package oracle.security.idm.providers.stdldap.util;

import java.util.HashMap;
import java.util.logging.Level;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NameParser;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import oracle.security.idm.ConfigurationException;
import oracle.security.idm.IMException;
import oracle.security.idm.OperationFailureException;
import oracle.security.idm.PropertySet;

/* loaded from: input_file:oracle/security/idm/providers/stdldap/util/LDAPRole.class */
public class LDAPRole implements LDAPIdentity {
    String dn;
    String name = null;
    LDAPRealm realm;
    LDAPPropertySet ldPset;
    public static final String classname = "oracle.security.idm.providers.stdldap.util.LDAPRole";

    public LDAPRole(String str, LDAPRealm lDAPRealm, LDAPPropertySet lDAPPropertySet) {
        this.dn = null;
        this.realm = null;
        this.ldPset = null;
        this.dn = str;
        this.realm = lDAPRealm;
        this.ldPset = lDAPPropertySet;
    }

    @Override // oracle.security.idm.providers.stdldap.util.LDAPIdentity
    public String getDN() {
        return this.dn;
    }

    @Override // oracle.security.idm.providers.stdldap.util.LDAPIdentity
    public void setProperties(LdapContext ldapContext, ModificationItem[] modificationItemArr) throws IMException {
        try {
            ldapContext.modifyAttributes(ldapContext.getNameParser("").parse(this.dn), modificationItemArr);
            this.ldPset.clearCache();
        } catch (NamingException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("NameNotFoundException", "Role does not exist anymore !!");
            hashMap.put("NoPermissionException", "No permission to modify the role!!");
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "setProperties(LdapContext ctx, ModificationItem[] modItems)", hashMap, this.realm.logr);
        }
    }

    @Override // oracle.security.idm.providers.stdldap.util.LDAPIdentity
    public PropertySet getProperties(LdapContext ldapContext, String[] strArr, boolean z) throws IMException {
        return this.ldPset.getProperties(ldapContext, strArr, this.realm.ldapConfig.fetchRoleFullAttrSet());
    }

    public PropertySet getPropertiesFromCache(String[] strArr) throws IMException {
        return this.ldPset.getPropertiesFromCache(strArr);
    }

    public IdentitySearchResponse getMembers(LdapContext ldapContext, String str, boolean z) throws IMException {
        return new IdentityRelationsSearchResponse(ldapContext, this.realm, getDN(), str, !z, this.realm.ldapConfig.getRoleMemberAttributes());
    }

    public IdentitySearchResponse getOwners(LdapContext ldapContext, String str, boolean z) throws IMException {
        if (this.realm.ldapConfig.getRoleOwnerAttribute() == null) {
            throw new ConfigurationException("RoleProfile.OWNER is not defined.");
        }
        return new IdentityRelationsSearchResponse(ldapContext, this.realm, getDN(), str, z, new String[]{this.realm.ldapConfig.getRoleOwnerAttribute()}, this.realm.ldapConfig.getRoleMemberAttributes());
    }

    public IdentitySearchResponse getManagers(LdapContext ldapContext, String str, boolean z) throws IMException {
        if (this.realm.ldapConfig.getRoleManagerAttribute() == null) {
            throw new ConfigurationException("RoleProfile.MANAGER is not defined.");
        }
        return new IdentityRelationsSearchResponse(ldapContext, this.realm, getDN(), str, z, new String[]{this.realm.ldapConfig.getRoleManagerAttribute()}, this.realm.ldapConfig.getRoleMemberAttributes());
    }

    public void setName(LdapContext ldapContext, String str) throws IMException {
        try {
            String str2 = this.realm.getConfig().getRoleNameAttr() + "=" + Rdn.escapeValue(str);
            NameParser nameParser = ldapContext.getNameParser("");
            Name parse = nameParser.parse(this.dn);
            parse.remove(parse.size() - 1);
            parse.add(str2);
            this.realm.logr.logp(Level.FINE, classname, "setName()", "Renaming the entry from: " + this.dn + " to: " + parse);
            ldapContext.rename(nameParser.parse(this.dn), parse);
            this.dn = parse.toString();
            this.ldPset.changeDN(this.dn);
            this.name = null;
            this.ldPset.clearCache();
        } catch (NamingException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("NameNotFoundException", "Role does not exist anymore !!");
            hashMap.put("NoPermissionException", "No permission to modify the role!!");
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "setName(LdapContext ctx, String newName)", hashMap, this.realm.logr);
        }
    }

    public boolean isGranted(LdapContext ldapContext, String str) throws IMException {
        boolean z = false;
        String str2 = null;
        try {
            str2 = IDMUtils.normalizeDN(getDN());
        } catch (InvalidNameException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("InvalidNameException", "Unable to normalize the DN");
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "isGranted(LdapContext ctx, String idtyDN)", hashMap, this.realm.logr);
        }
        IdentitySearchResponse grantedRoles = this.realm.getGrantedRoles(ldapContext, str, false, null);
        while (true) {
            if (!grantedRoles.hasNext(ldapContext)) {
                break;
            }
            String str3 = null;
            try {
                str3 = IDMUtils.normalizeDN(grantedRoles.next(ldapContext).getDN());
            } catch (InvalidNameException e2) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("InvalidNameException", "Unable to normalize the DN");
                LDAPRealm lDAPRealm2 = this.realm;
                LDAPRealm.throwException(e2, classname, "isGranted(LdapContext ctx, String idtyDN)", hashMap2, this.realm.logr);
            }
            if (str2.equals(str3)) {
                z = true;
                break;
            }
        }
        return z;
    }

    public boolean isOwnedBy(LdapContext ldapContext, String str) throws IMException {
        boolean z = false;
        String str2 = null;
        try {
            str2 = IDMUtils.normalizeDN(getDN());
        } catch (InvalidNameException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("InvalidNameException", "Unable to normalize the DN");
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "isOwnedBy(LdapContext ctx, String idtyDN)", hashMap, this.realm.logr);
        }
        IdentitySearchResponse ownedRoles = this.realm.getOwnedRoles(ldapContext, str, false);
        while (true) {
            if (!ownedRoles.hasNext(ldapContext)) {
                break;
            }
            String str3 = null;
            try {
                str3 = IDMUtils.normalizeDN(ownedRoles.next(ldapContext).getDN());
            } catch (InvalidNameException e2) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("InvalidNameException", "Unable to normalize the DN");
                LDAPRealm lDAPRealm2 = this.realm;
                LDAPRealm.throwException(e2, classname, "isOwnedBy(LdapContext ctx, String idtyDN)", hashMap2, this.realm.logr);
            }
            if (str2.equals(str3)) {
                z = true;
                break;
            }
        }
        return z;
    }

    public boolean isManagedBy(LdapContext ldapContext, String str) throws IMException {
        boolean z = false;
        String str2 = null;
        try {
            str2 = IDMUtils.normalizeDN(getDN());
        } catch (InvalidNameException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("InvalidNameException", "Unable to normalize the DN");
            LDAPRealm lDAPRealm = this.realm;
            LDAPRealm.throwException(e, classname, "isManagedBy(LdapContext ctx, String idtyDN)", hashMap, this.realm.logr);
        }
        IdentitySearchResponse managedRoles = this.realm.getManagedRoles(ldapContext, str, false);
        while (true) {
            if (!managedRoles.hasNext(ldapContext)) {
                break;
            }
            String str3 = null;
            try {
                str3 = IDMUtils.normalizeDN(managedRoles.next(ldapContext).getDN());
            } catch (InvalidNameException e2) {
                HashMap hashMap2 = new HashMap();
                hashMap2.put("InvalidNameException", "Unable to normalize the DN");
                LDAPRealm lDAPRealm2 = this.realm;
                LDAPRealm.throwException(e2, classname, "isManagedBy(LdapContext ctx, String idtyDN)", hashMap2, this.realm.logr);
            }
            if (str2.equals(str3)) {
                z = true;
                break;
            }
        }
        return z;
    }

    public void addMember(LdapContext ldapContext, String str) throws IMException {
        setProperties(ldapContext, new ModificationItem[]{new ModificationItem(1, new BasicAttribute(this.realm.ldapConfig.getRoleMemberAttributes()[0], str))});
    }

    public void dropMember(LdapContext ldapContext, String str) throws IMException {
        setProperties(ldapContext, new ModificationItem[]{new ModificationItem(3, new BasicAttribute(this.realm.ldapConfig.getRoleMemberAttributes()[0], str))});
    }

    public String getName() throws IMException {
        String str;
        if (this.name == null) {
            try {
                LdapName ldapName = new LdapName(this.dn);
                Rdn rdn = ldapName.getRdn(ldapName.size() - 1);
                if (rdn.size() > 1) {
                    Attributes attributes = rdn.toAttributes();
                    String roleNameAttr = this.realm.getConfig().getRoleNameAttr();
                    Attribute attribute = attributes.get(roleNameAttr);
                    if (attribute == null) {
                        String str2 = "Composite rdn (" + rdn + ") doesn't contain the naming attribute(" + roleNameAttr + ")";
                        this.realm.logr.logp(Level.FINE, classname, "getName()", str2);
                        throw new OperationFailureException(str2);
                    }
                    str = (String) attribute.get();
                } else {
                    str = (String) rdn.getValue();
                }
                this.name = str;
            } catch (NamingException e) {
                LDAPRealm lDAPRealm = this.realm;
                LDAPRealm.throwException(e, classname, "getName()", null, this.realm.logr);
            }
        }
        return this.name;
    }

    public void addOwner(LdapContext ldapContext, String str) throws IMException {
        String roleOwnerAttribute = this.realm.ldapConfig.getRoleOwnerAttribute();
        if (roleOwnerAttribute == null) {
            throw new ConfigurationException("RoleProfile.OWNER is not defined.");
        }
        setProperties(ldapContext, new ModificationItem[]{new ModificationItem(1, new BasicAttribute(roleOwnerAttribute, str))});
    }

    public void removeOwner(LdapContext ldapContext, String str) throws IMException {
        String roleOwnerAttribute = this.realm.ldapConfig.getRoleOwnerAttribute();
        if (roleOwnerAttribute == null) {
            throw new ConfigurationException("RoleProfile.OWNER is not defined.");
        }
        setProperties(ldapContext, new ModificationItem[]{new ModificationItem(3, new BasicAttribute(roleOwnerAttribute, str))});
    }

    public void addManager(LdapContext ldapContext, String str) throws IMException {
        String roleManagerAttribute = this.realm.ldapConfig.getRoleManagerAttribute();
        if (roleManagerAttribute == null) {
            throw new ConfigurationException("RoleProfile.MANAGER is not defined.");
        }
        setProperties(ldapContext, new ModificationItem[]{new ModificationItem(1, new BasicAttribute(roleManagerAttribute, str))});
    }

    public void removeManager(LdapContext ldapContext, String str) throws IMException {
        String roleManagerAttribute = this.realm.ldapConfig.getRoleManagerAttribute();
        if (roleManagerAttribute == null) {
            throw new ConfigurationException("RoleProfile.MANAGER is not defined.");
        }
        setProperties(ldapContext, new ModificationItem[]{new ModificationItem(3, new BasicAttribute(roleManagerAttribute, str))});
    }
}
