package org.apache.directory.fortress.core.impl;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.fortress.core.GlobalErrIds;
import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.ldap.LdapDataProvider;
import org.apache.directory.fortress.core.model.Permission;
import org.apache.directory.fortress.core.model.Session;
import org.apache.directory.fortress.core.model.User;
import org.apache.directory.fortress.core.model.UserRole;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.openldap.accelerator.api.addRole.RbacAddRoleRequestImpl;
import org.openldap.accelerator.api.addRole.RbacAddRoleResponse;
import org.openldap.accelerator.api.checkAccess.RbacCheckAccessRequestImpl;
import org.openldap.accelerator.api.checkAccess.RbacCheckAccessResponse;
import org.openldap.accelerator.api.createSession.RbacCreateSessionRequestImpl;
import org.openldap.accelerator.api.createSession.RbacCreateSessionResponse;
import org.openldap.accelerator.api.deleteSession.RbacDeleteSessionRequestImpl;
import org.openldap.accelerator.api.deleteSession.RbacDeleteSessionResponse;
import org.openldap.accelerator.api.dropRole.RbacDropRoleRequestImpl;
import org.openldap.accelerator.api.dropRole.RbacDropRoleResponse;
import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequestImpl;
import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/fortress-core-2.0.5.jar:org/apache/directory/fortress/core/impl/AcceleratorDAO.class */
final class AcceleratorDAO extends LdapDataProvider {
    private static final Logger LOG = LoggerFactory.getLogger(AcceleratorDAO.class.getName());

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session createSession(User user) throws SecurityException {
        try {
            try {
                LdapConnection adminConnection = getAdminConnection();
                adminConnection.setTimeOut(0L);
                RbacCreateSessionRequestImpl rbacCreateSessionRequestImpl = new RbacCreateSessionRequestImpl();
                rbacCreateSessionRequestImpl.setTenantId(user.getContextId());
                rbacCreateSessionRequestImpl.setUserIdentity(user.getUserId());
                rbacCreateSessionRequestImpl.setPassword(new String(user.getPassword()));
                if (CollectionUtils.isNotEmpty(user.getRoles())) {
                    Iterator<UserRole> it = user.getRoles().iterator();
                    while (it.hasNext()) {
                        rbacCreateSessionRequestImpl.addRole(it.next().getName());
                    }
                }
                RbacCreateSessionResponse rbacCreateSessionResponse = (RbacCreateSessionResponse) adminConnection.extended(rbacCreateSessionRequestImpl);
                LOG.debug("createSession userId: {}, sessionId: {}, resultCode: {}", user.getUserId(), rbacCreateSessionResponse.getSessionId(), rbacCreateSessionResponse.getLdapResult().getResultCode());
                Session session = new Session(user, rbacCreateSessionResponse.getSessionId());
                if (rbacCreateSessionResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
                    session.setAuthenticated(false);
                    throw new SecurityException(GlobalErrIds.USER_PW_INVLD, "createSession UserId [" + user.getUserId() + "] failed: " + rbacCreateSessionResponse.getLdapResult() + " , resultCode: " + rbacCreateSessionResponse.getLdapResult().getResultCode().getResultCode());
                }
                session.setAuthenticated(true);
                closeAdminConnection(adminConnection);
                return session;
            } catch (LdapException e) {
                throw new SecurityException(GlobalErrIds.ACEL_CREATE_SESSION_ERR, "createSession userId [" + user.getUserId() + "] caught LDAPException= msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            closeAdminConnection(null);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean checkAccess(Session session, Permission permission) throws SecurityException {
        LdapConnection ldapConnection = null;
        try {
            try {
                ldapConnection = getAdminConnection();
                RbacCheckAccessRequestImpl rbacCheckAccessRequestImpl = new RbacCheckAccessRequestImpl();
                rbacCheckAccessRequestImpl.setSessionId(session.getSessionId());
                rbacCheckAccessRequestImpl.setObject(permission.getObjName());
                if (StringUtils.isNotEmpty(permission.getObjId())) {
                    rbacCheckAccessRequestImpl.setObjectId(permission.getObjId());
                }
                rbacCheckAccessRequestImpl.setOperation(permission.getOpName());
                RbacCheckAccessResponse rbacCheckAccessResponse = (RbacCheckAccessResponse) ldapConnection.extended(rbacCheckAccessRequestImpl);
                LOG.debug("checkAccess result: {}", rbacCheckAccessResponse.getLdapResult().getResultCode());
                boolean z = rbacCheckAccessResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS;
                closeAdminConnection(ldapConnection);
                return z;
            } catch (LdapException e) {
                throw new SecurityException(GlobalErrIds.ACEL_CHECK_ACCESS_ERR, "checkAccess perm obj [" + permission.getObjName() + "], operation [" + permission.getOpName() + "] caught LDAPException= msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            closeAdminConnection(ldapConnection);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void dropActiveRole(Session session, UserRole userRole) throws SecurityException {
        LdapConnection ldapConnection = null;
        try {
            try {
                ldapConnection = getAdminConnection();
                RbacDropRoleRequestImpl rbacDropRoleRequestImpl = new RbacDropRoleRequestImpl();
                rbacDropRoleRequestImpl.setSessionId(session.getSessionId());
                rbacDropRoleRequestImpl.setRole(userRole.getName());
                rbacDropRoleRequestImpl.setUserIdentity(userRole.getUserId());
                RbacDropRoleResponse rbacDropRoleResponse = (RbacDropRoleResponse) ldapConnection.extended(rbacDropRoleRequestImpl);
                LOG.debug("dropActiveRole result: {}", rbacDropRoleResponse.getLdapResult().getResultCode());
                if (rbacDropRoleResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS) {
                    throw new SecurityException(GlobalErrIds.URLE_NOT_ACTIVE, "dropActiveRole Role [" + userRole.getName() + "] User [" + session.getUserId() + "], not previously activated.");
                }
                closeAdminConnection(ldapConnection);
            } catch (LdapException e) {
                throw new SecurityException(GlobalErrIds.ACEL_DROP_ROLE_ERR, "dropActiveRole role name [" + userRole.getName() + "] caught LDAPException= msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            closeAdminConnection(ldapConnection);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addActiveRole(Session session, UserRole userRole) throws SecurityException {
        String str;
        int i;
        LdapConnection ldapConnection = null;
        try {
            try {
                ldapConnection = getAdminConnection();
                RbacAddRoleRequestImpl rbacAddRoleRequestImpl = new RbacAddRoleRequestImpl();
                rbacAddRoleRequestImpl.setSessionId(session.getSessionId());
                rbacAddRoleRequestImpl.setRole(userRole.getName());
                rbacAddRoleRequestImpl.setUserIdentity(userRole.getUserId());
                RbacAddRoleResponse rbacAddRoleResponse = (RbacAddRoleResponse) ldapConnection.extended(rbacAddRoleRequestImpl);
                LOG.debug("addActiveRole result: {}", rbacAddRoleResponse.getLdapResult().getResultCode());
                if (rbacAddRoleResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS) {
                    closeAdminConnection(ldapConnection);
                    return;
                }
                if (rbacAddRoleResponse.getLdapResult().getResultCode() == ResultCodeEnum.ATTRIBUTE_OR_VALUE_EXISTS) {
                    str = "addActiveRole Role [" + userRole.getName() + "] User [" + session.getUserId() + "], already activated.";
                    i = 2011;
                } else {
                    str = "addActiveRole Role [" + userRole.getName() + "] User [" + session.getUserId() + "], not authorized for user.";
                    i = 2006;
                }
                throw new SecurityException(i, str);
            } catch (LdapException e) {
                throw new SecurityException(GlobalErrIds.ACEL_ADD_ROLE_ERR, "addActiveRole role name [" + userRole.getName() + "] caught LDAPException= msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            closeAdminConnection(ldapConnection);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteSession(Session session) throws SecurityException {
        LdapConnection ldapConnection = null;
        try {
            try {
                ldapConnection = getAdminConnection();
                RbacDeleteSessionRequestImpl rbacDeleteSessionRequestImpl = new RbacDeleteSessionRequestImpl();
                rbacDeleteSessionRequestImpl.setSessionId(session.getSessionId());
                rbacDeleteSessionRequestImpl.setUserIdentity(session.getUserId());
                LOG.debug("deleteSession result: {}", ((RbacDeleteSessionResponse) ldapConnection.extended(rbacDeleteSessionRequestImpl)).getLdapResult().getResultCode());
                closeAdminConnection(ldapConnection);
            } catch (LdapException e) {
                throw new SecurityException(GlobalErrIds.ACEL_DELETE_SESSION_ERR, "deleteSession caught LDAPException= msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            closeAdminConnection(ldapConnection);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<UserRole> sessionRoles(Session session) throws SecurityException {
        LdapConnection ldapConnection = null;
        ArrayList arrayList = null;
        try {
            try {
                ldapConnection = getAdminConnection();
                RbacSessionRolesRequestImpl rbacSessionRolesRequestImpl = new RbacSessionRolesRequestImpl();
                rbacSessionRolesRequestImpl.setSessionId(session.getSessionId());
                rbacSessionRolesRequestImpl.setUserIdentity(session.getUserId());
                RbacSessionRolesResponse rbacSessionRolesResponse = (RbacSessionRolesResponse) ldapConnection.extended(rbacSessionRolesRequestImpl);
                LOG.debug("sessionRoles result: {}", Integer.valueOf(rbacSessionRolesResponse.getLdapResult().getResultCode().getResultCode()));
                if (CollectionUtils.isNotEmpty(rbacSessionRolesResponse.getRoles())) {
                    arrayList = new ArrayList();
                    Iterator<String> it = rbacSessionRolesResponse.getRoles().iterator();
                    while (it.hasNext()) {
                        arrayList.add(new UserRole(session.getUserId(), it.next()));
                    }
                }
                closeAdminConnection(ldapConnection);
                return arrayList;
            } catch (LdapException e) {
                throw new SecurityException(GlobalErrIds.ACEL_SESSION_ROLES_ERR, "sessionRoles caught LDAPException= msg=" + e.getMessage(), e);
            }
        } catch (Throwable th) {
            closeAdminConnection(ldapConnection);
            throw th;
        }
    }
}
