package org.openthinclient.wizard.install;

import java.security.SecureRandom;
import java.util.Date;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.exolab.castor.persist.spi.QueryExpression;
import org.openthinclient.api.context.InstallContext;
import org.openthinclient.api.distributions.ImportItem;
import org.openthinclient.api.distributions.ImportableProfileProvider;
import org.openthinclient.api.distributions.InstallableDistribution;
import org.openthinclient.api.importer.config.ImporterConfiguration;
import org.openthinclient.api.importer.impl.RestModelImporter;
import org.openthinclient.common.config.LDAPServicesConfiguration;
import org.openthinclient.common.directory.ACLUtils;
import org.openthinclient.common.directory.LDAPDirectory;
import org.openthinclient.common.model.OrganizationalUnit;
import org.openthinclient.common.model.Realm;
import org.openthinclient.common.model.User;
import org.openthinclient.common.model.UserGroup;
import org.openthinclient.common.model.schema.provider.SchemaProvider;
import org.openthinclient.common.model.schema.provider.ServerLocalSchemaProvider;
import org.openthinclient.ldap.DirectoryException;
import org.openthinclient.ldap.LDAPConnectionDescriptor;
import org.openthinclient.ldap.TypeMapping;
import org.openthinclient.ldap.auth.UsernamePasswordHandler;
import org.openthinclient.progress.LoggingProgressReceiver;
import org.openthinclient.service.apacheds.DirectoryService;
import org.openthinclient.service.apacheds.DirectoryServiceConfiguration;
import org.openthinclient.service.common.home.ManagerHome;
import org.openthinclient.wizard.FirstStartWizardMessages;
import org.openthinclient.wizard.model.DirectoryModel;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;

/* loaded from: input_file:BOOT-INF/lib/manager-first-start-wizard-2019.1.jar:org/openthinclient/wizard/install/BootstrapLDAPInstallStep.class */
public class BootstrapLDAPInstallStep extends AbstractInstallStep {
    private final DirectoryModel directoryModel;
    private final InstallableDistribution distribution;
    private final ImportableProfileProvider profileProvider;

    @Configuration
    @Import({LDAPServicesConfiguration.class, ImporterConfiguration.class})
    /* loaded from: input_file:BOOT-INF/lib/manager-first-start-wizard-2019.1.jar:org/openthinclient/wizard/install/BootstrapLDAPInstallStep$BootstrapConfiguration.class */
    public static class BootstrapConfiguration {

        @Autowired
        ManagerHome managerHome;

        @Bean
        public LDAPConnectionDescriptor ldapConnectionDescriptor() {
            LDAPConnectionDescriptor lDAPConnectionDescriptor = new LDAPConnectionDescriptor();
            lDAPConnectionDescriptor.setProviderType(LDAPConnectionDescriptor.ProviderType.SUN);
            lDAPConnectionDescriptor.setAuthenticationMethod(LDAPConnectionDescriptor.AuthenticationMethod.SIMPLE);
            DirectoryServiceConfiguration directoryServiceConfiguration = (DirectoryServiceConfiguration) this.managerHome.getConfiguration(DirectoryServiceConfiguration.class);
            lDAPConnectionDescriptor.setCallbackHandler(new UsernamePasswordHandler(directoryServiceConfiguration.getContextSecurityPrincipal(), directoryServiceConfiguration.getContextSecurityCredentials().toCharArray()));
            return lDAPConnectionDescriptor;
        }

        @Bean
        public SchemaProvider schemaProvider() {
            return new ServerLocalSchemaProvider(this.managerHome.getLocation().toPath().resolve("nfs").resolve("root").resolve("schema"));
        }
    }

    public BootstrapLDAPInstallStep(DirectoryModel directoryModel, InstallableDistribution installableDistribution, ImportableProfileProvider importableProfileProvider) {
        this.directoryModel = directoryModel;
        this.distribution = installableDistribution;
        this.profileProvider = importableProfileProvider;
    }

    public static void setupDefaultOUs(LDAPDirectory lDAPDirectory, OrganizationalUnit organizationalUnit) throws DirectoryException {
        for (TypeMapping typeMapping : lDAPDirectory.getMapping().getTypes().values()) {
            OrganizationalUnit organizationalUnit2 = new OrganizationalUnit();
            String baseRDN = typeMapping.getBaseRDN();
            if (null != baseRDN) {
                organizationalUnit2.setName(baseRDN.substring(baseRDN.indexOf(QueryExpression.OpEquals) + 1));
                lDAPDirectory.save(organizationalUnit2, organizationalUnit.getDn());
            }
        }
    }

    @Override // org.openthinclient.wizard.install.AbstractInstallStep
    protected void doExecute(InstallContext installContext) throws Exception {
        ManagerHome managerHome = installContext.getManagerHome();
        DirectoryServiceConfiguration directoryServiceConfiguration = (DirectoryServiceConfiguration) managerHome.getConfiguration(DirectoryServiceConfiguration.class);
        directoryServiceConfiguration.setPrimaryOU(this.directoryModel.getPrimaryOU().getName());
        this.log.info("Starting the embedded LDAP server and bootstrapping the configuration");
        DirectoryService directoryService = new DirectoryService();
        directoryService.setConfiguration(directoryServiceConfiguration);
        directoryService.startService();
        bootstrapDirectory(directoryServiceConfiguration, directoryService);
        this.log.info("Saving the ldap configuration.");
        managerHome.save(DirectoryServiceConfiguration.class);
        directoryService.flushEmbeddedServerData();
        this.log.info("Loading and configuring base profiles");
        AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext();
        Throwable th = null;
        try {
            try {
                annotationConfigApplicationContext.getBeanFactory().registerSingleton("managerHome", installContext.getManagerHome());
                annotationConfigApplicationContext.register(BootstrapConfiguration.class);
                annotationConfigApplicationContext.refresh();
                RestModelImporter restModelImporter = (RestModelImporter) annotationConfigApplicationContext.getBean(RestModelImporter.class);
                for (ImportItem importItem : this.distribution.getImportItems()) {
                    this.log.info("Loading profile from " + importItem.getPath());
                    restModelImporter.importProfileObject(this.profileProvider.access(installContext, importItem, new LoggingProgressReceiver()));
                }
                if (annotationConfigApplicationContext != null) {
                    if (0 != 0) {
                        try {
                            annotationConfigApplicationContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        annotationConfigApplicationContext.close();
                    }
                }
                this.log.info("Stopping the embedded LDAP server.");
                directoryService.stopService();
            } finally {
            }
        } catch (Throwable th3) {
            if (annotationConfigApplicationContext != null) {
                if (th != null) {
                    try {
                        annotationConfigApplicationContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    annotationConfigApplicationContext.close();
                }
            }
            throw th3;
        }
    }

    private void bootstrapDirectory(DirectoryServiceConfiguration directoryServiceConfiguration, DirectoryService directoryService) throws Exception {
        LDAPConnectionDescriptor createLdapConnectionDescriptor = createLdapConnectionDescriptor(directoryServiceConfiguration);
        LDAPDirectory openEnv = LDAPDirectory.openEnv(createLdapConnectionDescriptor);
        OrganizationalUnit organizationalUnit = setupRootOU(openEnv, directoryServiceConfiguration);
        Realm realm = setupRealm(openEnv, organizationalUnit);
        setupDefaultOUs(openEnv, organizationalUnit);
        setupAdminUser(openEnv, organizationalUnit, realm);
        setupACLs(createLdapConnectionDescriptor, organizationalUnit, directoryServiceConfiguration);
        secureContextSecurityCredentials(directoryServiceConfiguration, directoryService);
    }

    private Realm setupRealm(LDAPDirectory lDAPDirectory, OrganizationalUnit organizationalUnit) throws Exception {
        Realm realm = new Realm();
        realm.setDescription(organizationalUnit.getDescription());
        UserGroup userGroup = new UserGroup();
        userGroup.setName("administrators");
        realm.setAdministrators(userGroup);
        realm.setValue("invisibleObjects.initialized", new Date().toString());
        User user = new User();
        user.setName("roPrincipal");
        user.setSn("Read Only User");
        user.setNewPassword("secret");
        realm.setReadOnlyPrincipal(user);
        lDAPDirectory.save(realm, organizationalUnit.getDn());
        return realm;
    }

    private void setupAdminUser(LDAPDirectory lDAPDirectory, OrganizationalUnit organizationalUnit, Realm realm) throws Exception {
        User administratorUser = this.directoryModel.getAdministratorUser();
        lDAPDirectory.save(administratorUser, new LdapName(organizationalUnit.getDn()).add("ou=users").toString());
        UserGroup administrators = realm.getAdministrators();
        administrators.getMembers().add(administratorUser);
        lDAPDirectory.save(administrators);
        lDAPDirectory.save(realm);
    }

    private OrganizationalUnit setupRootOU(LDAPDirectory lDAPDirectory, DirectoryServiceConfiguration directoryServiceConfiguration) throws DirectoryException {
        OrganizationalUnit primaryOU = this.directoryModel.getPrimaryOU();
        lDAPDirectory.save(primaryOU, directoryServiceConfiguration.getEmbeddedCustomRootPartitionName());
        return primaryOU;
    }

    private void setupACLs(LDAPConnectionDescriptor lDAPConnectionDescriptor, OrganizationalUnit organizationalUnit, DirectoryServiceConfiguration directoryServiceConfiguration) throws NamingException {
        LDAPConnectionDescriptor lDAPConnectionDescriptor2 = new LDAPConnectionDescriptor(lDAPConnectionDescriptor);
        lDAPConnectionDescriptor2.setBaseDN(organizationalUnit.getDn());
        LdapContext createDirContext = lDAPConnectionDescriptor2.createDirectoryFacade().createDirContext();
        try {
            ACLUtils aCLUtils = new ACLUtils(createDirContext);
            aCLUtils.makeACSA("");
            aCLUtils.enableSearchForAllUsers("");
            aCLUtils.enableAdminUsers("");
            createDirContext.close();
            directoryServiceConfiguration.setAccessControlEnabled(true);
        } catch (Throwable th) {
            createDirContext.close();
            throw th;
        }
    }

    private void secureContextSecurityCredentials(DirectoryServiceConfiguration directoryServiceConfiguration, DirectoryService directoryService) {
        SecureRandom secureRandom = new SecureRandom();
        String[] split = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-".split("");
        directoryService.changedEmbeddedAdminPassword(directoryServiceConfiguration.getContextSecurityCredentials(), (String) Stream.generate(() -> {
            return split[secureRandom.nextInt(split.length)];
        }).limit(32L).collect(Collectors.joining()));
    }

    private LDAPConnectionDescriptor createLdapConnectionDescriptor(DirectoryServiceConfiguration directoryServiceConfiguration) {
        LDAPConnectionDescriptor lDAPConnectionDescriptor = new LDAPConnectionDescriptor();
        lDAPConnectionDescriptor.setConnectionMethod(LDAPConnectionDescriptor.ConnectionMethod.PLAIN);
        lDAPConnectionDescriptor.setProviderType(LDAPConnectionDescriptor.ProviderType.SUN);
        lDAPConnectionDescriptor.setHostname("localhost");
        lDAPConnectionDescriptor.setAuthenticationMethod(LDAPConnectionDescriptor.AuthenticationMethod.SIMPLE);
        lDAPConnectionDescriptor.setPortNumber((short) directoryServiceConfiguration.getEmbeddedLdapPort());
        lDAPConnectionDescriptor.setCallbackHandler(new UsernamePasswordHandler(directoryServiceConfiguration.getContextSecurityPrincipal(), directoryServiceConfiguration.getContextSecurityCredentials()));
        return lDAPConnectionDescriptor;
    }

    @Override // org.openthinclient.wizard.install.AbstractInstallStep
    public String getName() {
        return this.mc.getMessage(FirstStartWizardMessages.UI_FIRSTSTART_INSTALL_BOOTSTRAPLDAPINSTALLSTEP_LABEL, new Object[0]);
    }

    @Override // org.openthinclient.wizard.install.AbstractInstallStep
    public double getProgress() {
        return 1.0d;
    }
}
