package com.sun.identity.console.dm.model;

import com.iplanet.am.sdk.AMException;
import com.iplanet.am.sdk.AMGroup;
import com.iplanet.am.sdk.AMOrganization;
import com.iplanet.am.sdk.AMOrganizationalUnit;
import com.iplanet.am.sdk.AMPeopleContainer;
import com.iplanet.am.sdk.AMSearchControl;
import com.iplanet.am.sdk.AMSearchResults;
import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMTemplate;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.sso.SSOException;
import com.sun.identity.common.admin.AdminInterfaceUtils;
import com.sun.identity.console.base.model.AMAdminUtils;
import com.sun.identity.console.base.model.AMConsoleException;
import com.sun.identity.console.base.model.AMFormatUtils;
import com.sun.identity.console.base.model.AMModelBase;
import com.sun.identity.console.base.model.AMSystemConfig;
import com.sun.identity.console.base.model.Debugger;
import com.sun.identity.console.delegation.model.DelegationConfig;
import com.sun.identity.console.property.PropertyTemplate;
import com.sun.identity.console.property.PropertyXMLBuilder;
import com.sun.identity.sm.AttributeSchema;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.SchemaType;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import netscape.ldap.util.DN;
import netscape.ldap.util.RDN;

/* loaded from: input_file:120955-03/SUNWamcon/reloc/SUNWam/console.war:WEB-INF/lib/console.jar:com/sun/identity/console/dm/model/UserModelImpl.class */
public class UserModelImpl extends DMModelBase implements UserModel {
    AMUser user;
    private Set users;
    private Set peopleContainers;
    private static final String DYNAMIC = "dynamic-";
    private Map searchResultAttributes;
    public static final String SELECTED_SERVICE_NAMES = "amSelectedServices";
    public static final String CONSOLE_DEFAULT_ROLES_ATTR = "iplanet-am-admin-console-default-roles";
    private static final String SHOW_PC_TAG = "\n<property required=\"true\"><label name=\"lblPeopleContainer\" defaultValue=\"table.dm.path.column.name\" labelFor=\"peopleContainer\" /><cc name=\"peopleContainer\" tagclass=\"com.sun.web.ui.taglib.html.CCDropDownMenuTag\" ></cc><fieldhelp name=\"lblHelp\" defaultValue=\"new.user.container.help\" /></property>";

    public UserModelImpl(HttpServletRequest httpServletRequest, Map map) {
        super(httpServletRequest, map);
        this.user = null;
        this.users = null;
        this.peopleContainers = null;
        this.searchResultAttributes = null;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Map getAssignableServiceNames(String str) throws AMConsoleException {
        HashMap hashMap = null;
        this.user = getUser(str);
        try {
            Set<String> registeredServiceNames = this.dpStoreConn.getOrganization(this.user.getOrganizationDN()).getRegisteredServiceNames();
            registeredServiceNames.removeAll(this.user.getAssignedServices());
            if (registeredServiceNames != null && !registeredServiceNames.isEmpty()) {
                hashMap = new HashMap(registeredServiceNames.size() * 2);
                for (String str2 : registeredServiceNames) {
                    if (hasDisplayedAttributes(str2, SchemaType.USER) || hasDisplayedAttributes(str2, SchemaType.DYNAMIC)) {
                        String localizedServiceName = getLocalizedServiceName(str2);
                        if (!str2.equals(localizedServiceName)) {
                            hashMap.put(str2, localizedServiceName);
                        }
                    }
                }
            }
        } catch (AMException e) {
            Debugger.warning("`UserModel.getAssignableServices", e);
            throw new AMConsoleException(getErrorString(e));
        } catch (SSOException e2) {
            Debugger.warning("UserModel.getAssignableServices", e2);
        }
        return hashMap == null ? Collections.EMPTY_MAP : hashMap;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public void assignService(String str, String str2) throws AMConsoleException {
        String str3 = null;
        String str4 = null;
        this.user = getUser(str);
        HashSet hashSet = new HashSet(2);
        hashSet.add(str2);
        try {
            String[] strArr = {str, str2};
            logEvent("ATTEMPT_DIR_MGR_ASSIGN_SERVICE_USER", strArr);
            this.user.assignServices(hashSet);
            logEvent("SUCCEED_DIR_MGR_ASSIGN_SERVICE_USER", strArr);
        } catch (AMException e) {
            str4 = getErrorString(e);
            str3 = "AM_EXCEPTION_DIR_MGR_ASSIGN_SERVICE_USER";
        } catch (SSOException e2) {
            str4 = getErrorString(e2);
            str3 = "SSO_EXCEPTION_DIR_MGR_ASSIGN_SERVICE_USER";
        }
        if (str4 != null) {
            if (Debugger.warningEnabled()) {
                Debugger.warning(new StringBuffer().append("UserModel.assignServices ").append(str4).toString());
            }
            logEvent(str3, new String[]{str, str4});
            throw new AMConsoleException(str4);
        }
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Set getAssignedRoles(String str) {
        Set set = Collections.EMPTY_SET;
        String[] strArr = {str};
        logEvent("ATTEMPT_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", strArr);
        try {
            this.user = getUser(str);
            if (this.user != null) {
                set = this.user.getRoleDNs();
            }
            logEvent("SUCCEED_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", strArr);
        } catch (AMException e) {
            logEvent("AM_EXCEPTION_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", new String[]{str, getErrorString(e)});
            Debugger.error("UserModelImpl.getAssignedRoles", e);
        } catch (SSOException e2) {
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", new String[]{str, getErrorString(e2)});
            Debugger.error("UserModelImpl.getAssignedRoles", e2);
        }
        if (set == null) {
            set = Collections.EMPTY_SET;
        } else {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                int objectType = getObjectType(str2);
                if (objectType != 6 && objectType != 7) {
                    if (Debugger.warningEnabled()) {
                        Debugger.warning(new StringBuffer().append("removing ").append(str2).append(" from the ").append("users role list. It is not an IS role.").toString());
                    }
                    it.remove();
                }
            }
        }
        return set;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public void updateRoles(String str, Set set) throws AMConsoleException {
        this.user = getUser(str);
        Set userRoleDNs = getUserRoleDNs();
        Set excludedObjFromSet = excludedObjFromSet(userRoleDNs, set);
        Set excludedObjFromSet2 = excludedObjFromSet(set, userRoleDNs);
        removeRoles(excludedObjFromSet);
        addRoles(excludedObjFromSet2);
    }

    private Set getUserRoleDNs() {
        Set set = Collections.EMPTY_SET;
        try {
            if (this.user != null) {
                String[] strArr = {this.user.getDN()};
                logEvent("ATTEMPT_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", strArr);
                set = this.user.getRoleDNs();
                logEvent("SUCCEED_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", strArr);
            }
        } catch (AMException e) {
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", new String[]{this.user.getDN(), getErrorString(e)});
            Debugger.warning("UMUserModelImpl.getUserRoleDNs", e);
        } catch (SSOException e2) {
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_ASSIGNED_ROLE_OF_USER", new String[]{this.user.getDN(), getErrorString(e2)});
            Debugger.error("UMUserModelImpl.getUserRoleDNs", e2);
        }
        if (set == null) {
            set = Collections.EMPTY_SET;
        } else {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (getObjectType(str) != 6) {
                    if (Debugger.warningEnabled()) {
                        Debugger.warning(new StringBuffer().append("removing ").append(str).append(" from the ").append("users role list. It is not an IS role.").toString());
                    }
                    it.remove();
                }
            }
        }
        return set;
    }

    private void removeRoles(Set set) throws AMConsoleException {
        String str = null;
        if (set != null && !set.isEmpty()) {
            String[] strArr = new String[2];
            strArr[0] = this.user.getDN();
            Iterator it = set.iterator();
            while (it.hasNext() && str == null) {
                String str2 = (String) it.next();
                strArr[1] = str2;
                logEvent("ATTEMPT_DIR_MGR_REMOVE_ROLE_FROM_USER", strArr);
                try {
                    this.user.removeRole(str2);
                    logEvent("SUCCEED_DIR_MGR_REMOVE_ROLE_FROM_USER", strArr);
                } catch (AMException e) {
                    str = getErrorString(e);
                    logEvent("AM_EXCEPTION_DIR_MGR_REMOVE_ROLE_FROM_USER", new String[]{this.user.getDN(), str2, str});
                    Debugger.warning("failed to remove role from user", e);
                } catch (SSOException e2) {
                    str = getErrorString(e2);
                    logEvent("SSO_EXCEPTION_DIR_MGR_REMOVE_ROLE_FROM_USER", new String[]{this.user.getDN(), str2, str});
                    Debugger.warning("failed to remove role from user", e2);
                }
            }
        }
        if (str != null) {
            throw new AMConsoleException(str);
        }
    }

    private void addRoles(Set set) throws AMConsoleException {
        String str = null;
        if (set != null && !set.isEmpty()) {
            String[] strArr = new String[2];
            strArr[0] = this.user.getDN();
            Iterator it = set.iterator();
            while (it.hasNext() && str == null) {
                String str2 = (String) it.next();
                strArr[1] = str2;
                logEvent("ATTEMPT_DIR_MGR_ADD_ROLE_TO_USER", strArr);
                try {
                    this.user.assignRole(str2);
                    logEvent("SUCCEED_DIR_MGR_ADD_ROLE_TO_USER", strArr);
                } catch (AMException e) {
                    str = getErrorString(e);
                    logEvent("AM_EXCEPTION_DIR_MGR_ADD_ROLE_TO_USER", new String[]{this.user.getDN(), str2, str});
                } catch (SSOException e2) {
                    str = getErrorString(e2);
                    logEvent("SSO_EXCEPTION_DIR_MGR_ADD_ROLE_TO_USER", new String[]{this.user.getDN(), str2, str});
                }
            }
        }
        if (str != null) {
            throw new AMConsoleException(str);
        }
    }

    private Set excludedObjFromSet(Set set, Set set2) {
        HashSet hashSet = new HashSet(set.size());
        for (Object obj : set) {
            if (!set2.contains(obj)) {
                hashSet.add(obj);
            }
        }
        return hashSet;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Map getAssignedServices(String str) {
        HashMap hashMap = null;
        try {
            this.user = getUser(str);
            Set<String> assignedServices = this.user.getAssignedServices();
            if (assignedServices != null && !assignedServices.isEmpty()) {
                hashMap = new HashMap(assignedServices.size() * 2);
                for (String str2 : assignedServices) {
                    String localizedServiceName = getLocalizedServiceName(str2);
                    if (!str2.equals(localizedServiceName)) {
                        hashMap.put(str2, localizedServiceName);
                    }
                }
            }
        } catch (AMException e) {
            Debugger.warning("UserModel.getAssignedServices", e);
        } catch (SSOException e2) {
            Debugger.warning("UserModel.getAssignedServices", e2);
        }
        return hashMap == null ? Collections.EMPTY_MAP : hashMap;
    }

    @Override // com.sun.identity.console.dm.model.DMModelBase, com.sun.identity.console.dm.model.DMModel
    public void removeServices(String str, Set set) throws AMConsoleException {
        String str2 = null;
        String str3 = null;
        try {
            this.user = getUser(str);
            String[] strArr = {str};
            logEvent("ATTEMPT_DIR_MGR_REMOVE_SERVICE_USER", strArr);
            this.user.unassignServices(set);
            logEvent("SUCCEED_DIR_MGR_REMOVE_SERVICE_USER", strArr);
        } catch (AMException e) {
            str2 = getErrorString(e);
            str3 = "AM_EXCEPTION_DIR_MGR_REMOVE_SERVICE_USER";
        } catch (SSOException e2) {
            str2 = getErrorString(e2);
            str3 = "SSO_EXCEPTION_DIR_MGR_REMOVE_SERVICE_USER";
        }
        if (str2 != null) {
            if (Debugger.warningEnabled()) {
                Debugger.warning(new StringBuffer().append("UserModel.removeServices ").append(str2).toString());
            }
            logEvent(str3, new String[]{str, str2});
            throw new AMConsoleException(str2);
        }
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Set getUsers(String str, String str2) {
        Debugger.message("UserModel.getUsers()");
        if (this.users == null) {
            if (str == null) {
                str = getStartDSDN();
            }
            AMSearchResults aMSearchResults = null;
            AMSearchControl aMSearchControl = new AMSearchControl();
            aMSearchControl.setSearchScope(2);
            String userOrganization = getUserOrganization();
            setSearchControlAttributes(aMSearchControl, getUserSearchReturnValue(userOrganization));
            try {
                String[] strArr = {str, str2};
                logEvent("ATTEMPT_DIR_MGR_SEARCH_FOR_USERS_IN_ORG", strArr);
                int objectType = getObjectType(str);
                if (objectType == 2) {
                    AMOrganization organization = this.dpStoreConn.getOrganization(str);
                    setSearchControlLimits(organization, aMSearchControl);
                    aMSearchResults = organization.searchUsers(aMSearchControl, getSearchFilter(userOrganization, str2));
                    logEvent("SUCCEED_DIR_MGR_SEARCH_FOR_USERS_IN_ORG", strArr);
                } else if (objectType == 3) {
                    AMOrganizationalUnit organizationalUnit = this.dpStoreConn.getOrganizationalUnit(str);
                    setSearchControlLimits(organizationalUnit, aMSearchControl);
                    aMSearchResults = organizationalUnit.searchUsers(aMSearchControl, getSearchFilter(userOrganization, str2));
                    logEvent("SUCCEED_DIR_MGR_SEARCH_FOR_USERS_IN_ORG", strArr);
                } else if (objectType == 5) {
                    AMPeopleContainer peopleContainer = this.dpStoreConn.getPeopleContainer(str);
                    String organizationDN = peopleContainer.getOrganizationDN();
                    if (getObjectType(organizationDN) == 2) {
                        setSearchControlLimits(this.dpStoreConn.getOrganization(organizationDN), aMSearchControl);
                    } else {
                        setSearchControlLimits(this.dpStoreConn.getOrganizationalUnit(organizationDN), aMSearchControl);
                    }
                    aMSearchResults = peopleContainer.searchUsers(aMSearchControl, getSearchFilter(organizationDN, str2));
                } else {
                    Debugger.warning("UserModel.getUsers() : unsupported type");
                }
            } catch (AMException e) {
                logEvent("AM_EXCEPTION_DIR_MGR_SEARCH_FOR_USERS_IN_ORG", new String[]{str, str2, getErrorString(e)});
                Debugger.warning("UserModelImpl.getUsers", e);
            } catch (SSOException e2) {
                logEvent("SSO_EXCEPTION_DIR_MGR_SEARCH_FOR_USERS_IN_ORG", new String[]{str, str2, getErrorString(e2)});
                Debugger.warning("UserModelImpl.getUsers", e2);
            }
            if (aMSearchResults != null) {
                this.users = aMSearchResults.getSearchResults();
                this.searchResultAttributes = aMSearchResults.getResultAttributes();
                this.errorMessage = AMAdminUtils.getSearchResultWarningMessage(aMSearchResults, this);
            }
        }
        if (Debugger.messageEnabled()) {
            Debugger.message(new StringBuffer().append("search for users returned ").append(this.users).toString());
        }
        return this.users;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public void updateUser(String str, Map map) throws AMConsoleException {
        if (Debugger.messageEnabled()) {
            Debugger.message(new StringBuffer().append("UserModel.updateUser ").append(str).toString());
            Debugger.message(new StringBuffer().append("data = ").append(map).toString());
        }
        Iterator it = map.keySet().iterator();
        while (it.hasNext()) {
            Set set = (Set) map.get((String) it.next());
            if (set == null || set.isEmpty()) {
                it.remove();
            }
        }
        validateRequiredAttributes(map);
        try {
            String[] strArr = {str};
            logEvent("ATTEMPT_DIR_MGR_MODIFY_USER", strArr);
            this.user = getUser(str);
            this.user.setAttributes(map);
            this.user.store();
            logEvent("SUCCEED_DIR_MGR_MODIFY_USER", strArr);
        } catch (AMException e) {
            String errorString = getErrorString(e);
            logEvent("AM_EXCEPTION_DIR_MGR_MODIFY_USER", new String[]{str, errorString});
            throw new AMConsoleException(errorString);
        } catch (SSOException e2) {
            String errorString2 = getErrorString(e2);
            logEvent("SSO_EXCEPTION_DIR_MGR_MODIFY_USER", new String[]{str, errorString2});
            throw new AMConsoleException(errorString2);
        }
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public void createUser(String str, Map map) throws AMConsoleException {
        if (Debugger.messageEnabled()) {
            Debugger.message("UserModel.createUser - beginning... ");
            Debugger.message(new StringBuffer().append("trying to create user with ").append(map).toString());
        }
        if (str == null) {
            str = new StringBuffer().append("ou=People,").append(getStartDSDN()).toString();
        }
        if (map == null || map.isEmpty()) {
            Debugger.warning("null or missing data values");
            throw new AMConsoleException(getLocalizedString("createFailure.message"));
        }
        String str2 = (String) ((Set) map.get(AdminInterfaceUtils.getNamingAttribute(1, AMModelBase.debug))).iterator().next();
        if (str2 == null || str2.length() == 0) {
            throw new AMConsoleException(getLocalizedString("createFailure.message"));
        }
        String str3 = "";
        Set set = (Set) map.remove(UserModel.PEOPLE_CONTAINER);
        if (set != null && !set.isEmpty()) {
            str3 = (String) set.iterator().next();
        }
        validateRequiredAttributes(map);
        Set set2 = Collections.EMPTY_SET;
        HashMap hashMap = new HashMap(2);
        hashMap.put(str2, map);
        String[] strArr = {str, str2};
        logEvent("ATTEMPT_DIR_MGR_CREATE_USER", strArr);
        try {
            getObjectType(str);
            if (str3.length() == 0) {
                getParentDN(str);
                str3 = getDefaultPeopleContainer(str, getObjectType(str));
            }
            Debugger.message(new StringBuffer().append("pcDN set to ").append(str3).toString());
            Set set3 = (Set) map.remove("amSelectedServices");
            if (set3 == null) {
                set3 = Collections.EMPTY_SET;
            }
            AMPeopleContainer peopleContainer = this.dpStoreConn.getPeopleContainer(str3);
            Set createUsers = peopleContainer.createUsers(hashMap, set3);
            if (createUsers != null && !createUsers.isEmpty()) {
                AMUser aMUser = (AMUser) createUsers.iterator().next();
                String dn = aMUser.getDN();
                Set hashSet = new HashSet(2);
                hashSet.add(dn);
                if (assignUserToGroup(str2, hashSet, str) == null) {
                    assignDefaultRolesToUser(aMUser);
                    logEvent("ATTEMPT_DIR_MGR_CREATE_USER", strArr);
                } else {
                    logEvent("AM_EXCEPTION_DIR_MGR_CREATE_USER", new String[]{str, str2, ""});
                    peopleContainer.deleteUsers(hashSet);
                }
            }
        } catch (AMException e) {
            if (Debugger.warningEnabled()) {
                Debugger.warning(new StringBuffer().append("UserModel.createUser ").append(e.getMessage()).toString());
            }
            String errorString = getErrorString(e);
            logEvent("AM_EXCEPTION_DIR_MGR_CREATE_USER", new String[]{str, str2, errorString});
            throw new AMConsoleException(errorString);
        } catch (SSOException e2) {
            logEvent("SSO_EXCEPTION_DIR_MGR_CREATE_USER", new String[]{str, str2, getErrorString(e2)});
            Debugger.error("error in sso ", e2);
        }
        Debugger.message("UserModel.createUser - ending...");
    }

    private String assignUserToGroup(String str, Set set, String str2) {
        if (Debugger.messageEnabled()) {
            Debugger.message("UserModel.assignUserToGroup - begin... ");
            Debugger.message(new StringBuffer().append("user name = ").append(str).toString());
        }
        String str3 = null;
        int objectType = getObjectType(str2);
        if (objectType == 9 || objectType == 10) {
            try {
                this.dpStoreConn.getStaticGroup(str2).addUsers(set);
            } catch (AMException e) {
                Debugger.warning("UserModel.assignUserToGroup", e);
                str3 = getErrorString(e);
            } catch (SSOException e2) {
                Debugger.warning("UserModel.assignUserToGroup", e2);
                str3 = getErrorString(e2);
            }
        } else if (objectType == 12) {
            try {
                this.dpStoreConn.getAssignableDynamicGroup(str2).addUsers(set);
            } catch (AMException e3) {
                Debugger.warning("UserModel.assignUserToGroup", e3);
                str3 = getErrorString(e3);
            } catch (SSOException e4) {
                Debugger.warning("UserModel.assignUserToGroup", e4);
                str3 = getErrorString(e4);
            }
        } else {
            Debugger.warning("location is not a group type");
        }
        if (str3 != null) {
            str3 = MessageFormat.format(getLocalizedString("cannotAssignUserToGroup"), str, str3);
        }
        Debugger.message("UserModel.assignUserToGroup - ending... ");
        return str3;
    }

    private Set getDefaultRoles(AMUser aMUser) {
        Debugger.message("UserModel.getDefaultRoles()");
        Set set = Collections.EMPTY_SET;
        String str = null;
        try {
            str = aMUser.getOrganizationDN();
        } catch (AMException e) {
            Debugger.error("UserModel.getDefaultRoles: cannot get user's organization DN", e);
        } catch (SSOException e2) {
            if (Debugger.warningEnabled()) {
                Debugger.warning("UserModel.getDefaultRoles: cannot get user's organization DN", e2);
            }
        }
        if (str != null) {
            set = getAttrValues("iplanet-am-admin-console-default-roles", "iPlanetAMAdminConsoleService", str);
            Iterator it = set.iterator();
            while (it.hasNext()) {
                if (!str.equalsIgnoreCase(AMAdminUtils.getParent((String) it.next()))) {
                    it.remove();
                }
            }
        }
        return set;
    }

    private void assignDefaultRolesToUser(AMUser aMUser) {
        for (String str : getDefaultRoles(aMUser)) {
            try {
                Debugger.warning(new StringBuffer().append("assignin ").append(str).append(" to user entry").toString());
                aMUser.assignRole(str);
            } catch (AMException e) {
                Debugger.warning("UserModel.assignDefaultRolesToUser", e);
            } catch (SSOException e2) {
                Debugger.warning("UserModel.assignDefaultRolesToUser", e2);
            }
        }
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Map getValues(String str) throws AMConsoleException {
        try {
            String[] strArr = {str};
            logEvent("ATTEMPT_DIR_MGR_GET_USER_ATTR_VALUES", strArr);
            Map correctAttributeNames = correctAttributeNames(this.dpStoreConn.getUser(str).getAttributes());
            logEvent("SUCCEED_DIR_MGR_GET_USER_ATTR_VALUES", strArr);
            if (Debugger.messageEnabled()) {
                Debugger.message(new StringBuffer().append("returning user data  for ").append(str).append(" = ").append(correctAttributeNames).toString());
            }
            return correctAttributeNames == null ? Collections.EMPTY_MAP : correctAttributeNames;
        } catch (AMException e) {
            String errorString = getErrorString(e);
            logEvent("AM_EXCEPTION_DIR_MGR_GET_USER_ATTR_VALUES", new String[]{str, errorString});
            throw new AMConsoleException(errorString);
        } catch (SSOException e2) {
            String errorString2 = getErrorString(e2);
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_USER_ATTR_VALUES", new String[]{str, errorString2});
            throw new AMConsoleException(errorString2);
        }
    }

    private Map correctAttributeNames(Map map) {
        Map dataMap = getDataMap();
        HashMap hashMap = new HashMap(dataMap.size() * 2);
        for (String str : dataMap.keySet()) {
            Object obj = map.get(str.toLowerCase());
            hashMap.put(str, obj != null ? obj : Collections.EMPTY_SET);
        }
        return hashMap;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Map getDataMap() {
        HashMap hashMap = new HashMap();
        try {
            Iterator it = getServiceSchemaManager("iPlanetAMUserService").getSchema(SchemaType.USER).getAttributeSchemas().iterator();
            while (it.hasNext()) {
                hashMap.put(((AttributeSchema) it.next()).getName(), Collections.EMPTY_SET);
            }
            hashMap.put(UserModel.PEOPLE_CONTAINER, Collections.EMPTY_SET);
        } catch (SSOException e) {
            Debugger.error("UserModelImpl.getDataMap", e);
        } catch (SMSException e2) {
            Debugger.error("UserModelImpl.getDataMap", e2);
        }
        return hashMap;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public String getCreateUserPropertyXML(String str) {
        StringBuffer stringBuffer = new StringBuffer(2000);
        try {
            Set userAttributes = getUserAttributes(SchemaType.USER);
            PropertyXMLBuilder.filterAttributes(userAttributes, new String[]{"required", "optional"});
            stringBuffer.append(PropertyTemplate.DEFINITION).append(PropertyTemplate.START_TAG);
            getPropertyXML(userAttributes, stringBuffer, false);
            stringBuffer.append(PropertyTemplate.END_TAG);
            Set peopleContainers = getPeopleContainers(str);
            if (peopleContainers != null && peopleContainers.size() > 1 && !showPeopleContainers()) {
                String stringBuffer2 = stringBuffer.toString();
                stringBuffer.insert(stringBuffer2.indexOf(62, stringBuffer2.indexOf("<section name=")) + 1, SHOW_PC_TAG);
            }
        } catch (SSOException e) {
            Debugger.error("UserModelImpl.getCreateUserPropertyXML", e);
        } catch (SMSException e2) {
            Debugger.error("UserModelImpl.getCreateUserPropertyXML", e2);
        }
        return stringBuffer.toString();
    }

    private boolean isDisplayCombined() {
        String str = "";
        try {
            AMTemplate orgTemplate = getOrgTemplate(getAuthenticatedOrgDN());
            str = orgTemplate == null ? AMAdminUtils.getStringAttribute(getServiceSchemaManager("iPlanetAMAdminConsoleService"), SchemaType.ORGANIZATION, "iplanet-am-admin-console-user-service-display") : AMAdminUtils.getStringAttribute(orgTemplate, "iplanet-am-admin-console-user-service-display");
        } catch (AMException e) {
            Debugger.error("UserModelImpl.isDisplayCombined", e);
        } catch (SSOException e2) {
            Debugger.error("UserModelImpl.isDisplayCombined", e2);
        } catch (SMSException e3) {
            Debugger.error("UserModelImpl.isDisplayCombined", e3);
        }
        return str.equalsIgnoreCase("Combined");
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public String getUserProfileXML(String str, String str2) {
        Set userAttributes;
        boolean canModify = canModify(str, str2);
        StringBuffer stringBuffer = new StringBuffer(2000);
        try {
            Set userAttributes2 = getUserAttributes(SchemaType.USER);
            HashSet hashSet = new HashSet(userAttributes2.size() * 2);
            Iterator it = userAttributes2.iterator();
            while (it.hasNext()) {
                hashSet.add(((AttributeSchema) it.next()).getName());
            }
            PropertyXMLBuilder.filterAttributes(userAttributes2, new String[]{"display", "adminDisplay"});
            stringBuffer.append(PropertyTemplate.DEFINITION).append(PropertyTemplate.START_TAG);
            getPropertyXML(userAttributes2, stringBuffer, !canModify);
            if (isDisplayCombined() && (userAttributes = getUserAttributes(SchemaType.DYNAMIC)) != null) {
                Iterator it2 = userAttributes.iterator();
                while (it2.hasNext()) {
                    if (hashSet.contains(((AttributeSchema) it2.next()).getName())) {
                        it2.remove();
                    }
                }
                getPropertyXML(userAttributes, stringBuffer, true);
            }
            stringBuffer.append(PropertyTemplate.END_TAG);
        } catch (SSOException e) {
            Debugger.error("UserModelImpl.getUserProfileXML", e);
        } catch (SMSException e2) {
            Debugger.error("UserModelImpl.getUserProfileXML", e2);
        }
        return stringBuffer.toString();
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public boolean canModify(String str, String str2) {
        boolean z = false;
        try {
            this.user = getUser(str);
            z = DelegationConfig.getInstance().hasPermission(this.user.getOrganizationDN(), (String) null, "MODIFY", this, str2);
        } catch (AMException e) {
            Debugger.error("UserModelImpl.canModify", e);
        } catch (SSOException e2) {
            Debugger.error("UserModelImpl.canModify", e2);
        }
        return z;
    }

    private void getPropertyXML(Set set, StringBuffer stringBuffer, boolean z) {
        Debugger.message("UserModel.getPropertyXML");
        try {
            PropertyXMLBuilder propertyXMLBuilder = new PropertyXMLBuilder("iPlanetAMUserService", this, set);
            if (z) {
                propertyXMLBuilder.setAllAttributeReadOnly(true);
            }
            stringBuffer.append(propertyXMLBuilder.getXML(false));
        } catch (SSOException e) {
            Debugger.error("UserModelImpl.getPropertyXML", e);
        } catch (AMConsoleException e2) {
            Debugger.error("UserModelImpl.getPropertyXML", e2);
        } catch (SMSException e3) {
            Debugger.error("UserModelImpl.getPropertyXML", e3);
        }
    }

    public void registerService(String str, String str2) throws AMConsoleException {
        if (Debugger.messageEnabled()) {
            Debugger.message("UserModel:registerService");
            Debugger.message(new StringBuffer().append("registering ").append(str2).append(" to ").append(str).toString());
        }
        try {
            this.dpStoreConn.getOrganization(str).registerService(str2, true, true);
        } catch (AMException e) {
            throw new AMConsoleException(getErrorString(e));
        } catch (SSOException e2) {
            throw new AMConsoleException(getErrorString(e2));
        }
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public String getRoleType(String str) {
        return getLocalizedString(getObjectType(str) == 8 ? "filtered.role" : "static.role");
    }

    private Set getUserAttributes(SchemaType schemaType) throws SSOException, SMSException {
        Set set = null;
        try {
            set = getServiceSchemaManager("iPlanetAMUserService").getSchema(schemaType).getAttributeSchemas();
            setMandatoryAttributes(set);
        } catch (SSOException e) {
            Debugger.error("UserModelImpl.getUserAttributes", e);
        } catch (SMSException e2) {
            Debugger.error("UserModelImpl.getUserAttributes", e2);
        }
        return set != null ? set : Collections.EMPTY_SET;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Set getAvailableRoles(String str, Collection collection) {
        Set set = null;
        this.user = getUser(str);
        if (this.user == null) {
            return Collections.EMPTY_SET;
        }
        try {
            AMOrganization organization = this.dpStoreConn.getOrganization(this.user.getOrganizationDN());
            if (organization != null) {
                set = organization.getRoles(1);
            }
            if (set != null) {
                AMAdminUtils.removeAllByDN(set, collection);
            }
        } catch (AMException e) {
            Debugger.error(getErrorString(e));
        } catch (SSOException e2) {
            Debugger.error(getErrorString(e2));
        }
        return set == null ? Collections.EMPTY_SET : set;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Set getAvailableGroups(String str, Collection collection) {
        Set set = null;
        this.user = getUser(str);
        if (this.user == null) {
            return Collections.EMPTY_SET;
        }
        try {
            AMOrganization organization = this.dpStoreConn.getOrganization(this.user.getOrganizationDN());
            if (organization != null) {
                set = organization.getStaticGroups(2);
                set.addAll(organization.getAssignableDynamicGroups(2));
            }
            if (set != null) {
                AMAdminUtils.removeAllByDN(set, collection);
            }
        } catch (AMException e) {
            Debugger.error(getErrorString(e));
        } catch (SSOException e2) {
            Debugger.error(getErrorString(e2));
        }
        return set == null ? Collections.EMPTY_SET : set;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public void updateGroups(String str, Set set) throws AMConsoleException {
        this.user = getUser(str);
        Set assignedGroups = getAssignedGroups(str);
        Set excludedObjFromSet = excludedObjFromSet(assignedGroups, set);
        Set excludedObjFromSet2 = excludedObjFromSet(set, assignedGroups);
        removeGroups(excludedObjFromSet);
        addGroups(excludedObjFromSet2);
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Set getAssignedGroups(String str) {
        Set set = null;
        this.user = getUser(str);
        if (this.user == null) {
            return Collections.EMPTY_SET;
        }
        try {
            String[] strArr = {str};
            logEvent("ATTEMPT_DIR_MGR_GET_ASSIGNED_GROUPS_OF_USER", strArr);
            set = this.user.getStaticGroupDNs();
            set.addAll(this.user.getAssignableDynamicGroupDNs());
            logEvent("SUCCEED_DIR_MGR_GET_ASSIGNED_GROUPS_OF_USER", strArr);
        } catch (AMException e) {
            String errorString = getErrorString(e);
            logEvent("AM_EXCEPTION_DIR_MGR_GET_ASSIGNED_GROUPS_OF_USER", new String[]{str, errorString});
            Debugger.error(errorString);
        } catch (SSOException e2) {
            String errorString2 = getErrorString(e2);
            logEvent("SSO_EXCEPTION_DIR_MGR_GET_ASSIGNED_GROUPS_OF_USER", new String[]{str, errorString2});
            Debugger.error(errorString2);
        }
        if (!isAdminGroupsEnabled()) {
            set = removeHiddenGroups(set);
        }
        if (set == null) {
            set = Collections.EMPTY_SET;
            Debugger.message(new StringBuffer().append("no groups assignded to ").append(this.user.getDN()).toString());
        }
        return set == null ? Collections.EMPTY_SET : set;
    }

    public void removeGroups(Set set) throws AMConsoleException {
        if (this.user == null || set == null || set.isEmpty()) {
            return;
        }
        String str = null;
        String[] strArr = new String[2];
        strArr[0] = this.user.getDN();
        Iterator it = set.iterator();
        while (it.hasNext() && str == null) {
            String str2 = (String) it.next();
            strArr[1] = str2;
            logEvent("ATTEMPT_DIR_MGR_REMOVE_GROUP_FROM_USER", strArr);
            try {
                int objectType = getObjectType(str2);
                if (objectType == 9 || objectType == 10) {
                    this.user.removeStaticGroup(str2);
                } else {
                    this.user.removeAssignableDynamicGroup(str2);
                }
                logEvent("SUCCEED_DIR_MGR_REMOVE_GROUP_FROM_USER", strArr);
            } catch (AMException e) {
                str = getErrorString(e);
                logEvent("AM_EXCEPTION_DIR_MGR_REMOVE_GROUP_FROM_USER", new String[]{this.user.getDN(), str2, str});
                Debugger.warning("removing groups from user", e);
            } catch (SSOException e2) {
                str = getErrorString(e2);
                logEvent("SSO_EXCEPTION_DIR_MGR_REMOVE_GROUP_FROM_USER", new String[]{this.user.getDN(), str2, str});
                Debugger.warning("removing groups from user", e2);
            }
        }
        if (str != null) {
            throw new AMConsoleException(str);
        }
    }

    private Set removeHiddenGroups(Set set) {
        Set set2 = Collections.EMPTY_SET;
        if (set != null && !set.isEmpty()) {
            set2 = new HashSet(set.size());
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                String DNToName = AMFormatUtils.DNToName(this, str);
                if (!DNToName.equalsIgnoreCase("DomainAdministrators") && !DNToName.equalsIgnoreCase("DomainHelpDeskAdministrators") && !DNToName.equalsIgnoreCase("ServiceAdministrators") && !DNToName.equalsIgnoreCase("ServiceHelpDeskAdministrators")) {
                    set2.add(str);
                }
            }
        }
        return set2;
    }

    private void addGroups(Set set) throws AMConsoleException {
        if (this.user == null || set == null || set.isEmpty()) {
            return;
        }
        String[] strArr = new String[2];
        strArr[0] = this.user.getDN();
        String str = null;
        Iterator it = set.iterator();
        while (it.hasNext() && str == null) {
            String str2 = (String) it.next();
            strArr[1] = str2;
            logEvent("ATTEMPT_DIR_MGR_ADD_GROUP_TO_USER", strArr);
            try {
                int objectType = getObjectType(str2);
                if (objectType == 9 || objectType == 10) {
                    this.user.assignStaticGroup(str2);
                } else {
                    this.user.assignAssignableDynamicGroup(str2);
                }
                logEvent("SUCCEED_DIR_MGR_ADD_GROUP_TO_USER", strArr);
            } catch (AMException e) {
                str = getErrorString(e);
                logEvent("AM_EXCEPTION_DIR_MGR_ADD_GROUP_TO_USER", new String[]{this.user.getDN(), str2, str});
                Debugger.warning("assigning groups to user", e);
            } catch (SSOException e2) {
                str = getErrorString(e2);
                logEvent("SSO_EXCEPTION_DIR_MGR_ADD_GROUP_TO_USER", new String[]{this.user.getDN(), str2, str});
                Debugger.warning("assigning groups to user", e2);
            }
        }
        if (str != null) {
            throw new AMConsoleException(str);
        }
    }

    private AMUser getUser(String str) {
        if (this.user == null) {
            try {
                this.user = this.dpStoreConn.getUser(str);
            } catch (SSOException e) {
                Debugger.error(getErrorString(e));
            }
        }
        return this.user;
    }

    public String getDefaultPeopleContainer(String str, int i) {
        String str2 = null;
        try {
            switch (i) {
                case 2:
                case 3:
                    str2 = getDefaultPeopleContainer(str);
                    break;
                case 4:
                case 6:
                case 7:
                case 8:
                case 11:
                default:
                    str2 = "";
                    break;
                case 5:
                    str2 = str;
                    break;
                case 9:
                case 10:
                case 12:
                    str2 = getDefaultPeopleContainer(getParentDN(str));
                    break;
            }
        } catch (AMException e) {
            Debugger.error("UMCreateUserModelImpl.getDefaultPeopleContainer", e);
        } catch (SSOException e2) {
            Debugger.error("UMCreateUserModelImpl.getDefaultPeopleContainer", e2);
        }
        return str2 != null ? str2 : "";
    }

    private String getDefaultPeopleContainer(String str) {
        DN dn;
        if (!str.equalsIgnoreCase(AMSystemConfig.rootSuffix)) {
            dn = new DN(str);
        } else if (AMSystemConfig.rootSuffix.equalsIgnoreCase(AMSystemConfig.defaultOrg)) {
            dn = new DN(AMSystemConfig.defaultOrg);
        } else {
            dn = new DN(AMSystemConfig.rootSuffix);
            dn.addRDN(new RDN(AMSystemConfig.defaultOrg));
        }
        dn.addRDN(new RDN(new StringBuffer().append(AdminInterfaceUtils.getNamingAttribute(5, AMModelBase.debug)).append("=").append(AdminInterfaceUtils.defaultPeopleContainerName()).toString()));
        return dn.toString();
    }

    private Set getGroupPCList(AMGroup aMGroup) {
        Set set = Collections.EMPTY_SET;
        DN dn = new DN(aMGroup.getDN());
        String str = "";
        try {
            str = getParentDN(aMGroup.getDN());
        } catch (AMException e) {
            Debugger.error("getGroupPCList", e);
        } catch (SSOException e2) {
            Debugger.error("getGroupPCList", e2);
        }
        if (str != null) {
            Set attrValues = getAttrValues("iplanet-am-admin-console-group-pclist", "iPlanetAMAdminConsoleService", str);
            if (attrValues != null && !attrValues.isEmpty()) {
                set = new HashSet(attrValues.size());
                Iterator it = attrValues.iterator();
                while (it.hasNext()) {
                    StringTokenizer stringTokenizer = new StringTokenizer((String) it.next(), "|");
                    if (stringTokenizer.countTokens() == 2 && new DN(stringTokenizer.nextToken().trim()).equals(dn)) {
                        set.add(stringTokenizer.nextToken().trim());
                    }
                }
            }
            if (set.isEmpty()) {
                set = new HashSet(1);
                Set attrValues2 = getAttrValues("iplanet-am-admin-console-group-default-pc", "iPlanetAMAdminConsoleService", str);
                if (attrValues2 != null && !attrValues2.isEmpty()) {
                    String trim = ((String) attrValues2.iterator().next()).trim();
                    if (trim.length() > 0) {
                        set.add(trim);
                    }
                }
                if (set.isEmpty()) {
                    set.add(getDefaultPeopleContainer(str));
                }
            }
        }
        return set;
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public Set getPeopleContainers(String str) {
        if (this.peopleContainers == null) {
            this.peopleContainers = Collections.EMPTY_SET;
            try {
                switch (getObjectType(str)) {
                    case 2:
                        this.peopleContainers = this.dpStoreConn.getOrganization(str).getPeopleContainers(1);
                        break;
                    case 3:
                        this.peopleContainers = this.dpStoreConn.getOrganizationalUnit(str).getPeopleContainers(1);
                        break;
                    case 5:
                        this.peopleContainers = new HashSet(1);
                        this.peopleContainers.add(str);
                        break;
                    case 9:
                    case 10:
                        this.peopleContainers = getGroupPCList(this.dpStoreConn.getStaticGroup(str));
                        validatePCList(this.peopleContainers);
                        break;
                    case 12:
                        this.peopleContainers = getGroupPCList(this.dpStoreConn.getAssignableDynamicGroup(str));
                        validatePCList(this.peopleContainers);
                        break;
                }
            } catch (AMException e) {
                AMModelBase.debug.warning("failed getting people containers", e);
            } catch (SSOException e2) {
                AMModelBase.debug.error("failed getting people containers", e2);
            }
        }
        return this.peopleContainers;
    }

    private void validatePCList(Set set) {
        if (set == null || set.isEmpty()) {
            return;
        }
        HashSet hashSet = new HashSet(set.size());
        AMStoreConnection aMStoreConnection = (AMStoreConnection) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.sun.identity.console.dm.model.UserModelImpl.1
            private final UserModelImpl this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    return AMAdminUtils.getStoreConnAsAdmin();
                } catch (SecurityException e) {
                    AMModelBase.debug.error("UMCreateUserModelImpl.validatePCList", e);
                    return null;
                }
            }
        });
        if (aMStoreConnection == null) {
            set.clear();
            return;
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            try {
                AMPeopleContainer peopleContainer = aMStoreConnection.getPeopleContainer((String) it.next());
                if (peopleContainer == null || !peopleContainer.isExists()) {
                    it.remove();
                }
            } catch (SSOException e) {
                AMModelBase.debug.error("UMreateUserModelImpl.validateGroupPCList", e);
            }
        }
        set.removeAll(hashSet);
    }

    private String getSearchFilter(String str, String str2) throws SSOException {
        String userSearchAttribute = getUserSearchAttribute(str);
        StringBuffer stringBuffer = new StringBuffer(10);
        stringBuffer.append("(").append(userSearchAttribute).append("=").append(str2).append(")");
        return stringBuffer.toString();
    }

    @Override // com.sun.identity.console.dm.model.UserModel
    public String getDisplayValue(String str) {
        String str2 = null;
        if (this.searchResultAttributes != null && !this.searchResultAttributes.isEmpty()) {
            Map map = (Map) this.searchResultAttributes.get(str);
            str2 = (String) ((Set) map.get((String) map.keySet().iterator().next())).iterator().next();
        }
        return str2 != null ? str2 : AMFormatUtils.DNToName(this, str, true);
    }
}
