package modules.identitymanager.implementation.activedirectory;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.ejb.CreateException;
import javax.ejb.EJBException;
import javax.ejb.FinderException;
import javax.ejb.RemoveException;
import javax.naming.Context;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.net.ssl.SSLHandshakeException;
import model.interfaces.GroupBMPLocal;
import model.interfaces.GroupLocal;
import model.interfaces.GroupPK;
import model.interfaces.GroupUtil;
import model.interfaces.UserBMPData;
import model.interfaces.UserBMPLocal;
import model.interfaces.UserBMPUtil;
import model.interfaces.UserData;
import model.interfaces.UserDetailBMPLocal;
import model.interfaces.UserDetailBMPUtil;
import model.interfaces.UserLocal;
import model.interfaces.UserPK;
import model.interfaces.UserUtil;
import model.transferobjects.IMUser;
import modules.identitymanager.implementation.masterimpl.GroupServiceMasterImpl;
import modules.identitymanager.implementation.masterimpl.UserServiceLdapImpl;
import modules.identitymanager.implementation.util.LDAPConfigurations;
import modules.identitymanager.implementation.util.LDAPUtils;
import org.apache.batik.util.XMLConstants;
import pt.digitalis.dif.presentation.stages.AbstractErrorHandler;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.utils.ldap.exception.LDAPOperationException;
import pt.digitalis.utils.ldap.exception.LDAPOperationSSLException;
import pt.digitalis.utils.ldap.impl.AbstractLDAPUtils;
import util.cripto.CryptoUtil;
import util.sql.OrderByClause;

/* loaded from: input_file:WEB-INF/lib/dif1-identitymanager-11.6.6-2.jar:modules/identitymanager/implementation/activedirectory/UserServiceImpl.class */
public class UserServiceImpl extends UserServiceLdapImpl {
    private static final String ATTRIBUTE_USER_IDENTIFIER = "user";
    private static final String GROUP_ATTRIBUTE = "memberOf";
    private static final String IDENTIFIER = "objectClass=user";
    private static final String LOGIN_ATTRIBUTE = "samAccountName";
    private static final String MAIL_ATTRIBUTE = "mail";
    private static final String NAME_ATTRIBUTE = "displayName";
    private static final String USER_CONTROL_ATTRIBUTE = "userAccountControl";
    private static final String USER_PRINCIPAL_NAME = "userPrincipalName";
    private static int UF_ACCOUNTDISABLE = 2;
    private static int UF_DONT_EXPIRE_PASSWD = 65536;
    private static int UF_NORMAL_ACCOUNT = 512;
    private static int UF_PASSWD_CANT_CHANGE = 64;
    private static int UF_PASSWD_NOTREQD = 32;
    private static int UF_PASSWORD_EXPIRED = 8388608;
    private static final String userControlControlValue = Integer.toString((UF_NORMAL_ACCOUNT + UF_PASSWD_NOTREQD) + UF_DONT_EXPIRE_PASSWD);

    @Override // modules.identitymanager.interfaces.UserService
    public void addGroup(Short sh, Long l) throws LDAPOperationException {
        try {
            if (!LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
                throw new LDAPOperationException("Operation not allowed. Ldap properties in read only mode.");
            }
            UserLocal findByPrimaryKey = UserUtil.getLocalHome().findByPrimaryKey(new UserPK(l));
            GroupLocal findByPrimaryKey2 = GroupUtil.getLocalHome().findByPrimaryKey(new GroupPK(sh));
            ModificationItem[] modificationItemArr = {new ModificationItem(1, new BasicAttribute("member", findByPrimaryKey.getExternalId()))};
            LdapContext dirContext = LDAPUtils.getDirContext();
            dirContext.modifyAttributes(findByPrimaryKey2.getExternalId(), modificationItemArr);
            dirContext.close();
        } catch (FinderException e) {
            throw new LDAPOperationException(e);
        } catch (NamingException e2) {
            throw new LDAPOperationException((Throwable) e2);
        }
    }

    private SearchResult authenticateOnExternalSystem(String str, String str2) throws LDAPOperationException {
        SearchResult searchResult = null;
        try {
            SearchResult byLogin = getByLogin(str);
            if (byLogin != null) {
                searchResult = byLogin;
                LDAPUtils.login(byLogin.getNameInNamespace(), str2).close();
            }
            return searchResult;
        } catch (NamingException e) {
            throw new LDAPOperationException((Throwable) e);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public Boolean canAuthenticateOnExternalSystem(String str, String str2) throws LDAPOperationException {
        Boolean bool;
        try {
            bool = Boolean.valueOf(authenticateOnExternalSystem(str, str2) != null);
        } catch (Exception e) {
            bool = false;
        }
        return bool;
    }

    private void changePassword(String str, String str2) throws LDAPOperationException {
        try {
            ModificationItem[] modificationItemArr = {new ModificationItem(2, new BasicAttribute("unicodePwd", ("\"" + str2 + "\"").getBytes("UTF-16LE")))};
            LdapContext secureDirContext = LDAPUtils.getSecureDirContext();
            secureDirContext.modifyAttributes(str, modificationItemArr);
            secureDirContext.close();
        } catch (NamingException e) {
            throw new LDAPOperationException((Throwable) e);
        } catch (UnsupportedEncodingException e2) {
            throw new LDAPOperationException(e2);
        }
    }

    @Override // modules.identitymanager.implementation.masterimpl.UserServiceLdapImpl
    protected IMUser convertLDAPtoIM(Long l, Short sh, Attributes attributes) throws NamingException, FinderException, LDAPOperationException {
        IMUser iMUser = new IMUser();
        if (attributes.get(GROUP_ATTRIBUTE) == null) {
            throw new LDAPOperationException("User doesn't have the groups!");
        }
        iMUser.setUserId(l);
        iMUser.setGroupId(verifyGroupIdFromUserDnProfile(sh, attributes));
        iMUser.setLoginName((String) attributes.get(LOGIN_ATTRIBUTE).get());
        if (attributes.get("displayName") != null) {
            iMUser.setUserName((String) attributes.get("displayName").get());
        } else {
            iMUser.setUserName("");
        }
        iMUser.setInternal(null);
        iMUser.setSuspension(null);
        if (attributes.get("mail") != null) {
            iMUser.setEmailAddress((String) attributes.get("mail").get());
        } else {
            iMUser.setEmailAddress(null);
        }
        return iMUser;
    }

    @Override // modules.identitymanager.interfaces.UserService
    public int count(Short sh, String str, String str2) throws LDAPOperationException {
        return getByGroupIdAndUserAndLogin(sh, str, str2, null).size();
    }

    @Override // modules.identitymanager.interfaces.UserService
    public IMUser create(IMUser iMUser, String str) throws LDAPOperationException {
        if (!LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
            throw new LDAPOperationException("Operation not allowed. Ldap properties in read only mode.");
        }
        try {
            String calculateDN = IdentityManagerModuleImpl.calculateDN(iMUser.getLoginName(), iMUser.getGroupId());
            UserBMPData userBMPData = new UserBMPData();
            userBMPData.setGroupId(iMUser.getGroupId());
            userBMPData.setLoginName(iMUser.getLoginName());
            userBMPData.setUserName(" ");
            userBMPData.setPassword(" ");
            userBMPData.setInternal(Boolean.valueOf(iMUser.getInternal() == null ? false : iMUser.getInternal().booleanValue()));
            userBMPData.setSuspension(Boolean.valueOf(iMUser.getSuspension() == null ? false : iMUser.getSuspension().booleanValue()));
            userBMPData.setEmailAddress(iMUser.getEmailAddress() == null ? " " : iMUser.getEmailAddress());
            userBMPData.setExternalId(calculateDN);
            UserBMPLocal create = UserBMPUtil.getLocalHome().create(userBMPData);
            iMUser.setUserId(create.getUserId());
            try {
                BasicAttributes basicAttributes = new BasicAttributes(true);
                basicAttributes.put("objectClass", "user");
                basicAttributes.put(LOGIN_ATTRIBUTE, iMUser.getLoginName());
                basicAttributes.put("displayName", iMUser.getUserName());
                basicAttributes.put("mail", iMUser.getEmailAddress() == null ? " " : iMUser.getEmailAddress());
                basicAttributes.put(USER_PRINCIPAL_NAME, getUserPrincipalName(iMUser.getLoginName()));
                basicAttributes.put(USER_CONTROL_ATTRIBUTE, userControlControlValue);
                String userProfileDnAttribute = LDAPConfigurations.getUserProfileDnAttribute();
                if (userProfileDnAttribute != null && !"".equals(userProfileDnAttribute) && iMUser.getGroupId() != null) {
                    basicAttributes.put(userProfileDnAttribute, GroupUtil.getLocalHome().findByPrimaryKey(new GroupPK(iMUser.getGroupId())).getExternalId());
                }
                LdapContext dirContext = LDAPUtils.getDirContext();
                dirContext.createSubcontext(calculateDN, basicAttributes);
                dirContext.close();
                changePassword(calculateDN, str);
                addGroup(iMUser.getGroupId(), iMUser.getUserId());
                return iMUser;
            } catch (Exception e) {
                try {
                    remove(create.getUserId());
                    SSLHandshakeException sSLHandshakeException = (SSLHandshakeException) AbstractErrorHandler.getExceptionWithinStack(SSLHandshakeException.class, e);
                    if (sSLHandshakeException != null) {
                        throw new LDAPOperationSSLException(sSLHandshakeException);
                    }
                    throw new LDAPOperationException(e);
                } catch (EJBException e2) {
                    throw new LDAPOperationException(e);
                }
            }
        } catch (CreateException e3) {
            throw new LDAPOperationException(e3);
        } catch (FinderException e4) {
            throw new LDAPOperationException(e4);
        } catch (NamingException e5) {
            throw new LDAPOperationException((Throwable) e5);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public IMUser createBasedInExternalUser(String str, Short sh) throws LDAPOperationException {
        if (!LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
            throw new LDAPOperationException("Operation not allowed. Ldap properties in read only mode.");
        }
        try {
            SearchResult byLogin = getByLogin(str);
            if (byLogin == null) {
                throw new LDAPOperationException("Does not exist an user with this login");
            }
            String nameInNamespace = byLogin.getNameInNamespace();
            UserBMPData userBMPData = new UserBMPData();
            userBMPData.setGroupId(sh);
            userBMPData.setLoginName(str);
            userBMPData.setUserName(" ");
            userBMPData.setPassword(" ");
            userBMPData.setInternal(false);
            userBMPData.setSuspension(false);
            userBMPData.setEmailAddress(" ");
            userBMPData.setExternalId(nameInNamespace);
            UserBMPLocal create = UserBMPUtil.getLocalHome().create(userBMPData);
            IMUser convertLDAPtoIM = convertLDAPtoIM(create.getUserId(), create.getGroupId(), byLogin.getAttributes());
            ((Context) byLogin.getObject()).close();
            return convertLDAPtoIM;
        } catch (NamingException e) {
            throw new LDAPOperationException((Throwable) e);
        } catch (CreateException e2) {
            throw new LDAPOperationException(e2);
        } catch (FinderException e3) {
            throw new LDAPOperationException(e3);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public void createBasedInInternalUser(Long l) throws LDAPOperationException {
        if (!LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
            throw new LDAPOperationException("Operation not allowed. Ldap properties in read only mode.");
        }
        try {
            UserLocal findByPrimaryKey = UserUtil.getLocalHome().findByPrimaryKey(new UserPK(l));
            UserData data = findByPrimaryKey.getData();
            String createUserOnExternal = createUserOnExternal(data.getLoginName(), findByPrimaryKey, data);
            changePassword(createUserOnExternal, CryptoUtil.deencript(data.getPassword(), CryptoUtil.DEFAULT_KEY_STRING));
            data.setUserName(" ");
            data.setPassword(" ");
            data.setExternalId(createUserOnExternal);
            findByPrimaryKey.setData(data);
            addGroup(data.getGroupId(), data.getUserId());
        } catch (CreateException e) {
            throw new LDAPOperationException(e);
        } catch (FinderException e2) {
            throw new LDAPOperationException(e2);
        } catch (NamingException e3) {
            throw new LDAPOperationException((Throwable) e3);
        }
    }

    private String createUserOnExternal(String str, UserLocal userLocal, UserData userData) throws NamingException, FinderException, CreateException {
        try {
            String calculateDN = IdentityManagerModuleImpl.calculateDN(str, userLocal.getGroupId());
            BasicAttributes basicAttributes = new BasicAttributes(true);
            basicAttributes.put("objectClass", "user");
            basicAttributes.put(LOGIN_ATTRIBUTE, str);
            basicAttributes.put("displayName", userData.getUserName());
            basicAttributes.put("mail", userData.getEmailAddress() == null ? " " : userData.getEmailAddress());
            basicAttributes.put(USER_PRINCIPAL_NAME, getUserPrincipalName(userData.getLoginName()));
            basicAttributes.put(USER_CONTROL_ATTRIBUTE, userControlControlValue);
            String userProfileDnAttribute = LDAPConfigurations.getUserProfileDnAttribute();
            if (userProfileDnAttribute != null && !"".equals(userProfileDnAttribute) && userData.getGroupId() != null) {
                basicAttributes.put(userProfileDnAttribute, GroupUtil.getLocalHome().findByPrimaryKey(new GroupPK(userData.getGroupId())).getExternalId());
            }
            LdapContext dirContext = LDAPUtils.getDirContext();
            dirContext.createSubcontext(calculateDN, basicAttributes);
            dirContext.close();
            return calculateDN;
        } catch (NameAlreadyBoundException e) {
            return createUserOnExternal(LDAPUtils.generateAlternativeName(str), userLocal, userData);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public ArrayList<IMUser> getByGroupIdAndUserAndLogin(Short sh, String str, String str2, OrderByClause orderByClause) throws LDAPOperationException {
        ArrayList<IMUser> arrayList = new ArrayList<>();
        try {
            StringBuffer stringBuffer = new StringBuffer();
            if (sh != null && sh.intValue() != 0) {
                stringBuffer.append("(memberOf=" + GroupUtil.getLocalHome().findByPrimaryKey(new GroupPK(sh)).getExternalId() + ")");
            }
            if (str != null && !str.equals("")) {
                stringBuffer.append("(displayName=*" + str + "*)");
            }
            if (str2 != null && !str2.equals("")) {
                stringBuffer.append("(samAccountName=*" + str2 + "*)");
            }
            if (stringBuffer.length() > 0) {
                stringBuffer.insert(0, "(&");
            } else {
                stringBuffer.insert(0, "(");
            }
            stringBuffer.append("(objectClass=user))");
            if (orderByClause != null) {
                LdapContext dirContext = LDAPUtils.getDirContext();
                for (SearchResult searchResult : ((AbstractLDAPUtils) LDAPUtils.getLDAPUtils()).doLDAPSearchMultipleReturnsPaging(dirContext, LDAPConfigurations.getBaseDN(), stringBuffer.toString(), orderByClause.getRowsPerPage(), new Integer(orderByClause.getPagerQuery().getNumList()))) {
                    UserData findByExternalId = LDAPUtils.findByExternalId(searchResult);
                    if (findByExternalId != null) {
                        arrayList.add(convertLDAPtoIM(findByExternalId.getUserId(), findByExternalId.getGroupId(), searchResult.getAttributes()));
                    }
                    ((Context) searchResult.getObject()).close();
                }
                dirContext.close();
            } else {
                LdapContext dirContext2 = LDAPUtils.getDirContext();
                List<SearchResult> ldapSearch = IdentityManagerModuleImpl.ldapSearch(dirContext2, stringBuffer.toString());
                dirContext2.close();
                for (SearchResult searchResult2 : ldapSearch) {
                    UserData findByExternalId2 = LDAPUtils.findByExternalId(searchResult2);
                    if (findByExternalId2 != null) {
                        arrayList.add(convertLDAPtoIM(findByExternalId2.getUserId(), findByExternalId2.getGroupId(), searchResult2.getAttributes()));
                    }
                    ((Context) searchResult2.getObject()).close();
                }
            }
            return arrayList;
        } catch (IOException e) {
            throw new LDAPOperationException(e);
        } catch (NamingException e2) {
            throw new LDAPOperationException((Throwable) e2);
        } catch (CreateException e3) {
            throw new LDAPOperationException(e3);
        } catch (FinderException e4) {
            throw new LDAPOperationException(e4);
        } catch (LDAPOperationException e5) {
            throw new LDAPOperationException(e5);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public IMUser getById(Long l) throws LDAPOperationException {
        try {
            UserLocal findByPrimaryKey = UserUtil.getLocalHome().findByPrimaryKey(new UserPK(l));
            LdapContext dirContext = LDAPUtils.getDirContext();
            if (findByPrimaryKey.getExternalId() == null || findByPrimaryKey.getExternalId().equals("")) {
                throw new LDAPOperationException("The user " + l + " doesn't belogns to a external system!");
            }
            IMUser convertLDAPtoIM = convertLDAPtoIM(findByPrimaryKey.getUserId(), findByPrimaryKey.getGroupId(), dirContext.getAttributes(findByPrimaryKey.getExternalId()));
            dirContext.close();
            return convertLDAPtoIM;
        } catch (NamingException e) {
            throw new LDAPOperationException((Throwable) e);
        } catch (FinderException e2) {
            throw new LDAPOperationException(e2);
        }
    }

    private SearchResult getByLogin(String str) throws LDAPOperationException {
        SearchResult searchResult = null;
        try {
            Boolean bool = false;
            LdapContext dirContext = LDAPUtils.getDirContext();
            List<SearchResult> ldapSearch = IdentityManagerModuleImpl.ldapSearch(dirContext, "(&(objectClass=user)(samAccountName=" + str + "))");
            dirContext.close();
            for (SearchResult searchResult2 : ldapSearch) {
                if (bool.booleanValue()) {
                    throw new Exception("Exists more than one user with the same login!");
                }
                bool = true;
                searchResult = searchResult2;
            }
            return searchResult;
        } catch (NamingException e) {
            throw new LDAPOperationException((Throwable) e);
        } catch (FinderException e2) {
            throw new LDAPOperationException(e2);
        } catch (Exception e3) {
            throw new LDAPOperationException(e3);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public IMUser getByLoginname(String str) throws LDAPOperationException {
        IMUser iMUser = null;
        SearchResult byLogin = getByLogin(str);
        if (byLogin != null) {
            try {
                UserData findByExternalId = LDAPUtils.findByExternalId(byLogin);
                iMUser = convertLDAPtoIM(findByExternalId.getUserId(), findByExternalId.getGroupId(), byLogin.getAttributes());
                ((Context) byLogin.getObject()).close();
            } catch (CreateException e) {
                throw new LDAPOperationException(e);
            } catch (FinderException e2) {
                throw new LDAPOperationException(e2);
            } catch (NamingException e3) {
                throw new LDAPOperationException((Throwable) e3);
            }
        }
        return iMUser;
    }

    @Override // modules.identitymanager.interfaces.UserService
    public IMUser getByLoginnameAndPassword(String str, String str2) throws LDAPOperationException {
        IMUser iMUser = null;
        SearchResult authenticateOnExternalSystem = authenticateOnExternalSystem(str, str2);
        if (authenticateOnExternalSystem != null) {
            try {
                UserData findByExternalId = LDAPUtils.findByExternalId(authenticateOnExternalSystem);
                iMUser = convertLDAPtoIM(findByExternalId.getUserId(), findByExternalId.getGroupId(), authenticateOnExternalSystem.getAttributes());
                ((Context) authenticateOnExternalSystem.getObject()).close();
            } catch (CreateException e) {
                throw new LDAPOperationException(e);
            } catch (FinderException e2) {
                throw new LDAPOperationException(e2);
            } catch (NamingException e3) {
                throw new LDAPOperationException((Throwable) e3);
            }
        }
        return iMUser;
    }

    @Override // modules.identitymanager.interfaces.UserService
    public ArrayList<Short> getGroups(Long l) throws LDAPOperationException {
        ArrayList<Short> arrayList = new ArrayList<>();
        boolean z = false;
        try {
            UserLocal findByPrimaryKey = UserUtil.getLocalHome().findByPrimaryKey(new UserPK(l));
            LdapContext dirContext = LDAPUtils.getDirContext();
            Attributes attributes = dirContext.getAttributes(findByPrimaryKey.getExternalId());
            dirContext.close();
            if (attributes == null) {
                throw new LDAPOperationException("User doesn't exists!");
            }
            Attribute attribute = attributes.get(GROUP_ATTRIBUTE);
            if (attribute != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMoreElements()) {
                    GroupBMPLocal findByExternalId = GroupServiceMasterImpl.findByExternalId((String) all.next());
                    if (findByExternalId != null) {
                        if (!z && findByExternalId.getGroupId().equals(findByPrimaryKey.getGroupId())) {
                            z = true;
                        }
                        LdapContext dirContext2 = LDAPUtils.getDirContext();
                        arrayList.add(findByExternalId.getGroupId());
                        dirContext2.close();
                    }
                }
            }
            if (!z) {
                if (LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
                    addGroup(findByPrimaryKey.getGroupId(), findByPrimaryKey.getUserId());
                    arrayList.add(findByPrimaryKey.getGroupId());
                } else {
                    DIFLogger.getLogger().info("getGroups - Group with id \"" + findByPrimaryKey.getGroupId() + "cannot be added to " + findByPrimaryKey.getLoginName() + " because Ldap is in Read Only mode ");
                }
            }
            return arrayList;
        } catch (NamingException e) {
            throw new LDAPOperationException((Throwable) e);
        } catch (FinderException e2) {
            throw new LDAPOperationException(e2);
        }
    }

    @Override // modules.identitymanager.implementation.masterimpl.UserServiceLdapImpl
    protected String getLDAPUserIdentifier() {
        return IDENTIFIER;
    }

    @Override // modules.identitymanager.interfaces.UserService
    public String getUserPassword(Long l) throws LDAPOperationException {
        throw new LDAPOperationException("This method is not supported by this implementation!");
    }

    private String getUserPrincipalName(String str) {
        String str2 = "";
        for (String str3 : LDAPConfigurations.getBaseDN().split(",")) {
            if (str3.toUpperCase().startsWith("DC")) {
                str2 = "".equals(str2) ? str3.split(XMLConstants.XML_EQUAL_SIGN)[1] : str2 + "." + str3.split(XMLConstants.XML_EQUAL_SIGN)[1];
            }
        }
        return "".equals(str2) ? str : str + "@" + str2;
    }

    @Override // modules.identitymanager.interfaces.UserService
    public ArrayList<IMUser> getUsersByEmail(String str) throws LDAPOperationException {
        ArrayList<IMUser> arrayList = new ArrayList<>();
        try {
            LdapContext dirContext = LDAPUtils.getDirContext();
            List<SearchResult> ldapSearch = IdentityManagerModuleImpl.ldapSearch(dirContext, "(&(objectClass=user)(mail=" + str + "))");
            dirContext.close();
            for (SearchResult searchResult : ldapSearch) {
                UserData findByExternalId = LDAPUtils.findByExternalId(searchResult);
                if (findByExternalId != null) {
                    arrayList.add(convertLDAPtoIM(findByExternalId.getUserId(), findByExternalId.getGroupId(), searchResult.getAttributes()));
                }
                ((Context) searchResult.getObject()).close();
            }
            return arrayList;
        } catch (IOException e) {
            throw new LDAPOperationException(e);
        } catch (CreateException e2) {
            throw new LDAPOperationException(e2);
        } catch (NamingException e3) {
            throw new LDAPOperationException((Throwable) e3);
        } catch (FinderException e4) {
            throw new LDAPOperationException(e4);
        } catch (LDAPOperationException e5) {
            throw new LDAPOperationException(e5);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public void remove(Long l) throws LDAPOperationException {
        if (!LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
            throw new LDAPOperationException("Operation not allowed. Ldap properties in read only mode.");
        }
        try {
            UserLocal findByPrimaryKey = UserUtil.getLocalHome().findByPrimaryKey(new UserPK(l));
            UserData data = findByPrimaryKey.getData();
            Iterator it2 = UserDetailBMPUtil.getLocalHome().findByUser(l).iterator();
            while (it2.hasNext()) {
                ((UserDetailBMPLocal) it2.next()).remove();
            }
            findByPrimaryKey.remove();
            try {
                LdapContext dirContext = LDAPUtils.getDirContext();
                dirContext.destroySubcontext(data.getExternalId());
                dirContext.close();
            } catch (Exception e) {
                try {
                    UserBMPData userBMPData = new UserBMPData();
                    userBMPData.setEmailAddress(data.getEmailAddress());
                    userBMPData.setExternalId(data.getExternalId());
                    userBMPData.setLoginName(data.getLoginName());
                    userBMPData.setUserName(data.getUserName());
                    userBMPData.setGroupId(data.getGroupId());
                    userBMPData.setInternal(data.getInternal());
                    userBMPData.setSuspension(data.getSuspension());
                    UserBMPUtil.getLocalHome().create(userBMPData);
                    throw new LDAPOperationException(e);
                } catch (CreateException e2) {
                    throw new LDAPOperationException(e2);
                }
            }
        } catch (EJBException e3) {
            throw new LDAPOperationException(e3);
        } catch (NamingException e4) {
            throw new LDAPOperationException((Throwable) e4);
        } catch (FinderException e5) {
            throw new LDAPOperationException(e5);
        } catch (RemoveException e6) {
            throw new LDAPOperationException(e6);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public void removeGroup(Short sh, Long l) throws LDAPOperationException {
        try {
            UserLocal findByPrimaryKey = UserUtil.getLocalHome().findByPrimaryKey(new UserPK(l));
            GroupLocal findByPrimaryKey2 = GroupUtil.getLocalHome().findByPrimaryKey(new GroupPK(sh));
            ModificationItem[] modificationItemArr = {new ModificationItem(3, new BasicAttribute("member", findByPrimaryKey.getExternalId()))};
            LdapContext dirContext = LDAPUtils.getDirContext();
            dirContext.modifyAttributes(findByPrimaryKey2.getExternalId(), modificationItemArr);
            dirContext.close();
        } catch (FinderException e) {
            throw new LDAPOperationException(e);
        } catch (NamingException e2) {
            throw new LDAPOperationException((Throwable) e2);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public void update(IMUser iMUser) throws LDAPOperationException {
        if (!LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
            throw new LDAPOperationException("Operation not allowed. Ldap properties in read only mode.");
        }
        try {
            IMUser byId = getById(iMUser.getUserId());
            UserLocal findByPrimaryKey = UserUtil.getLocalHome().findByPrimaryKey(new UserPK(iMUser.getUserId()));
            ArrayList arrayList = new ArrayList();
            if (iMUser.getLoginName() != null && !byId.getLoginName().equals(iMUser.getLoginName())) {
                arrayList.add(new ModificationItem(2, new BasicAttribute(LOGIN_ATTRIBUTE, iMUser.getLoginName())));
                arrayList.add(new ModificationItem(2, new BasicAttribute(USER_PRINCIPAL_NAME, getUserPrincipalName(iMUser.getLoginName()))));
            }
            if (iMUser.getUserName() != null && !byId.getUserName().equals(iMUser.getUserName())) {
                arrayList.add(new ModificationItem(2, new BasicAttribute("displayName", iMUser.getUserName())));
            }
            if (iMUser.getEmailAddress() != null && !byId.getEmailAddress().equals(iMUser.getEmailAddress())) {
                arrayList.add(new ModificationItem(2, new BasicAttribute("mail", iMUser.getEmailAddress())));
            }
            String userProfileDnAttribute = LDAPConfigurations.getUserProfileDnAttribute();
            if (userProfileDnAttribute != null && !"".equals(userProfileDnAttribute) && iMUser.getGroupId() != null) {
                arrayList.add(new ModificationItem(2, new BasicAttribute(userProfileDnAttribute, GroupUtil.getLocalHome().findByPrimaryKey(new GroupPK(iMUser.getGroupId())).getExternalId())));
            }
            if (arrayList.size() > 0) {
                DIFLogger.getLogger().debug("update \"" + findByPrimaryKey.getExternalId() + "\" with the attributes: ");
                ModificationItem[] modificationItemArr = new ModificationItem[arrayList.size()];
                for (int i = 0; i < arrayList.size(); i++) {
                    modificationItemArr[i] = (ModificationItem) arrayList.get(i);
                    DIFLogger.getLogger().debug("---> Attribute: " + ((ModificationItem) arrayList.get(i)).getAttribute());
                }
                LdapContext dirContext = LDAPUtils.getDirContext();
                dirContext.modifyAttributes(findByPrimaryKey.getExternalId(), modificationItemArr);
                dirContext.close();
            }
            if (LDAPUtils.getDIF2LDAPConfigurations().getAllowDistinguishedNameModifications() && iMUser.getGroupId() != null && byId.getGroupId() != null && !byId.getGroupId().equals(iMUser.getGroupId())) {
                String externalId = findByPrimaryKey.getExternalId();
                String calculateDN = IdentityManagerModuleImpl.calculateDN(iMUser.getLoginName(), iMUser.getGroupId());
                Short groupId = byId.getGroupId();
                UserData data = findByPrimaryKey.getData();
                data.setGroupId(iMUser.getGroupId());
                data.setExternalId(calculateDN);
                findByPrimaryKey.setData(data);
                try {
                    if (!externalId.equals(calculateDN)) {
                        LdapContext dirContext2 = LDAPUtils.getDirContext();
                        dirContext2.rename(externalId, calculateDN);
                        dirContext2.close();
                    }
                    removeGroup(groupId, byId.getUserId());
                    if (!getGroups(byId.getUserId()).contains(byId.getGroupId())) {
                        addGroup(byId.getGroupId(), byId.getUserId());
                    }
                } catch (Exception e) {
                    UserData data2 = findByPrimaryKey.getData();
                    data2.setExternalId(externalId);
                    data2.setGroupId(groupId);
                    findByPrimaryKey.setData(data2);
                    throw new LDAPOperationException(e);
                }
            }
        } catch (NamingException e2) {
            throw new LDAPOperationException((Throwable) e2);
        } catch (CreateException e3) {
            throw new LDAPOperationException(e3);
        } catch (FinderException e4) {
            throw new LDAPOperationException(e4);
        }
    }

    @Override // modules.identitymanager.interfaces.UserService
    public void updatePassword(Long l, String str) throws LDAPOperationException {
        if (!LDAPConfigurations.READ_ONLY_DEFAULT.equals(LDAPConfigurations.getReadOnly())) {
            throw new LDAPOperationException("Operation not allowed. Ldap properties in read only mode.");
        }
        try {
            changePassword(UserUtil.getLocalHome().findByPrimaryKey(new UserPK(l)).getExternalId(), str);
        } catch (FinderException e) {
            throw new LDAPOperationException(e);
        } catch (NamingException e2) {
            throw new LDAPOperationException((Throwable) e2);
        }
    }
}
