package com.dynfi.services;

import com.dynfi.exceptions.CannotDeleteException;
import com.dynfi.exceptions.CannotUpdateException;
import com.dynfi.exceptions.EntityNotFoundException;
import com.dynfi.exceptions.IncorrectValueException;
import com.dynfi.security.PermissionKeys;
import com.dynfi.services.dto.SuperUserCreateRequest;
import com.dynfi.services.dto.UiSettingsUpdateRequest;
import com.dynfi.services.dto.UserCreateRequest;
import com.dynfi.services.dto.UserLdapCreateRequest;
import com.dynfi.services.dto.UserLdapUpdateRequest;
import com.dynfi.services.dto.UserUpdateRequest;
import com.dynfi.storage.entities.ConnectionAgentToken;
import com.dynfi.storage.entities.DeviceGroup;
import com.dynfi.storage.entities.LogEntry;
import com.dynfi.storage.entities.MessageCode;
import com.dynfi.storage.entities.Role;
import com.dynfi.storage.entities.UiSettings;
import com.dynfi.storage.entities.User;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.common.collect.Streams;
import com.google.inject.Singleton;
import dev.morphia.Datastore;
import dev.morphia.UpdateOptions;
import dev.morphia.query.Query;
import dev.morphia.query.filters.Filters;
import dev.morphia.query.updates.UpdateOperators;
import io.crnk.core.engine.internal.jackson.ErrorDataSerializer;
import java.beans.ConstructorProperties;
import java.text.MessageFormat;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
import org.apache.shiro.subject.Subject;
import org.jvnet.hk2.guice.bridge.api.HK2Inject;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/dynfi/services/UserServiceImpl.class */
public class UserServiceImpl implements UserService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) UserServiceImpl.class);
    private final Datastore datastore;
    private final RoleService roleService;
    private final LogService logService;
    private final SystemSettingsService systemSettingsService;

    @HK2Inject
    private ValidationService validationService;
    private final int bcryptCost;
    private final String ldapGroupSearchBase;
    private final String ldapGroupSearchAttribute;
    private final String ldapGroupSearchAttributeFormat;
    private final String ldapGroupNameAttribute;
    private final String ldapUserSearchBaseDn;
    private final String ldapUserSearchAttribute;
    private final String ldapUserNameAttribute;
    private final String ldapUserEmailAttribute;
    private final String ldapDefaultDeviceGroup;
    private final JndiLdapContextFactory ldapFactory = new JndiLdapContextFactory();
    private static final String LDAP_URL = "LDAP%s://%s:%s";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/dynfi/services/UserServiceImpl$UserLdapEmailAndName.class */
    public static final class UserLdapEmailAndName {
        private final String email;
        private final String fullName;

        @ConstructorProperties({"email", "fullName"})
        public UserLdapEmailAndName(String str, String str2) {
            this.email = str;
            this.fullName = str2;
        }

        public String getEmail() {
            return this.email;
        }

        public String getFullName() {
            return this.fullName;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof UserLdapEmailAndName)) {
                return false;
            }
            UserLdapEmailAndName userLdapEmailAndName = (UserLdapEmailAndName) obj;
            String email = getEmail();
            String email2 = userLdapEmailAndName.getEmail();
            if (email == null) {
                if (email2 != null) {
                    return false;
                }
            } else if (!email.equals(email2)) {
                return false;
            }
            String fullName = getFullName();
            String fullName2 = userLdapEmailAndName.getFullName();
            return fullName == null ? fullName2 == null : fullName.equals(fullName2);
        }

        public int hashCode() {
            String email = getEmail();
            int hashCode = (1 * 59) + (email == null ? 43 : email.hashCode());
            String fullName = getFullName();
            return (hashCode * 59) + (fullName == null ? 43 : fullName.hashCode());
        }

        public String toString() {
            return "UserServiceImpl.UserLdapEmailAndName(email=" + getEmail() + ", fullName=" + getFullName() + ")";
        }
    }

    @Inject
    public UserServiceImpl(Datastore datastore, RoleService roleService, LogService logService, SystemSettingsService systemSettingsService, @Named("bcryptCost") int i, @Nullable @Named("ldapHost") String str, @Nullable @Named("ldapPort") String str2, @Named("ldapUseSSL") boolean z, @Nullable @Named("ldapSystemUser") String str3, @Nullable @Named("ldapSystemPassword") String str4, @Nullable @Named("ldapGroupSearchBaseDn") String str5, @Nullable @Named("ldapGroupSearchAttribute") String str6, @Nullable @Named("ldapGroupSearchAttributeFormat") String str7, @Nullable @Named("ldapGroupNameAttribute") String str8, @Nullable @Named("ldapUserSearchBaseDn") String str9, @Nullable @Named("ldapUserSearchAttribute") String str10, @Nullable @Named("ldapUserNameAttribute") String str11, @Nullable @Named("ldapUserEmailAttribute") String str12, @Nullable @Named("ldapDefaultDeviceGroup") String str13) {
        this.datastore = datastore;
        this.roleService = roleService;
        this.logService = logService;
        this.systemSettingsService = systemSettingsService;
        this.bcryptCost = i;
        this.ldapGroupSearchBase = str5;
        this.ldapGroupSearchAttribute = str6;
        this.ldapGroupSearchAttributeFormat = str7;
        this.ldapGroupNameAttribute = str8;
        this.ldapUserSearchBaseDn = str9;
        this.ldapUserSearchAttribute = str10;
        this.ldapUserNameAttribute = str11;
        this.ldapUserEmailAttribute = str12;
        this.ldapDefaultDeviceGroup = str13;
        JndiLdapContextFactory jndiLdapContextFactory = this.ldapFactory;
        Object[] objArr = new Object[3];
        objArr[0] = z ? "S" : "";
        objArr[1] = str;
        objArr[2] = str2;
        jndiLdapContextFactory.setUrl(String.format(LDAP_URL, objArr));
        this.ldapFactory.setSystemUsername(str3);
        this.ldapFactory.setSystemPassword(str4);
    }

    @Override // com.dynfi.services.UserService
    public User getByLogin(String str) {
        return UserService.getByLogin(str, this.datastore).orElse(null);
    }

    @Override // com.dynfi.services.UserService
    public boolean loginAndPasswordAreCorrect(String str, String str2, String str3) {
        User byLogin = getByLogin(str);
        if (byLogin != null) {
            return BCrypt.checkpw(str2, byLogin.getPasswordHash()) && userHasPermission(byLogin, str3);
        }
        BCrypt.checkpw("foo", BCrypt.gensalt(this.bcryptCost));
        return false;
    }

    @Override // com.dynfi.services.UserService
    public boolean userHasPermission(User user, String str) {
        return CollectionUtils.containsAny(getPermissions(user), "*", str);
    }

    @Override // com.dynfi.services.UserService
    public Set<String> getPermissions(User user) {
        return (!User.TwoFactorAuthStatus.FORCED.equals(user.getTwoFactorAuthStatus()) || user.isSuperUser()) ? (Set) user.getRoles().stream().flatMap(role -> {
            return role.getPermissions().stream();
        }).collect(Collectors.toSet()) : getTwoFactorAuthForcedPermissions();
    }

    @Override // com.dynfi.services.UserService
    public User getByEmail(String str) {
        return (User) this.datastore.find(User.class).filter(Filters.eq("email", str)).first();
    }

    @Override // com.dynfi.services.UserService
    public User create(UserCreateRequest userCreateRequest) {
        User build = User.builder().login(userCreateRequest.getLogin()).email(userCreateRequest.getEmail()).fullName(userCreateRequest.getFullName()).accountType(User.AccountType.LOCAL).passwordHash(BCrypt.hashpw(userCreateRequest.getPassword(), BCrypt.gensalt(this.bcryptCost))).twoFactorAuthStatus(userCreateRequest.getTwoFactorAuthStatus()).sessionTimeout(userCreateRequest.getSessionTimeout()).roles(this.roleService.getByIds(userCreateRequest.getRoles())).limitedToDeviceGroups(fetchSpecifiedDeviceGroups(userCreateRequest.getLimitedToDeviceGroups())).build();
        this.datastore.save((Datastore) build);
        this.logService.addLogEntry(MessageCode.USER_CREATED, LogEntry.Severity.INFO, ImmutableMap.of("createdId", build.getId().toString()));
        return build;
    }

    @Override // com.dynfi.services.UserService
    public boolean isLoginFree(String str) {
        return getByLogin(str) == null;
    }

    @Override // com.dynfi.services.UserService
    public boolean isEmailFree(String str) {
        return getByEmail(str) == null;
    }

    @Override // com.dynfi.services.UserService
    public User getById(UUID uuid) {
        return (User) this.datastore.find(User.class).filter(Filters.eq(ErrorDataSerializer.ID, uuid)).first();
    }

    @Override // com.dynfi.services.UserService
    public List<User> getAll() {
        return this.datastore.find(User.class).iterator().toList();
    }

    @Override // com.dynfi.services.UserService
    public List<User> getAllExceptDeleted() {
        return this.datastore.find(User.class).filter(Filters.or(Filters.exists("deletedAt").not(), Filters.eq("deletedAt", null))).iterator().toList();
    }

    @Override // com.dynfi.services.UserService
    public void updatePassword(UUID uuid, String str) {
        User byId = getById(uuid);
        ensureUserNotDeleted(byId);
        byId.setPasswordHash(BCrypt.hashpw(str, BCrypt.gensalt(this.bcryptCost)));
        this.datastore.save((Datastore) byId);
    }

    @Override // com.dynfi.services.UserService
    public void updateTwoFactorAuthSecret(UUID uuid, String str) {
        User byId = getById(uuid);
        ensureUserNotDeleted(byId);
        byId.setTwoFactorAuthSecret(str);
        byId.setTwoFactorAuthStatus(User.TwoFactorAuthStatus.ENABLED);
        this.datastore.save((Datastore) byId);
    }

    @Override // com.dynfi.services.UserService
    public void disableTwoFactorAuth(UUID uuid) {
        User byId = getById(uuid);
        byId.setTwoFactorAuthSecret("");
        byId.setTwoFactorAuthStatus(User.TwoFactorAuthStatus.DISABLED);
        this.datastore.save((Datastore) byId);
    }

    @Override // com.dynfi.services.UserService
    public void forceTwoFactorAuth(UUID uuid) {
        User byId = getById(uuid);
        byId.setTwoFactorAuthSecret("");
        byId.setTwoFactorAuthStatus(User.TwoFactorAuthStatus.FORCED);
        this.datastore.save((Datastore) byId);
    }

    @Override // com.dynfi.services.UserService
    public User updateUser(UUID uuid, UserUpdateRequest userUpdateRequest) {
        User byId = getById(uuid);
        Set<DeviceGroup> limitedToDeviceGroups = byId.getLimitedToDeviceGroups();
        ensureUserNotDeleted(byId);
        byId.setEmail(userUpdateRequest.getEmail());
        byId.setFullName(userUpdateRequest.getFullName());
        byId.setSessionTimeout(userUpdateRequest.getSessionTimeout());
        byId.setNoLogoutOnSessionTimeout(userUpdateRequest.getNoLogoutOnSessionTimeout());
        byId.setRoles(this.roleService.getByIds(userUpdateRequest.getRoles()));
        Set<DeviceGroup> fetchSpecifiedDeviceGroups = fetchSpecifiedDeviceGroups(userUpdateRequest.getLimitedToDeviceGroups());
        byId.setLimitedToDeviceGroups(fetchSpecifiedDeviceGroups);
        this.datastore.save((Datastore) byId);
        if (!fetchSpecifiedDeviceGroups.equals(limitedToDeviceGroups)) {
            Sets.difference(limitedToDeviceGroups, fetchSpecifiedDeviceGroups).forEach(deviceGroup -> {
                this.logService.addLogEntry(MessageCode.USER_REMOVED_FROM_DEVICE_GROUP, LogEntry.Severity.INFO, ImmutableMap.of("deviceGroupId", deviceGroup.getId().toString(), "deviceGroupName", deviceGroup.getName(), "userId", byId.getId().toString()));
            });
            Sets.difference(fetchSpecifiedDeviceGroups, limitedToDeviceGroups).forEach(deviceGroup2 -> {
                this.logService.addLogEntry(MessageCode.USER_ADDED_TO_DEVICE_GROUP, LogEntry.Severity.INFO, ImmutableMap.of("deviceGroupId", deviceGroup2.getId().toString(), "deviceGroupName", deviceGroup2.getName(), "userId", byId.getId().toString()));
            });
        }
        return byId;
    }

    private void ensureUserNotDeleted(User user) {
        if (user.isDeleted()) {
            throw new CannotUpdateException("User already deleted");
        }
    }

    @Override // com.dynfi.services.UserService
    public UiSettings updateUiSettings(Subject subject, UiSettingsUpdateRequest uiSettingsUpdateRequest) {
        UiSettings uiSettings = getUiSettings(subject);
        if (uiSettings == null) {
            uiSettings = new UiSettings(getByLogin((String) subject.getPrincipal()), uiSettingsUpdateRequest.getContent(), uiSettingsUpdateRequest.getLocalizationSettings());
        } else {
            uiSettings.setContent(uiSettingsUpdateRequest.getContent());
            uiSettings.setLocalizationSettings(uiSettingsUpdateRequest.getLocalizationSettings());
        }
        this.datastore.save((Datastore) uiSettings);
        return uiSettings;
    }

    @Override // com.dynfi.services.UserService
    public UiSettings getUiSettings(Subject subject) {
        return (UiSettings) this.datastore.find(UiSettings.class).filter(Filters.eq("user", getByLogin((String) subject.getPrincipal()))).first();
    }

    @Override // com.dynfi.services.UserService
    public boolean isSuperUserInitialised() {
        return this.datastore.find(User.class).count() > 0;
    }

    @Override // com.dynfi.services.UserService
    public User createSuperUser(SuperUserCreateRequest superUserCreateRequest) {
        User build = User.builder().login(superUserCreateRequest.getLogin()).email(superUserCreateRequest.getEmail()).fullName(superUserCreateRequest.getFullName()).passwordHash(BCrypt.hashpw(superUserCreateRequest.getPassword(), BCrypt.gensalt(this.bcryptCost))).twoFactorAuthStatus(User.TwoFactorAuthStatus.DISABLED).roles(ImmutableSet.of(this.roleService.getByName("admin"))).limitedToDeviceGroups(ImmutableSet.of((DeviceGroup) this.datastore.find(DeviceGroup.class).filter(Filters.eq("name", "ALL")).first())).build();
        this.datastore.save((Datastore) build);
        this.logService.addLogEntry(MessageCode.USER_CREATED, LogEntry.Severity.INFO, ImmutableMap.of("createdId", build.getId().toString()));
        return build;
    }

    @Override // com.dynfi.services.UserService
    public User getCurrentUser() {
        return UserService.getCurrentUser(this.datastore);
    }

    @Override // com.dynfi.services.UserService
    public Pair<User, Subject> getCurrentUserAndSubject() {
        return UserService.getCurrentUserAndSubject(this.datastore);
    }

    @Override // com.dynfi.services.UserService
    public void delete(UUID uuid) {
        User currentUser = getCurrentUser();
        logger.info("User {} attempting to delete user {}.", currentUser.getId(), uuid);
        User byId = getById(uuid);
        if (byId == null) {
            throw new EntityNotFoundException("User does not exist");
        }
        if (currentUser.getId().equals(uuid)) {
            throw new CannotDeleteException("Users cannot delete their own accounts");
        }
        ensureTheLastActiveUserOfDefaultGroupNotRemoved(byId);
        deactivateAllConnectionAgentTokensIssuedBy(byId);
        byId.markDeleted();
        this.datastore.save((Datastore) byId);
        logger.info("User {} deleted by user {}.", byId.getId(), currentUser.getId());
        this.logService.addLogEntry(MessageCode.USER_DELETED, LogEntry.Severity.INFO, ImmutableMap.of("deletedId", byId.getId().toString()));
    }

    private void deactivateAllConnectionAgentTokensIssuedBy(User user) {
        this.datastore.find(ConnectionAgentToken.class).filter(Filters.eq("createdBy", user), Filters.eq("deactivated", false)).update(new UpdateOptions().multi(true), UpdateOperators.set("deactivated", true));
    }

    private void ensureTheLastActiveUserOfDefaultGroupNotRemoved(User user) {
        user.getLimitedToDeviceGroups().stream().filter((v0) -> {
            return v0.isDefault();
        }).findAny().ifPresent(deviceGroup -> {
            DeviceGroupServiceImpl.ensureTheLastActiveUserOfGroupNotRemoved(ImmutableSet.of(user.getId()), deviceGroup, this);
        });
    }

    @Override // com.dynfi.services.UserService
    public void addUsersToDeviceGroups(Set<UUID> set, Set<DeviceGroup> set2) {
        handleUsersInDeviceGroups(set, set2, user -> {
            user.addToDeviceGroups(set2);
        }, MessageCode.USER_ADDED_TO_DEVICE_GROUP);
    }

    @Override // com.dynfi.services.UserService
    public void removeUsersFromDeviceGroups(Set<UUID> set, Set<DeviceGroup> set2) {
        handleUsersInDeviceGroups(set, set2, user -> {
            user.removeFromDeviceGroups(set2);
        }, MessageCode.USER_REMOVED_FROM_DEVICE_GROUP);
    }

    @Override // com.dynfi.services.UserService
    public void removeAllUsersFromDeviceGroup(DeviceGroup deviceGroup) {
        this.datastore.find(User.class).filter(Filters.eq(User.LIMITED_TO_DEVICE_GROUPS_FIELD_NAME, deviceGroup)).update(new UpdateOptions().multi(true), UpdateOperators.pullAll(User.LIMITED_TO_DEVICE_GROUPS_FIELD_NAME, Collections.singletonList(deviceGroup)));
    }

    @Override // com.dynfi.services.UserService
    public Set<UUID> getActiveUsersAssignedToDeviceGroup(DeviceGroup deviceGroup) {
        return (Set) StreamSupport.stream(this.datastore.find(User.class).filter(Filters.in(User.LIMITED_TO_DEVICE_GROUPS_FIELD_NAME, Collections.singletonList(deviceGroup)), Filters.exists("deletedAt").not()).spliterator(), false).map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet());
    }

    @Override // com.dynfi.services.UserService
    public Duration getSessionTimeout(User user) {
        return user.getSessionTimeout() != null ? user.getSessionTimeout() : this.systemSettingsService.getLatest().getSessionTimeout();
    }

    private void handleUsersInDeviceGroups(Set<UUID> set, Set<DeviceGroup> set2, Consumer<User> consumer, MessageCode messageCode) {
        ((List) Streams.stream(this.datastore.find(User.class).filter(Filters.in(ErrorDataSerializer.ID, set)).iterator()).peek(consumer).collect(Collectors.toList())).forEach(user -> {
            this.datastore.save((Datastore) user);
            set2.forEach(deviceGroup -> {
                this.logService.addLogEntry(messageCode, LogEntry.Severity.INFO, ImmutableMap.of("deviceGroupId", deviceGroup.getId().toString(), "deviceGroupName", deviceGroup.getName(), "userId", user.getId().toString()));
            });
        });
    }

    private Set<DeviceGroup> fetchSpecifiedDeviceGroups(Set<UUID> set) {
        if (CollectionUtils.isEmpty(set)) {
            return Collections.emptySet();
        }
        Query find = this.datastore.find(DeviceGroup.class);
        DeviceGroupServiceImpl.addFilterToQueryToLimitDeviceGroupsIds(find, getCurrentUser(), set);
        Collection list = find.iterator().toList();
        if (CollectionUtils.isEmpty(list)) {
            throw new IncorrectValueException("Cannot allow the user to no device groups at all");
        }
        return new HashSet(list);
    }

    private Set<String> getTwoFactorAuthForcedPermissions() {
        return Set.of(PermissionKeys.USERS__CREATE_TOKEN, PermissionKeys.USERS__WHOAMI, PermissionKeys.USERS__SETUP_2FA_SELF);
    }

    @Override // com.dynfi.services.UserService
    public void changeAccountType(UUID uuid, User.AccountType accountType) {
        User byId = getById(uuid);
        byId.setAccountType(accountType);
        if (User.AccountType.LDAP.equals(accountType)) {
            byId.setPasswordHash(null);
        }
        this.datastore.save((Datastore) byId);
        this.logService.addLogEntry(MessageCode.USER_ACCOUNT_TYPE_CHANGED, LogEntry.Severity.INFO, ImmutableMap.of("userId", uuid.toString(), "type", accountType.toString()));
    }

    @Override // com.dynfi.services.UserService
    public User updateLdapUser(User user) {
        UserLdapEmailAndName orElse = getUserEmailAndNameFromLdap(user.getLogin()).orElse(new UserLdapEmailAndName(null, null));
        Set<Role> byNames = this.roleService.getByNames(getUserGroupsFromLdap(user.getLogin()));
        this.validationService.validate(new UserLdapUpdateRequest(user.getId(), orElse.getEmail(), orElse.getFullName(), (Set) byNames.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet())), new Class[0]);
        user.setEmail(orElse.getEmail());
        user.setFullName(orElse.getFullName());
        user.setRoles(byNames);
        this.datastore.save((Datastore) user);
        return user;
    }

    @Override // com.dynfi.services.UserService
    public User createLdapUser(UsernamePasswordToken usernamePasswordToken) {
        String username = usernamePasswordToken.getUsername();
        UserLdapEmailAndName orElse = getUserEmailAndNameFromLdap(username).orElse(new UserLdapEmailAndName(null, null));
        Set<Role> byNames = this.roleService.getByNames(getUserGroupsFromLdap(username));
        Set<DeviceGroup> initialDeviceGroupForLdapUser = getInitialDeviceGroupForLdapUser(this.ldapDefaultDeviceGroup);
        this.validationService.validate(new UserLdapCreateRequest(usernamePasswordToken.getUsername(), orElse.getEmail(), orElse.getFullName(), (Set) byNames.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet()), (Set) initialDeviceGroupForLdapUser.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet())), new Class[0]);
        User build = User.builder().login(usernamePasswordToken.getUsername()).email(orElse.getEmail()).fullName(orElse.getFullName()).accountType(User.AccountType.LDAP).twoFactorAuthStatus(User.TwoFactorAuthStatus.DISABLED).roles(byNames).limitedToDeviceGroups(initialDeviceGroupForLdapUser).build();
        this.datastore.save((Datastore) build);
        this.logService.addLogEntry(MessageCode.USER_CREATED, LogEntry.Severity.INFO, ImmutableMap.of("createdId", build.getId().toString()));
        return build;
    }

    private Set<DeviceGroup> getInitialDeviceGroupForLdapUser(String str) {
        if (str == null) {
            str = "ALL";
        }
        DeviceGroup deviceGroup = (DeviceGroup) this.datastore.find(DeviceGroup.class).filter(Filters.eq("name", str)).first();
        if (deviceGroup != null) {
            return Set.of(deviceGroup);
        }
        logger.error("Cannot find device group with name [{}]. Please, make sure the entry in dynfi.conf is correct.", str);
        return Set.of();
    }

    private Optional<UserLdapEmailAndName> getUserEmailAndNameFromLdap(String str) {
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = this.ldapFactory.getSystemLdapContext();
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[]{this.ldapUserNameAttribute, this.ldapUserEmailAttribute});
                searchControls.setSearchScope(2);
                String format = String.format("(%s=%s)", this.ldapUserSearchAttribute, str);
                ArrayList arrayList = new ArrayList();
                NamingEnumeration search = ldapContext.search(this.ldapUserSearchBaseDn, format, searchControls);
                while (search.hasMoreElements()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    arrayList.add(new UserLdapEmailAndName(attributes.get(this.ldapUserEmailAttribute).get().toString(), attributes.get(this.ldapUserNameAttribute).get().toString()));
                }
                if (arrayList.size() > 1) {
                    logger.debug("Expected to get one user details from Ldap, but got more. Ignoring all but first result.");
                }
                Optional<UserLdapEmailAndName> of = Optional.of((UserLdapEmailAndName) arrayList.get(0));
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e) {
                        logger.warn("Couldn't close Ldap context gracefully", e);
                    }
                }
                return of;
            } catch (Throwable th) {
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e2) {
                        logger.warn("Couldn't close Ldap context gracefully", e2);
                    }
                }
                throw th;
            }
        } catch (NamingException | IndexOutOfBoundsException | NullPointerException e3) {
            logger.error("User was correctly authenticated, but DFM couldn't get user name and email from LDAP. It may be an issue with missing/incorrect ldapUser* or ldapSystem* properties in DFM config. Please consult DynFi Manager documentation.", e3);
            Optional<UserLdapEmailAndName> empty = Optional.empty();
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e4) {
                    logger.warn("Couldn't close Ldap context gracefully", e4);
                }
            }
            return empty;
        }
    }

    private Set<String> getUserGroupsFromLdap(String str) {
        HashSet hashSet = new HashSet();
        LdapContext ldapContext = null;
        try {
            try {
                ldapContext = this.ldapFactory.getSystemLdapContext();
                SearchControls searchControls = new SearchControls();
                searchControls.setReturningAttributes(new String[]{this.ldapGroupNameAttribute});
                searchControls.setSearchScope(2);
                NamingEnumeration search = ldapContext.search(this.ldapGroupSearchBase, String.format("(%s=%s)", this.ldapGroupSearchAttribute, MessageFormat.format(this.ldapGroupSearchAttributeFormat, str)), searchControls);
                while (search.hasMoreElements()) {
                    hashSet.add(((SearchResult) search.next()).getAttributes().get(this.ldapGroupNameAttribute).get().toString());
                }
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e) {
                        logger.warn("Couldn't close Ldap context gracefully", e);
                    }
                }
                return hashSet;
            } catch (NamingException | IndexOutOfBoundsException | NullPointerException e2) {
                logger.error("User was correctly authenticated, but DFM couldn't get user groups from LDAP. It may be an issue with missing/incorrect ldapGroup* or ldapSystem* properties in DFM config. Please consult DynFi Manager documentation.", e2);
                if (ldapContext != null) {
                    try {
                        ldapContext.close();
                    } catch (NamingException e3) {
                        logger.warn("Couldn't close Ldap context gracefully", e3);
                    }
                }
                return hashSet;
            }
        } catch (Throwable th) {
            if (ldapContext != null) {
                try {
                    ldapContext.close();
                } catch (NamingException e4) {
                    logger.warn("Couldn't close Ldap context gracefully", e4);
                }
            }
            throw th;
        }
    }
}
