package org.openthinclient.manager.standalone.patch;

import java.security.SecureRandom;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import org.openthinclient.common.directory.ACLUtils;
import org.openthinclient.ldap.LDAPConnectionDescriptor;
import org.openthinclient.ldap.auth.UsernamePasswordHandler;
import org.openthinclient.service.apacheds.DirectoryService;
import org.openthinclient.service.apacheds.DirectoryServiceConfiguration;
import org.openthinclient.service.common.home.ManagerHome;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/classes/org/openthinclient/manager/standalone/patch/PatchManagerHome.class */
public class PatchManagerHome {
    private static final Logger LOGGER = LoggerFactory.getLogger(PatchManagerHome.class);
    private static final String[] PW_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-".split("");
    private static final SecureRandom RNG = new SecureRandom();
    private ManagerHome managerHome;
    private DirectoryServiceConfiguration configuration;

    public PatchManagerHome(ManagerHome managerHome) {
        this.managerHome = managerHome;
        this.configuration = (DirectoryServiceConfiguration) managerHome.getConfiguration(DirectoryServiceConfiguration.class);
    }

    public void apply() {
        if (!this.configuration.isEmbeddedServerEnabled() || this.configuration.isAccessControlEnabled()) {
            return;
        }
        LOGGER.info("Applying LDAP security patch.");
        try {
            DirectoryService directoryService = new DirectoryService();
            directoryService.setConfiguration(this.configuration);
            directoryService.startService();
            directoryService.changedEmbeddedAdminPassword(this.configuration.getContextSecurityCredentials(), (String) Stream.generate(() -> {
                return PW_CHARS[RNG.nextInt(PW_CHARS.length)];
            }).limit(32L).collect(Collectors.joining()));
            applyACLs();
            this.configuration.setAccessControlEnabled(true);
            this.managerHome.save(DirectoryServiceConfiguration.class);
            LOGGER.info("LDAP security patch succesfully applied.");
        } catch (Exception e) {
            LOGGER.error("LDAP security patch failed", (Throwable) e);
        }
    }

    private void applyACLs() throws NamingException {
        LDAPConnectionDescriptor lDAPConnectionDescriptor = new LDAPConnectionDescriptor();
        lDAPConnectionDescriptor.setProviderType(LDAPConnectionDescriptor.ProviderType.SUN);
        lDAPConnectionDescriptor.setAuthenticationMethod(LDAPConnectionDescriptor.AuthenticationMethod.SIMPLE);
        lDAPConnectionDescriptor.setCallbackHandler(new UsernamePasswordHandler(this.configuration.getContextSecurityPrincipal(), this.configuration.getContextSecurityCredentials().toCharArray()));
        lDAPConnectionDescriptor.setBaseDN(String.format("ou=%s,%s", this.configuration.getPrimaryOU(), this.configuration.getEmbeddedCustomRootPartitionName()));
        LdapContext createDirContext = lDAPConnectionDescriptor.createDirectoryFacade().createDirContext();
        try {
            ACLUtils aCLUtils = new ACLUtils(createDirContext);
            aCLUtils.makeACSA("");
            aCLUtils.enableSearchForAllUsers("");
            aCLUtils.enableAdminUsers("");
            createDirContext.close();
        } catch (Throwable th) {
            createDirContext.close();
            throw th;
        }
    }
}
