    private String subtree = Settings.getConfiguration().getString("identity.ldap.subtree", "dc=dataone");
    private NodeRegistryService nodeRegistryService = new NodeRegistryService();

    public CNIdentityLDAPImpl() {
        setBase(Settings.getConfiguration().getString("identity.ldap.base"));
    }

    public void setBase(String str) {
        this.base = str;
    }

    public Subject createGroup(Session session, Group group) throws ServiceFailure, InvalidToken, NotAuthorized, NotImplemented, IdentifierNotUnique, InvalidRequest {
        Subject subject = group.getSubject();
        String groupName = group.getGroupName();
        Subject subject2 = session.getSubject();
        String constructDn = constructDn(subject.getValue());
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("groupOfUniqueNames");
        basicAttribute.add("uidObject");
        String parseAttribute = parseAttribute(constructDn, "cn");
        if (parseAttribute == null) {
            parseAttribute = groupName;
        }
        BasicAttribute basicAttribute2 = new BasicAttribute("cn", parseAttribute);
        BasicAttribute basicAttribute3 = new BasicAttribute("uid", subject.getValue());
        BasicAttribute basicAttribute4 = new BasicAttribute("description", groupName);
        BasicAttribute basicAttribute5 = new BasicAttribute("owner");
        basicAttribute5.add(constructDn(subject2.getValue()));
        if (group.getRightsHolderList() != null) {
            Iterator it = group.getRightsHolderList().iterator();
            while (it.hasNext()) {
                basicAttribute5.add(constructDn(((Subject) it.next()).getValue()));
            }
        }
        BasicAttribute basicAttribute6 = new BasicAttribute("uniqueMember");
        basicAttribute6.add(constructDn(subject2.getValue()));
        if (group.getHasMemberList() != null) {
            for (Subject subject3 : group.getHasMemberList()) {
                String value = subject3.getValue();
                if (value == null || value.length() == 0) {
                    throw new InvalidRequest("2542", "Group member cannot be blank");
                }
                String constructDn2 = constructDn(value);
                try {
                    r26 = getAttributeValues(constructDn2, "uniqueMember").isEmpty() ? false : true;
                } catch (Exception e) {
                    log.warn("Could not check whether member subject is a group: " + e.getMessage());
                }
                if (r26) {
                    throw new InvalidRequest("0000", "Group member: " + subject3.getValue() + " cannot be another Group");
                }
                basicAttribute6.add(constructDn2);
            }
        }
        try {
            DirContext context = getContext();
            BasicAttributes basicAttributes = new BasicAttributes();
            basicAttributes.put(basicAttribute);
            basicAttributes.put(basicAttribute3);
            basicAttributes.put(basicAttribute2);
            basicAttributes.put(basicAttribute4);
            basicAttributes.put(basicAttribute6);
            basicAttributes.put(basicAttribute5);
            context.createSubcontext(new LdapName(constructDn), basicAttributes);
            log.debug("Created group " + constructDn + ".");
            return subject;
        } catch (NamingException e2) {
            throw new ServiceFailure("2490", "Could not create group: " + e2.getMessage());
        } catch (NameAlreadyBoundException e3) {
            String str = "Group " + constructDn + " already exists";
            log.warn(str);
            throw new IdentifierNotUnique("2400", str);
        }
    }

    public boolean updateGroup(Session session, Group group) throws ServiceFailure, InvalidToken, NotAuthorized, NotFound, NotImplemented, InvalidRequest {
        Subject subject = group.getSubject();
        SubjectInfo subjectInfo = getSubjectInfo(session, subject);
        try {
            canEditGroup(session, subject);
            removeSubject(subject);
            InvalidRequest invalidRequest = null;
            try {
                createGroup(session, group);
            } catch (InvalidRequest e) {
                invalidRequest = e;
            } catch (IdentifierNotUnique e2) {
                invalidRequest = e2;
            }
            if (invalidRequest == null) {
                return true;
            }
            try {
                createGroup(session, subjectInfo.getGroup(0));
                if (invalidRequest instanceof InvalidRequest) {
                    throw invalidRequest;
                }
                ServiceFailure serviceFailure = new ServiceFailure("2490", "Could not update group: " + invalidRequest.getMessage());
                serviceFailure.initCause(invalidRequest);
                throw serviceFailure;
            } catch (IdentifierNotUnique e3) {
                ServiceFailure serviceFailure2 = new ServiceFailure("2490", "Could not recreate original group after update failed: " + e3.getMessage());
                serviceFailure2.initCause(e3);
                throw serviceFailure2;
            }
        } catch (NamingException e4) {
            ServiceFailure serviceFailure3 = new ServiceFailure("2490", "Could not update group: " + e4.getMessage());
            serviceFailure3.initCause(e4);
            throw serviceFailure3;
        }
    }

    private boolean canEditGroup(Session session, Subject subject) throws NamingException, NotAuthorized {
        boolean z = false;
        Set authorizedClientSubjects = AuthUtils.authorizedClientSubjects(session);
        List<String> attributeValues = getAttributeValues(constructDn(subject.getValue()), "owner");
        Iterator it = authorizedClientSubjects.iterator();
        loop0: while (true) {
            if (!it.hasNext()) {
                break;
            }
            String value = ((Subject) it.next()).getValue();
            try {
                value = CertificateManager.getInstance().standardizeDN(value);
            } catch (IllegalArgumentException e) {
            }
            for (String str : attributeValues) {
                List attributeValues2 = getAttributeValues(str, "uid");
                if (attributeValues2 != null && attributeValues2.size() > 0) {
                    str = attributeValues2.get(0).toString();
                }
                try {
                    str = CertificateManager.getInstance().standardizeDN(str);
                } catch (IllegalArgumentException e2) {
                }
                if (value.equals(str)) {
                    z = true;
                    break loop0;
                }
            }
        }
        if (z) {
            return z;
        }
        throw new NotAuthorized("2560", "Subject not in owner list for group");
    }

    private boolean canEditPerson(Session session, Subject subject) throws NotAuthorized {
        boolean z = false;
        Iterator it = AuthUtils.authorizedClientSubjects(session).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String value = ((Subject) it.next()).getValue();
            try {
                value = CertificateManager.getInstance().standardizeDN(value);
            } catch (IllegalArgumentException e) {
            }
            String value2 = subject.getValue();
            try {
                value2 = CertificateManager.getInstance().standardizeDN(value2);
            } catch (IllegalArgumentException e2) {
            }
            if (value.equals(value2)) {
                z = true;
                break;
            }
        }
        if (z) {
            return z;
        }
        throw new NotAuthorized("4534", "Subject not allowed to edit subject");
    }

    public boolean mapIdentity(Session session, Subject subject, Subject subject2) throws ServiceFailure, InvalidToken, NotAuthorized, NotFound, NotImplemented, InvalidRequest {
        List nodeList;
        int i = 0;
        try {
            nodeList = this.nodeRegistryService.listNodes().getNodeList();
        } catch (Exception e) {
            log.warn("Using D1Client to look up nodeList from CN");
            nodeList = D1Client.getCN().listNodes().getNodeList();
        }
        Subject subject3 = session.getSubject();
        if (!ServiceMethodRestrictionUtil.isMethodAllowed(subject3, nodeList, "CNIdentity", "mapIdentity")) {
            String str = null;
            if (subject3 != null) {
                str = subject3.getValue();
            }
            throw new NotAuthorized("2360", str + " is not allowed to map identities");
        }
        String constructDn = constructDn(subject.getValue());
        String constructDn2 = constructDn(subject2.getValue());
        try {
            String ldapName = new LdapName(constructDn).toString();
            String ldapName2 = new LdapName(constructDn2).toString();
            if (checkAttribute(ldapName, "equivalentIdentity", subject2.getValue())) {
                throw new InvalidRequest("", "Account mapping already exists");
            }
            try {
                DirContext context = getContext();
                String value = subject.getValue();
                String value2 = subject2.getValue();
                try {
                    context.modifyAttributes(new LdapName(ldapName), new ModificationItem[]{new ModificationItem(1, new BasicAttribute("equivalentIdentity", value2))});
                    log.debug("Successfully set equivalentIdentity on: " + value + " for " + value2);
                } catch (Exception e2) {
                    log.warn("Could not set equivalentIdentity on: " + value + " for " + value2, e2);
                    i = 0 + 1;
                }
                try {
                    context.modifyAttributes(new LdapName(ldapName2), new ModificationItem[]{new ModificationItem(1, new BasicAttribute("equivalentIdentity", value))});
                    log.debug("Successfully set equivalentIdentity on: " + value2 + " for " + value);
                } catch (Exception e3) {
                    log.warn("Could not set equivalentIdentity on: " + value2 + " for " + value, e3);
                    i++;
                }
                if (i > 1) {
                    throw new ServiceFailure("2390", "Could not map identity, neither account could be edited.");
                }
                return true;
            } catch (Exception e4) {
                throw new ServiceFailure("2390", "Could not map identity: " + e4.getMessage());
            }
        } catch (InvalidNameException e5) {
            throw new ServiceFailure("2390", "Could not properly escape DN: " + e5.getMessage());
        }
    }

    public boolean requestMapIdentity(Session session, Subject subject) throws ServiceFailure, InvalidToken, NotAuthorized, NotFound, NotImplemented, InvalidRequest {
        boolean z;
        try {
            Subject subject2 = session.getSubject();
            String constructDn = constructDn(subject2.getValue());
            String constructDn2 = constructDn(subject.getValue());
            DirContext context = getContext();
            try {
                z = checkAttribute(constructDn, "cn", "*");
            } catch (Exception e) {
                z = false;
            }
            if (z && checkAttribute(constructDn, "equivalentIdentityRequest", subject.getValue())) {
                throw new InvalidRequest("", "Request already issued for: " + subject2.getValue() + " = " + subject.getValue());
            }
            if (checkAttribute(constructDn2, "equivalentIdentityRequest", subject2.getValue())) {
                throw new InvalidRequest("", "Request already issued for: " + subject.getValue() + " = " + subject2.getValue());
            }
            context.modifyAttributes(new LdapName(constructDn2), new ModificationItem[]{new ModificationItem(1, new BasicAttribute("equivalentIdentityRequest", subject2.getValue()))});
            log.debug("Successfully set equivalentIdentityRequest on: " + subject.getValue() + " for " + subject2.getValue());
            return true;
        } catch (Exception e2) {
            throw new ServiceFailure("2390", "Could not request map identity: " + e2.getMessage());
        }
    }

    public boolean confirmMapIdentity(Session session, Subject subject) throws ServiceFailure, InvalidToken, NotAuthorized, NotFound, NotImplemented {
        boolean z;
        try {
            Subject subject2 = session.getSubject();
            DirContext context = getContext();
            String constructDn = constructDn(subject2.getValue());
            String constructDn2 = constructDn(subject.getValue());
            if (!checkAttribute(constructDn, "equivalentIdentityRequest", subject.getValue())) {
                throw new InvalidRequest("", "There is no identity mapping request to confim on: " + subject.getValue() + " for " + subject2.getValue());
            }
            context.modifyAttributes(new LdapName(constructDn), new ModificationItem[]{new ModificationItem(1, new BasicAttribute("equivalentIdentity", subject.getValue())), new ModificationItem(3, new BasicAttribute("equivalentIdentityRequest", subject.getValue()))});
            log.debug("Successfully set equivalentIdentity: " + subject2.getValue() + " = " + subject.getValue());
            try {
                z = checkAttribute(constructDn2, "cn", "*");
            } catch (Exception e) {
                z = false;
            }
            if (z) {
                context.modifyAttributes(new LdapName(constructDn2), new ModificationItem[]{new ModificationItem(1, new BasicAttribute("equivalentIdentity", subject2.getValue()))});
                log.debug("Successfully set reciprocal equivalentIdentity: " + subject.getValue() + " = " + subject2.getValue());
            }
            return true;
        } catch (Exception e2) {
            throw new ServiceFailure("2390", "Could not confirm identity mapping: " + e2.getMessage());
        }
    }

    public Subject updateAccount(Session session, Person person) throws ServiceFailure, InvalidCredentials, NotImplemented, InvalidRequest, NotAuthorized {
        Subject subject = person.getSubject();
        canEditPerson(session, subject);
        try {
            String value = subject.getValue();
            String constructDn = constructDn(value);
            String parseAttribute = parseAttribute(constructDn, "cn");
            if (parseAttribute == null) {
                String str = "";
                if (person.getGivenNameList() != null && !person.getGivenNameList().isEmpty()) {
                    str = str + person.getGivenName(0) + " ";
                }
                parseAttribute = str + person.getFamilyName();
            }
            BasicAttribute basicAttribute = new BasicAttribute("uid", value);
            BasicAttribute basicAttribute2 = new BasicAttribute("cn", parseAttribute);
            BasicAttribute basicAttribute3 = new BasicAttribute("sn", person.getFamilyName());
            BasicAttribute basicAttribute4 = new BasicAttribute("givenName");
            Iterator it = person.getGivenNameList().iterator();
            while (it.hasNext()) {
                basicAttribute4.add((String) it.next());
            }
            BasicAttribute basicAttribute5 = new BasicAttribute("mail");
            Iterator it2 = person.getEmailList().iterator();
            while (it2.hasNext()) {
                basicAttribute5.add((String) it2.next());
            }
            getContext().modifyAttributes(new LdapName(constructDn), new ModificationItem[]{new ModificationItem(2, basicAttribute), new ModificationItem(2, basicAttribute2), new ModificationItem(2, basicAttribute3), new ModificationItem(2, basicAttribute4), new ModificationItem(2, basicAttribute5), new ModificationItem(2, new BasicAttribute("isVerified", Boolean.FALSE.toString().toUpperCase()))});
            log.debug("Updated entry: " + subject.getValue());
            return subject;
        } catch (Exception e) {
            throw new ServiceFailure("4530", "Could not update account: " + e.getMessage());
        }
    }

    public boolean verifyAccount(Session session, Subject subject) throws ServiceFailure, NotAuthorized, NotImplemented, InvalidToken, InvalidRequest {
        List nodeList;
        try {
            nodeList = this.nodeRegistryService.listNodes().getNodeList();
        } catch (Exception e) {
            log.warn("Using D1Client to look up nodeList from CN");
            nodeList = D1Client.getCN().listNodes().getNodeList();
        }
        boolean z = false;
        Subject subject2 = null;
        if (session != null) {
            subject2 = session.getSubject();
            z = ServiceMethodRestrictionUtil.isMethodAllowed(subject2, nodeList, "CNIdentity", "verifyAccount");
        }
        if (!z) {
            String str = null;
            if (subject2 != null) {
                str = subject2.getValue();
            }
            throw new NotAuthorized("4541", str + " is not allowed to verify identities");
        }
        try {
            getContext().modifyAttributes(new LdapName(constructDn(subject.getValue())), new ModificationItem[]{new ModificationItem(2, new BasicAttribute("isVerified", Boolean.TRUE.toString().toUpperCase()))});
            log.debug("Verified subject: " + subject.getValue());
            return true;
        } catch (NamingException e2) {
            throw new ServiceFailure("4540", "Could not verify account: " + e2.getMessage());
        }
    }

    public String constructDn(String str) {
        String str2 = str;
        try {
            new LdapName(str);
        } catch (InvalidNameException e) {
            log.warn("Subject not a valid DN: " + str);
            str2 = "uid=" + str + "," + this.subtree + "," + getBase();
            log.info("Created DN from subject: " + str2);
        }
        return str2;
    }

    public Subject registerAccount(Session session, Person person) throws ServiceFailure, IdentifierNotUnique, InvalidCredentials, NotImplemented, InvalidRequest {
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("top");
        basicAttribute.add("person");
        basicAttribute.add("organizationalPerson");
        basicAttribute.add("inetOrgPerson");
        basicAttribute.add("d1Principal");
        Subject subject = person.getSubject();
        String value = subject.getValue();
        String constructDn = constructDn(value);
        try {
            constructTree(constructDn);
            String parseAttribute = parseAttribute(constructDn, "cn");
            if (parseAttribute == null) {
                String str = "";
                if (person.getGivenNameList() != null && !person.getGivenNameList().isEmpty()) {
                    str = str + person.getGivenName(0) + " ";
                }
                parseAttribute = str + person.getFamilyName();
            }
            BasicAttribute basicAttribute2 = new BasicAttribute("uid", value);
            BasicAttribute basicAttribute3 = new BasicAttribute("cn", parseAttribute);
            BasicAttribute basicAttribute4 = new BasicAttribute("sn", person.getFamilyName());
            BasicAttribute basicAttribute5 = new BasicAttribute("givenName");
            Iterator it = person.getGivenNameList().iterator();
            while (it.hasNext()) {
                basicAttribute5.add((String) it.next());
            }
            BasicAttribute basicAttribute6 = new BasicAttribute("mail");
            if (person.getEmailList() != null) {
                Iterator it2 = person.getEmailList().iterator();
                while (it2.hasNext()) {
                    basicAttribute6.add((String) it2.next());
                }
            }
            BasicAttribute basicAttribute7 = new BasicAttribute("isVerified", Boolean.FALSE.toString().toUpperCase());
            try {
                DirContext context = getContext();
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(basicAttribute);
                if (basicAttribute2.getAll().hasMore()) {
                    basicAttributes.put(basicAttribute2);
                }
                if (basicAttribute3.getAll().hasMore()) {
                    basicAttributes.put(basicAttribute3);
                }
                if (basicAttribute4.getAll().hasMore()) {
                    basicAttributes.put(basicAttribute4);
                }
                if (basicAttribute5.getAll().hasMore()) {
                    basicAttributes.put(basicAttribute5);
                }
                if (basicAttribute6.getAll().hasMore()) {
                    basicAttributes.put(basicAttribute6);
                }
                basicAttributes.put(basicAttribute7);
                context.createSubcontext(new LdapName(constructDn), basicAttributes);
                log.debug("Added entry " + constructDn);
                return subject;
            } catch (NamingException e) {
                throw new ServiceFailure("4520", "Could not register account: " + e.getMessage());
            } catch (NameAlreadyBoundException e2) {
                String str2 = "Entry " + constructDn + " already exists";
                log.warn(str2, e2);
                throw new IdentifierNotUnique("4521", str2);
            }
        } catch (NamingException e3) {
            e3.printStackTrace();
            throw new ServiceFailure("4520", "Could not construct partial tree: " + e3.getMessage());
        }
    }

    public SubjectInfo getSubjectInfo(Session session, Subject subject) throws ServiceFailure, NotAuthorized, NotImplemented, NotFound {
        ArrayList arrayList = new ArrayList();
        arrayList.add(subject.getValue());
        return getSubjectInfo(session, subject, true, arrayList);
    }

    private SubjectInfo getSubjectInfo(Session session, Subject subject, boolean z, List<String> list) throws ServiceFailure, NotAuthorized, NotImplemented, NotFound {
        boolean shouldRedact = shouldRedact(session);
        if (shouldRedact) {
            if (session != null) {
                log.debug("subjectInfo requested for: '" + subject.getValue() + "'");
                log.debug("checking if redaction holds for the calling user: '" + session.getSubject().getValue() + "'");
            } else {
                log.debug("session is null, we will redact email");
            }
            if (session != null && session.getSubject().equals(subject)) {
                log.debug("subject MATCH. lifting redaction for the calling user: '" + session.getSubject().getValue() + "'");
                shouldRedact = false;
            }
        }
        new SubjectInfo();
        String constructDn = constructDn(subject.getValue());
        try {
            SubjectInfo processAttributes = processAttributes(constructDn, getContext().getAttributes(new LdapName(constructDn)), z, false, shouldRedact, list);
            log.debug("Retrieved SubjectList for: " + constructDn);
            return processAttributes;
        } catch (Exception e) {
            String str = "Problem looking up entry: " + constructDn + " : " + e.getMessage();
            log.error(str, e);
            throw new ServiceFailure("4561", str);
        } catch (NameNotFoundException e2) {
            log.warn("Could not find: " + constructDn + " : in Ldap: " + e2.getMessage());
            throw new NotFound("4564", e2.getMessage());
        }
    }

    protected List<Group> lookupGroups(String str) throws ServiceFailure {
        SubjectInfo subjectInfo = new SubjectInfo();
        try {
            DirContext context = getContext();
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = context.search(this.base, "(&(objectClass=groupOfUniqueNames)(uniqueMember=" + str + "))", searchControls);
            ArrayList arrayList = new ArrayList();
            while (search != null) {
                if (!search.hasMore()) {
                    break;
                }
                SearchResult searchResult = (SearchResult) search.next();
                String nameInNamespace = searchResult.getNameInNamespace();
                log.debug("Search result found for: " + nameInNamespace);
                Attributes attributes = searchResult.getAttributes();
                arrayList.add(nameInNamespace);
                SubjectInfo processAttributes = processAttributes(nameInNamespace, attributes, false, false, false, arrayList);
                if (processAttributes != null) {
                    Iterator it = processAttributes.getGroupList().iterator();
                    while (it.hasNext()) {
                        subjectInfo.addGroup((Group) it.next());
                    }
                }
            }
            return subjectInfo.getGroupList();
        } catch (Exception e) {
            String str2 = "Problem looking up group membership at base: " + this.base + " : " + e.getMessage();
            log.error(str2, e);
            throw new ServiceFailure("2290", str2);
        }
    }

    public SubjectInfo listSubjects(Session session, String str, String str2, Integer num, Integer num2) throws ServiceFailure, InvalidToken, NotAuthorized, NotImplemented {
        boolean shouldRedact = shouldRedact(session);
        if (num == null || num.intValue() < 0) {
            num = 0;
        }
        log.info("The start index is " + num.intValue());
        if (num2 == null || num2.intValue() <= 0) {
            log.info("The count is null or equal or less than 0===================");
            num2 = DEFAULT_COUNT;
            log.info("the count value is ===============" + num2.intValue());
        } else {
            log.info("The count is not null or a positive number===================");
            log.info("the count value is ===============" + num2.intValue());
        }
        SubjectInfo subjectInfo = new SubjectInfo();
        try {
            DirContext context = getContext();
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            String str3 = "(|(objectClass=d1Principal)(objectClass=groupOfUniqueNames))";
            if (str != null && str.length() > 0) {
                str3 = "(&" + ("(|(dn=*" + str + "*)(cn=*" + str + "*)(sn=*" + str + "*)(uid=*" + str + "*)(givenName=*" + str + "*)(mail=*" + str + "*))") + str3 + ")";
            }
            if (str2 != null) {
                str3 = "(&" + ("(isVerified=" + new Boolean(str2.equalsIgnoreCase("verified")).toString().toUpperCase() + ")") + str3 + ")";
            }
            NamingEnumeration search = context.search(this.base, str3, searchControls);
            int i = 0;
            while (search != null) {
                if (!search.hasMore()) {
                    break;
                }
                SearchResult searchResult = (SearchResult) search.next();
                String nameInNamespace = searchResult.getNameInNamespace();
                log.debug("Search result found for: " + nameInNamespace);
                Attributes attributes = searchResult.getAttributes();
                ArrayList arrayList = new ArrayList();
                arrayList.add(nameInNamespace);
                SubjectInfo processAttributes = processAttributes(nameInNamespace, attributes, false, false, shouldRedact, arrayList);
                if (processAttributes != null) {
                    for (Group group : processAttributes.getGroupList()) {
                        if (!contains((List<Group>) subjectInfo.getGroupList(), group)) {
                            if (i >= num.intValue() && i < num2.intValue() + num.intValue()) {
                                subjectInfo.addGroup(group);
                            }
                            i++;
                        }
                    }
                    for (Person person : processAttributes.getPersonList()) {
                        if (!contains((List<Person>) subjectInfo.getPersonList(), person)) {
                            if (i >= num.intValue() && i < num2.intValue() + num.intValue()) {
                                subjectInfo.addPerson(person);
                            }
                            i++;
                        }
                    }
                }
            }
            return subjectInfo;
        } catch (Exception e) {
            String str4 = "Problem listing entries at base: " + this.base + " : " + e.getMessage();
            log.error(str4, e);
            throw new ServiceFailure("2290", str4);
        }
    }

    private SubjectInfo processAttributes(String str, Attributes attributes, boolean z, boolean z2, boolean z3, List<String> list) throws Exception {
        SubjectInfo subjectInfo = new SubjectInfo();
        try {
            str = CertificateManager.getInstance().standardizeDN(str);
        } catch (IllegalArgumentException e) {
        }
        if (!list.contains(str)) {
            list.add(str);
        }
        if (attributes != null) {
            NamingEnumeration all = attributes.get("objectClass").getAll();
            boolean z4 = true;
            while (true) {
                if (!all.hasMore()) {
                    break;
                }
                if (((String) all.next()).equalsIgnoreCase("d1Principal")) {
                    z4 = false;
                    break;
                }
            }
            NamingEnumeration all2 = attributes.getAll();
            if (z4) {
                Group group = new Group();
                Subject subject = new Subject();
                subject.setValue(str);
                group.setSubject(subject);
                while (all2.hasMore()) {
                    Attribute attribute = (Attribute) all2.next();
                    String id = attribute.getID();
                    String str2 = null;
                    if (id.equalsIgnoreCase("uid")) {
                        str2 = (String) attribute.get();
                        group.getSubject().setValue(str2);
                        log.debug("Found attribute: " + id + "=" + str2);
                    }
                    if (id.equalsIgnoreCase("cn")) {
                        log.debug("Found attribute: " + id + "=" + str2);
                        String str3 = (String) attribute.get();
                        if (group.getGroupName() == null) {
                            group.setGroupName(str3);
                        }
                    }
                    if (id.equalsIgnoreCase("description")) {
                        String str4 = (String) attribute.get();
                        group.setGroupName(str4);
                        log.debug("Found attribute: " + id + "=" + str4);
                    }
                    if (id.equalsIgnoreCase("owner")) {
                        NamingEnumeration all3 = attribute.getAll();
                        while (all3.hasMore()) {
                            String str5 = (String) all3.next();
                            log.debug("Found attribute: " + id + "=" + str5);
                            List attributeValues = getAttributeValues(str5, "uid");
                            String standardizeDN = (attributeValues == null || attributeValues.size() <= 0) ? CertificateManager.getInstance().standardizeDN(str5) : attributeValues.get(0).toString();
                            Subject subject2 = new Subject();
                            subject2.setValue(standardizeDN);
                            group.addRightsHolder(subject2);
                        }
                    }
                    if (id.equalsIgnoreCase("uniqueMember")) {
                        NamingEnumeration all4 = attribute.getAll();
                        while (all4.hasMore()) {
                            String str6 = (String) all4.next();
                            List attributeValues2 = getAttributeValues(str6, "uid");
                            String standardizeDN2 = (attributeValues2 == null || attributeValues2.size() <= 0) ? CertificateManager.getInstance().standardizeDN(str6) : attributeValues2.get(0).toString();
                            Subject subject3 = new Subject();
                            subject3.setValue(standardizeDN2);
                            group.addHasMember(subject3);
                            if (z) {
                                SubjectInfo subjectInfo2 = getSubjectInfo(null, subject3, false, list);
                                if (subjectInfo2.getPersonList() != null) {
                                    for (Person person : subjectInfo2.getPersonList()) {
                                        if (!contains((List<Person>) subjectInfo.getPersonList(), person)) {
                                            subjectInfo.addPerson(person);
                                        }
                                    }
                                }
                                if (subjectInfo2.getGroupList() != null) {
                                    for (Group group2 : subjectInfo2.getGroupList()) {
                                        if (!contains((List<Group>) subjectInfo.getGroupList(), group2)) {
                                            subjectInfo.addGroup(group2);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
                if (!contains((List<Group>) subjectInfo.getGroupList(), group)) {
                    subjectInfo.getGroupList().add(0, group);
                }
            } else {
                Person person2 = new Person();
                Subject subject4 = new Subject();
                subject4.setValue(str);
                person2.setSubject(subject4);
                while (all2.hasMore()) {
                    Attribute attribute2 = (Attribute) all2.next();
                    String id2 = attribute2.getID();
                    if (id2.equalsIgnoreCase("uid")) {
                        String str7 = (String) attribute2.get();
                        log.debug("Found attribute: " + id2 + "=" + str7);
                        person2.getSubject().setValue(str7);
                    }
                    if (id2.equalsIgnoreCase("cn")) {
                        log.debug("Found attribute: " + id2 + "=" + ((String) attribute2.get()));
                    }
                    if (id2.equalsIgnoreCase("sn")) {
                        String str8 = (String) attribute2.get();
                        person2.setFamilyName(str8);
                        log.debug("Found attribute: " + id2 + "=" + str8);
                    }
                    if (id2.equalsIgnoreCase("mail") && !z3) {
                        NamingEnumeration all5 = attribute2.getAll();
                        while (all5.hasMore()) {
                            String str9 = (String) all5.next();
                            person2.addEmail(str9);
                            log.debug("Found attribute: " + id2 + "=" + str9);
                        }
                    }
                    if (id2.equalsIgnoreCase("givenName")) {
                        NamingEnumeration all6 = attribute2.getAll();
                        while (all6.hasMore()) {
                            String str10 = (String) all6.next();
                            person2.addGivenName(str10);
                            log.debug("Found attribute: " + id2 + "=" + str10);
                        }
                    }
                    if (id2.equalsIgnoreCase("isVerified")) {
                        String str11 = (String) attribute2.get();
                        person2.setVerified(Boolean.valueOf(Boolean.parseBoolean(str11)));
                        log.debug("Found attribute: " + id2 + "=" + str11);
                    }
                    if (z2) {
                        if (id2.equalsIgnoreCase("equivalentIdentityRequest")) {
                            NamingEnumeration all7 = attribute2.getAll();
                            while (all7.hasMore()) {
                                String str12 = (String) all7.next();
                                Subject subject5 = new Subject();
                                subject5.setValue(str12);
                                log.debug("Found attribute: " + id2 + "=" + str12);
                                if (z && (list == null || !list.contains(subject5.getValue()))) {
                                    try {
                                        SubjectInfo subjectInfo3 = getSubjectInfo(null, subject5, false, list);
                                        if (subjectInfo3.getPersonList() != null) {
                                            for (Person person3 : subjectInfo3.getPersonList()) {
                                                if (!contains((List<Person>) subjectInfo.getPersonList(), person3)) {
                                                    subjectInfo.addPerson(person3);
                                                }
                                            }
                                        }
                                        if (subjectInfo3.getGroupList() != null) {
                                            for (Group group3 : subjectInfo3.getGroupList()) {
                                                if (!contains((List<Group>) subjectInfo.getGroupList(), group3)) {
                                                    subjectInfo.addGroup(group3);
                                                }
                                            }
                                        }
                                    } catch (NotFound e2) {
                                        log.warn("No account found for equivalentIdentityRequest entry: " + subject5.getValue(), e2);
                                        Person person4 = new Person();
                                        person4.setSubject(subject5);
                                        person4.addEmail("NA");
                                        person4.addGivenName("NA");
                                        person4.setFamilyName("NA");
                                        if (!contains((List<Person>) subjectInfo.getPersonList(), person4)) {
                                            subjectInfo.addPerson(person4);
                                        }
                                    }
                                }
                            }
                        }
                    } else if (id2.equalsIgnoreCase("equivalentIdentity")) {
                        NamingEnumeration all8 = attribute2.getAll();
                        while (all8.hasMore()) {
                            String str13 = (String) all8.next();
                            log.debug("Found attribute: " + id2 + "=" + str13);
                            Subject subject6 = new Subject();
                            subject6.setValue(str13);
                            person2.addEquivalentIdentity(subject6);
                            if (z && (list == null || !list.contains(subject6.getValue()))) {
                                try {
                                    SubjectInfo subjectInfo4 = getSubjectInfo(null, subject6, true, list);
                                    if (subjectInfo4.getPersonList() != null) {
                                        for (Person person5 : subjectInfo4.getPersonList()) {
                                            if (!contains((List<Person>) subjectInfo.getPersonList(), person5)) {
                                                subjectInfo.addPerson(person5);
                                            }
                                        }
                                    }
                                    if (subjectInfo4.getGroupList() != null) {
                                        for (Group group4 : subjectInfo4.getGroupList()) {
                                            if (!contains((List<Group>) subjectInfo.getGroupList(), group4)) {
                                                subjectInfo.addGroup(group4);
                                            }
                                        }
                                    }
                                } catch (NotFound e3) {
                                    log.warn("No account found for equivalentIdentity entry: " + subject6.getValue(), e3);
                                    Person person6 = new Person();
                                    person6.setSubject(subject6);
                                    person6.addEmail("NA");
                                    person6.addGivenName("NA");
                                    person6.setFamilyName("NA");
                                    if (!contains((List<Person>) subjectInfo.getPersonList(), person6)) {
                                        subjectInfo.addPerson(person6);
                                    }
                                }
                            }
                        }
                    }
                }
                for (Group group5 : lookupGroups(str)) {
                    person2.addIsMemberOf(group5.getSubject());
                    if (!contains((List<Group>) subjectInfo.getGroupList(), group5)) {
                        subjectInfo.getGroupList().add(group5);
                    }
                }
                if (!contains((List<Person>) subjectInfo.getPersonList(), person2)) {
                    subjectInfo.getPersonList().add(0, person2);
                }
            }
        }
        return subjectInfo;
    }

    public boolean removeSubject(Subject subject) {
        return super.removeEntry(constructDn(subject.getValue()));
    }

    public boolean denyMapIdentity(Session session, Subject subject) throws ServiceFailure, InvalidToken, NotAuthorized, NotFound, NotImplemented {
        try {
            Subject subject2 = session.getSubject();
            DirContext context = getContext();
            String constructDn = constructDn(subject2.getValue());
            if (!checkAttribute(constructDn, "equivalentIdentityRequest", subject.getValue())) {
                throw new InvalidRequest("", "Identity mapping request has not been issued for: " + subject2.getValue() + " = " + subject.getValue());
            }
            context.modifyAttributes(new LdapName(constructDn), new ModificationItem[]{new ModificationItem(3, new BasicAttribute("equivalentIdentityRequest", subject.getValue()))});
            log.debug("Successfully removed equivalentIdentityRequest on: " + subject2.getValue() + " for " + subject.getValue());
            return true;
        } catch (Exception e) {
            throw new ServiceFailure("2390", "Could not deny the identity mapping: " + e.getMessage());
        }
    }

    public SubjectInfo getPendingMapIdentity(Session session, Subject subject) throws ServiceFailure, InvalidToken, NotAuthorized, NotFound, NotImplemented {
        boolean shouldRedact = shouldRedact(session);
        if (shouldRedact) {
            if (session != null) {
                log.debug("subjectInfo requested for: '" + subject.getValue() + "'");
                log.debug("checking if redaction holds for the calling user: '" + session.getSubject().getValue() + "'");
            } else {
                log.debug("session is null, we will redact email");
            }
            if (session != null && session.getSubject().equals(subject)) {
                log.debug("subject MATCH. lifting redaction for the calling user: '" + session.getSubject().getValue() + "'");
                shouldRedact = false;
            }
        }
        new SubjectInfo();
        String constructDn = constructDn(subject.getValue());
        try {
            Attributes attributes = getContext().getAttributes(new LdapName(constructDn));
            ArrayList arrayList = new ArrayList();
            arrayList.add(constructDn);
            SubjectInfo processAttributes = processAttributes(constructDn, attributes, true, true, shouldRedact, arrayList);
            log.debug("Retrieved SubjectList for: " + constructDn);
            return processAttributes;
        } catch (Exception e) {
            String str = "Problem looking up entry: " + constructDn + " : " + e.getMessage();
            log.error(str, e);
            throw new ServiceFailure("4561", str);
        }
    }

    public boolean removeMapIdentity(Session session, Subject subject) throws ServiceFailure, InvalidToken, NotAuthorized, NotFound, NotImplemented {
        try {
            Subject subject2 = session.getSubject();
            String constructDn = constructDn(subject2.getValue());
            String constructDn2 = constructDn(subject.getValue());
            DirContext context = getContext();
            boolean checkAttribute = checkAttribute(constructDn, "equivalentIdentity", subject.getValue());
            boolean checkAttribute2 = checkAttribute(constructDn2, "equivalentIdentity", subject2.getValue());
            if (!checkAttribute && !checkAttribute2) {
                throw new InvalidRequest("", "There is no identity mapping between: " + subject2.getValue() + " and " + subject.getValue());
            }
            if (checkAttribute) {
                context.modifyAttributes(new LdapName(constructDn), new ModificationItem[]{new ModificationItem(3, new BasicAttribute("equivalentIdentity", subject.getValue()))});
                log.debug("Successfully removed equivalentIdentity: " + subject2.getValue() + " = " + subject.getValue());
            }
            if (checkAttribute2) {
                context.modifyAttributes(new LdapName(constructDn2), new ModificationItem[]{new ModificationItem(3, new BasicAttribute("equivalentIdentity", subject2.getValue()))});
                log.debug("Successfully removed reciprocal equivalentIdentity: " + subject.getValue() + " = " + subject2.getValue());
            }
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            throw new ServiceFailure("2390", "Could not remove identity mapping: " + e.getMessage());
        }
    }

    private boolean shouldRedact(Session session) throws NotImplemented, ServiceFailure {
        NodeList listNodes;
        if (session == null) {
            return true;
        }
        try {
            listNodes = this.nodeRegistryService.listNodes();
        } catch (Exception e) {
            log.warn("Using D1Client to look up nodeList from CN");
            listNodes = D1Client.getCN().listNodes();
        }
        for (Node node : listNodes.getNodeList()) {
            if (node.getType().equals(NodeType.CN)) {
                Iterator it = node.getSubjectList().iterator();
                while (it.hasNext()) {
                    if (((Subject) it.next()).getValue().equals(session.getSubject().getValue())) {
                        return false;
                    }
                }
            }
        }
        return true;
    }

    private static boolean contains(List<Person> list, Person person) {
        Iterator<Person> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getSubject().equals(person.getSubject())) {
                return true;
            }
        }
        return false;
    }

    private static boolean contains(List<Group> list, Group group) {
        Iterator<Group> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getSubject().equals(group.getSubject())) {
                return true;
            }
        }
        return false;
    }

    public static void main(String[] strArr) {
        try {
            Subject subject = new Subject();
            subject.setValue("cn=testGroup2,dc=cilogon,dc=org");
            CNIdentityLDAPImpl cNIdentityLDAPImpl = new CNIdentityLDAPImpl();
            cNIdentityLDAPImpl.setServer("ldap://bespin.nceas.ucsb.edu:389");
            cNIdentityLDAPImpl.removeSubject(subject);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
