package com.atlassian.bamboo.upgrade.tasks.v6_6.ec;

import com.atlassian.crowd.directory.GenericLDAP;
import com.atlassian.crowd.directory.MicrosoftActiveDirectory;
import com.atlassian.crowd.directory.SynchronisableDirectoryProperties;
import com.atlassian.crowd.directory.ldap.util.LDAPPropertiesHelper;
import com.atlassian.crowd.embedded.api.CrowdDirectoryService;
import com.atlassian.crowd.embedded.api.Directory;
import com.atlassian.crowd.embedded.api.DirectoryType;
import com.atlassian.crowd.embedded.api.PermissionOption;
import com.atlassian.crowd.embedded.impl.DefaultConnectionPoolProperties;
import com.atlassian.crowd.model.directory.DirectoryImpl;
import com.atlassian.user.configuration.RepositoryConfiguration;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.BadLdapGrammarException;
import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapRdn;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.HardcodedFilter;
import org.springframework.ldap.filter.PresentFilter;

/* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v6_6/ec/LdapRepositoryConfigurationMigrator.class */
public class LdapRepositoryConfigurationMigrator implements RepositoryConfigurationMigrator {
    public static final Logger log = LoggerFactory.getLogger(LdapRepositoryConfigurationMigrator.class);
    private final CrowdDirectoryService crowdDirectoryService;
    private final LDAPPropertiesHelper ldapPropertiesHelper;

    public LdapRepositoryConfigurationMigrator(CrowdDirectoryService crowdDirectoryService, LDAPPropertiesHelper lDAPPropertiesHelper) {
        this.crowdDirectoryService = crowdDirectoryService;
        this.ldapPropertiesHelper = lDAPPropertiesHelper;
    }

    @Override // com.atlassian.bamboo.upgrade.tasks.v6_6.ec.RepositoryConfigurationMigrator
    public boolean matches(RepositoryConfiguration repositoryConfiguration) {
        return UserConfigurationChecker.isUpgradeableLdapConfiguration(repositoryConfiguration);
    }

    @Override // com.atlassian.bamboo.upgrade.tasks.v6_6.ec.RepositoryConfigurationMigrator
    public List<String> validate(RepositoryConfiguration repositoryConfiguration) {
        ArrayList arrayList = new ArrayList();
        validateIdentifierExists(arrayList, repositoryConfiguration);
        validateOptionalDistinguishedName(arrayList, repositoryConfiguration, "baseGroupNamespace");
        validateOptionalDistinguishedName(arrayList, repositoryConfiguration, "baseUserNamespace");
        if (repositoryConfiguration.getStringComponent("securityPrincipal") != null) {
            validateOptionalDistinguishedName(arrayList, repositoryConfiguration, "securityPrincipal");
            validateStringComponentExists(arrayList, repositoryConfiguration, "securityCredential");
        }
        validateStringComponentExists(arrayList, repositoryConfiguration, "groupnameAttribute");
        validateObjectClassDefined(arrayList, repositoryConfiguration, "groupSearchFilter");
        validateStringComponentExists(arrayList, repositoryConfiguration, "membershipAttribute");
        validateStringComponentExists(arrayList, repositoryConfiguration, "firstnameAttribute");
        validateStringComponentExists(arrayList, repositoryConfiguration, "surnameAttribute");
        validateObjectClassDefined(arrayList, repositoryConfiguration, "userSearchFilter");
        validateStringComponentExists(arrayList, repositoryConfiguration, "usernameAttribute");
        validateStringComponentExists(arrayList, repositoryConfiguration, "emailAttribute");
        validateOptionalInteger(arrayList, repositoryConfiguration, "initSize");
        validateOptionalInteger(arrayList, repositoryConfiguration, "prefSize");
        validateOptionalInteger(arrayList, repositoryConfiguration, "maxSize");
        validateOptionalInteger(arrayList, repositoryConfiguration, "timeout");
        validateOptionalInteger(arrayList, repositoryConfiguration, "timeToLive");
        validateOptionalInteger(arrayList, repositoryConfiguration, "connectTimeout");
        validateOptionalInteger(arrayList, repositoryConfiguration, "readTimeout");
        return arrayList;
    }

    private void validateIdentifierExists(List<String> list, RepositoryConfiguration repositoryConfiguration) {
        if (repositoryConfiguration.getIdentifier() == null) {
            log.error("Missing repository key or name");
            list.add("Missing repository key or name");
        }
    }

    private void validateOptionalDistinguishedName(List<String> list, RepositoryConfiguration repositoryConfiguration, String str) {
        try {
            new DistinguishedName(repositoryConfiguration.getStringComponent(str));
        } catch (BadLdapGrammarException e) {
            log.error("Property " + str + " is not a valid distinguished name: " + e.getMessage());
            list.add("Property " + str + " is not a valid distinguished name");
        }
    }

    private void validateObjectClassDefined(List<String> list, RepositoryConfiguration repositoryConfiguration, String str) {
        if (validateStringComponentExists(list, repositoryConfiguration, str) && extractObjectClass(repositoryConfiguration.getStringComponent(str)) == null) {
            if (!isActiveDirectory(repositoryConfiguration)) {
                log.error("Property " + str + " does not define an objectClass filter");
                list.add("Property " + str + " does not define an objectClass filter");
            } else if (validateStringComponentExists(list, repositoryConfiguration, str) && extractObjectCategory(repositoryConfiguration.getStringComponent(str)) == null) {
                log.error("Property " + str + " does not define objectClass or objectCategory filter");
                list.add("Property " + str + " does not define objectClass or objectCategory filter");
            }
        }
    }

    private boolean validateStringComponentExists(List<String> list, RepositoryConfiguration repositoryConfiguration, String str) {
        if (repositoryConfiguration.getStringComponent(str) != null) {
            return true;
        }
        log.error("Missing required property " + str);
        list.add("Missing required property " + str);
        return false;
    }

    private boolean validateOptionalInteger(List<String> list, RepositoryConfiguration repositoryConfiguration, String str) {
        String stringComponent = repositoryConfiguration.getStringComponent(str);
        if (!StringUtils.isNotBlank(stringComponent)) {
            return true;
        }
        try {
            Integer.valueOf(stringComponent, 10);
            return true;
        } catch (NumberFormatException e) {
            list.add("Property " + str + " is not a number");
            return false;
        }
    }

    @Override // com.atlassian.bamboo.upgrade.tasks.v6_6.ec.RepositoryConfigurationMigrator
    public Directory migrate(RepositoryConfiguration repositoryConfiguration) {
        String implementationClassName = getImplementationClassName(repositoryConfiguration);
        DirectoryImpl directoryImpl = new DirectoryImpl("Upgraded atlassian-user LDAP (" + repositoryConfiguration.getIdentifier().getKey() + ")", DirectoryType.CONNECTOR, implementationClassName);
        Properties properties = (Properties) this.ldapPropertiesHelper.getConfigurationDetails().get(implementationClassName);
        if (properties != null) {
            log.info("loading default properties from [ " + implementationClassName + " ] implementation");
            for (Map.Entry entry : properties.entrySet()) {
                directoryImpl.setAttribute((String) entry.getKey(), (String) entry.getValue());
            }
        }
        directoryImpl.setDescription("LDAP configuration upgraded from an existing atlassian-user configuration");
        directoryImpl.setActive(true);
        directoryImpl.setAttribute("com.atlassian.crowd.directory.sync.cache.enabled", Boolean.TRUE.toString());
        directoryImpl.setAttribute("useNestedGroups", Boolean.TRUE.toString());
        directoryImpl.setAttribute("ldap.nestedgroups.disabled", Boolean.FALSE.toString());
        directoryImpl.setAttribute("ldap.url", makeLdapUrl(repositoryConfiguration));
        directoryImpl.setAttribute("ldap.secure", getSecureSetting(repositoryConfiguration));
        directoryImpl.setAttribute("directory.cache.synchronise.interval", String.valueOf(3600));
        directoryImpl.setAttribute("crowd.sync.group.membership.after.successful.user.auth.enabled", SynchronisableDirectoryProperties.SyncGroupMembershipsAfterAuth.WHEN_AUTHENTICATION_CREATED_THE_USER.getValue());
        directoryImpl.setAttribute("ldap.local.groups", "true");
        directoryImpl.setAllowedOperations(PermissionOption.READ_ONLY_LOCAL_GROUPS.getAllowedOperations());
        String stringComponent = repositoryConfiguration.getStringComponent("baseGroupNamespace");
        String stringComponent2 = repositoryConfiguration.getStringComponent("baseUserNamespace");
        DistinguishedName distinguishedName = new DistinguishedName();
        DistinguishedName distinguishedName2 = new DistinguishedName(stringComponent);
        DistinguishedName distinguishedName3 = new DistinguishedName(stringComponent2);
        int min = Math.min(distinguishedName2.size(), distinguishedName3.size());
        for (int i = 0; i < min; i++) {
            LdapRdn ldapRdn = distinguishedName2.getLdapRdn(i);
            if (!ldapRdn.equals(distinguishedName3.getLdapRdn(i))) {
                break;
            }
            distinguishedName.add(ldapRdn);
        }
        for (int i2 = 0; i2 < distinguishedName.size(); i2++) {
            distinguishedName2.removeFirst();
            distinguishedName3.removeFirst();
        }
        directoryImpl.setAttribute("ldap.basedn", distinguishedName.toCompactString());
        directoryImpl.setAttribute("ldap.userdn", repositoryConfiguration.getStringComponent("securityPrincipal"));
        directoryImpl.setAttribute("ldap.password", repositoryConfiguration.getStringComponent("securityCredential"));
        directoryImpl.setAttribute("ldap.group.dn", distinguishedName2.toCompactString());
        directoryImpl.setAttribute("ldap.group.description", repositoryConfiguration.getStringComponent("groupnameAttribute"));
        directoryImpl.setAttribute("ldap.group.name", repositoryConfiguration.getStringComponent("groupnameAttribute"));
        directoryImpl.setAttribute("ldap.group.objectclass", extractObjectClassOrCategory(repositoryConfiguration, "groupSearchFilter"));
        directoryImpl.setAttribute("ldap.group.filter", repositoryConfiguration.getStringComponent("groupSearchFilter"));
        directoryImpl.setAttribute("ldap.group.usernames", repositoryConfiguration.getStringComponent("membershipAttribute"));
        directoryImpl.setAttribute("ldap.user.dn", distinguishedName3.toCompactString());
        directoryImpl.setAttribute("ldap.user.firstname", repositoryConfiguration.getStringComponent("firstnameAttribute"));
        directoryImpl.setAttribute("ldap.user.lastname", repositoryConfiguration.getStringComponent("surnameAttribute"));
        directoryImpl.setAttribute("ldap.user.objectclass", extractObjectClassOrCategory(repositoryConfiguration, "userSearchFilter"));
        String stringComponent3 = repositoryConfiguration.getStringComponent("usernameAttribute");
        directoryImpl.setAttribute("ldap.user.filter", getRefinedUserSearchFilter(repositoryConfiguration.getStringComponent("userSearchFilter"), stringComponent3));
        directoryImpl.setAttribute("ldap.user.username", stringComponent3);
        directoryImpl.setAttribute("ldap.user.username.rdn", stringComponent3);
        directoryImpl.setAttribute("ldap.user.email", repositoryConfiguration.getStringComponent("emailAttribute"));
        directoryImpl.setAttribute("ldap.usermembership.use", "false");
        directoryImpl.setAttribute("ldap.usermembership.use.for.groups", "false");
        directoryImpl.setAttribute("ldap.relaxed.dn.standardisation", "false");
        if (isActiveDirectory(repositoryConfiguration)) {
            directoryImpl.setAttribute("ldap.pagedresults", "true");
            directoryImpl.setAttribute("ldap.pagedresults.size", "1000");
            directoryImpl.setAttribute("crowd.sync.incremental.enabled", Boolean.TRUE.toString());
        }
        directoryImpl.setAttribute("ldap.roles.disabled", "true");
        directoryImpl.setAttribute("ldap.pooling", repositoryConfiguration.getStringComponent("poolingOn"));
        DefaultConnectionPoolProperties defaultConnectionPoolProperties = new DefaultConnectionPoolProperties();
        if (repositoryConfiguration.hasComponent("initSize")) {
            defaultConnectionPoolProperties.setInitialSize(repositoryConfiguration.getStringComponent("initSize"));
        }
        if (repositoryConfiguration.hasComponent("prefSize")) {
            defaultConnectionPoolProperties.setPreferredSize(repositoryConfiguration.getStringComponent("prefSize"));
        }
        if (repositoryConfiguration.hasComponent("maxSize")) {
            defaultConnectionPoolProperties.setMaximumSize(repositoryConfiguration.getStringComponent("maxSize"));
        }
        if (repositoryConfiguration.hasComponent("timeout")) {
            defaultConnectionPoolProperties.setTimeoutInSec(repositoryConfiguration.getStringComponent("timeout"));
        }
        this.crowdDirectoryService.setConnectionPoolProperties(defaultConnectionPoolProperties);
        setOptionalAttribute(directoryImpl, "ldap.search.timelimit", repositoryConfiguration.getStringComponent("timeToLive"));
        setOptionalAttribute(directoryImpl, "ldap.connection.timeout", repositoryConfiguration.getStringComponent("connectTimeout"));
        setOptionalAttribute(directoryImpl, "ldap.read.timeout", repositoryConfiguration.getStringComponent("readTimeout"));
        log.info("Migrated LDAP repository: " + repositoryConfiguration.getIdentifier().getName());
        return this.crowdDirectoryService.addDirectory(directoryImpl);
    }

    protected String extractObjectClassOrCategory(RepositoryConfiguration repositoryConfiguration, String str) {
        String stringComponent = repositoryConfiguration.getStringComponent(str);
        String extractObjectClass = extractObjectClass(stringComponent);
        if (extractObjectClass != null || !isActiveDirectory(repositoryConfiguration)) {
            return extractObjectClass;
        }
        log.debug("ObjectClass is null and AD detected. Falling back to objectCategory filter component");
        return extractObjectCategory(stringComponent);
    }

    private String getRefinedUserSearchFilter(String str, String str2) {
        if (!str.contains(str2 + "=")) {
            AndFilter andFilter = new AndFilter();
            andFilter.and(new HardcodedFilter(str));
            andFilter.and(new PresentFilter(str2));
            str = andFilter.encode();
        }
        return str;
    }

    private String getImplementationClassName(RepositoryConfiguration repositoryConfiguration) {
        return isActiveDirectory(repositoryConfiguration) ? MicrosoftActiveDirectory.class.getName() : GenericLDAP.class.getName();
    }

    private boolean isActiveDirectory(RepositoryConfiguration repositoryConfiguration) {
        return Boolean.valueOf(System.getProperty("bamboo.upgrade.active.directory")).booleanValue() || repositoryConfiguration.getStringComponent("usernameAttribute").equalsIgnoreCase("sAMAccountName");
    }

    private void setOptionalAttribute(DirectoryImpl directoryImpl, String str, String str2) {
        if (StringUtils.isNotBlank(str2)) {
            directoryImpl.setAttribute(str, str2);
        }
    }

    private String extractObjectClass(String str) {
        Matcher matcher = Pattern.compile("objectClass=([^)]*)").matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        return null;
    }

    private String extractObjectCategory(String str) {
        Matcher matcher = Pattern.compile("objectCategory=([^)]*)").matcher(str);
        if (matcher.find()) {
            return matcher.group(1);
        }
        return null;
    }

    private String getSecureSetting(RepositoryConfiguration repositoryConfiguration) {
        return Boolean.toString("ssl".equals(repositoryConfiguration.getStringComponent("securityProtocol")));
    }

    private String makeLdapUrl(RepositoryConfiguration repositoryConfiguration) {
        StringBuilder sb = new StringBuilder(25);
        sb.append("ldap://");
        sb.append(repositoryConfiguration.getStringComponent("host"));
        sb.append(":");
        sb.append(repositoryConfiguration.getStringComponent("port"));
        return sb.toString();
    }
}
