package org.dataone.service.cn.impl.v2;

import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
import java.util.UUID;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.codehaus.plexus.util.LineOrientedInterpolatingReader;
import org.dataone.client.v2.itk.D1Client;
import org.dataone.cn.dao.SystemMetadataDaoMetacatImpl;
import org.dataone.cn.hazelcast.HazelcastClientFactory;
import org.dataone.cn.ldap.DirContextProvider;
import org.dataone.cn.ldap.LDAPService;
import org.dataone.cn.ldap.NodeAccess;
import org.dataone.configuration.Settings;
import org.dataone.service.exceptions.BaseException;
import org.dataone.service.exceptions.IdentifierNotUnique;
import org.dataone.service.exceptions.InvalidRequest;
import org.dataone.service.exceptions.InvalidToken;
import org.dataone.service.exceptions.NotAuthorized;
import org.dataone.service.exceptions.NotFound;
import org.dataone.service.exceptions.NotImplemented;
import org.dataone.service.exceptions.ServiceFailure;
import org.dataone.service.types.v1.Group;
import org.dataone.service.types.v1.Identifier;
import org.dataone.service.types.v1.ObjectList;
import org.dataone.service.types.v1.Person;
import org.dataone.service.types.v1.Session;
import org.dataone.service.types.v1.Subject;
import org.dataone.service.types.v1.SubjectInfo;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:org/dataone/service/cn/impl/v2/ReserveIdentifierService.class */
public class ReserveIdentifierService extends LDAPService {
    public static Log log = LogFactory.getLog(ReserveIdentifierService.class);
    private static SimpleDateFormat dateFormat = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
    private static Timer timer = null;
    private static CNIdentityLDAPImpl identityService = null;
    private static DirContextProvider dirContextProvider = DirContextProvider.getInstance();
    private static final String UUID_ID = "UUID";
    private static final String DOI = "DOI";
    private static final String ARK = "ARK";
    private static final int MAX_RETRY = 10;

    public ReserveIdentifierService() {
        setBase(Settings.getConfiguration().getString("reserveIdentifier.ldap.base"));
        identityService = new CNIdentityLDAPImpl();
    }

    public Identifier reserveIdentifier(Session session, Identifier identifier) throws IdentifierNotUnique, NotAuthorized, ServiceFailure {
        if (session == null) {
            throw new NotAuthorized("4180", "Session is required to reserve identifiers");
        }
        try {
            expireEntries(1);
            Subject subject = session.getSubject();
            if (HazelcastClientFactory.getSystemMetadataMap().get(identifier) != null) {
                throw new IdentifierNotUnique("4210", "The given pid is already in use: " + identifier.getValue());
            }
            ObjectList objectList = null;
            try {
                objectList = D1Client.getCN().listObjects(null, null, null, null, null, identifier, null, null);
            } catch (BaseException e) {
                log.warn("Exception looking up SID (may or may not be an issue): " + identifier.getValue(), e);
            }
            if (objectList != null && objectList.getTotal() > 0) {
                throw new IdentifierNotUnique("4210", "The given identifier is already in use: " + identifier.getValue());
            }
            try {
                DirContext borrowDirContext = dirContextProvider.borrowDirContext();
                if (borrowDirContext == null) {
                    throw new ServiceFailure("2490", "Context is null. Unable to retrieve LDAP Directory Context from pool. Please try again.");
                }
                try {
                    String lookupDN = lookupDN(borrowDirContext, identifier);
                    if (lookupDN == null) {
                        addEntry(borrowDirContext, subject, identifier);
                        dirContextProvider.returnDirContext(borrowDirContext);
                        return identifier;
                    }
                    if (checkAttribute(borrowDirContext, lookupDN, NodeAccess.NODE_SUBJECT, subject.getValue())) {
                        throw new IdentifierNotUnique("4210", "The given pid: " + identifier.getValue() + " has already been reserved by: " + subject.getValue());
                    }
                    String str = "Identifier (" + identifier.getValue() + ") is reserved and not owned by subject, " + subject.getValue();
                    log.warn(str);
                    throw new NotAuthorized("4180", str);
                } catch (Throwable th) {
                    dirContextProvider.returnDirContext(borrowDirContext);
                    throw th;
                }
            } catch (Exception e2) {
                log.error(e2.getMessage(), e2);
                throw new ServiceFailure("2490", e2.getMessage());
            }
        } catch (NamingException e3) {
            throw new ServiceFailure("4921", "Could not remove expired entries before checking reservation status");
        }
    }

    public Identifier generateIdentifier(Session session, String str, String str2) throws InvalidRequest, ServiceFailure, NotAuthorized {
        Identifier identifier = new Identifier();
        boolean z = false;
        if (null == str) {
            throw new InvalidRequest("4191", "The scheme parameter must be provided.");
        }
        int i = 0;
        while (!z && i < 10) {
            i++;
            if (!str.equals(UUID_ID)) {
                if (str.equals(DOI)) {
                    throw new InvalidRequest("4191", "Identifier scheme not supported.");
                }
                if (str.equals(ARK)) {
                    throw new InvalidRequest("4191", "Identifier scheme not supported.");
                }
                throw new InvalidRequest("4191", "Identifier scheme not supported.");
            }
            identifier.setValue("urn:uuid:" + UUID.randomUUID().toString());
            try {
                reserveIdentifier(session, identifier);
                z = true;
            } catch (IdentifierNotUnique e) {
                z = false;
            }
        }
        if (z) {
            return identifier;
        }
        throw new ServiceFailure("4210", "Unique identifier could not be generated.");
    }

    public boolean removeReservation(Session session, Identifier identifier) throws NotAuthorized, NotFound, IdentifierNotUnique, InvalidToken, ServiceFailure, NotImplemented, InvalidRequest {
        if (!hasReservation(session, session.getSubject(), identifier)) {
            return false;
        }
        try {
            DirContext borrowDirContext = dirContextProvider.borrowDirContext();
            if (borrowDirContext == null) {
                throw new ServiceFailure("2490", "Context is null. Unable to retrieve LDAP Directory Context from pool. Please try again.");
            }
            try {
                String lookupDN = lookupDN(borrowDirContext, identifier);
                if (lookupDN == null) {
                    dirContextProvider.returnDirContext(borrowDirContext);
                    return false;
                }
                boolean removeEntry = removeEntry(borrowDirContext, lookupDN);
                dirContextProvider.returnDirContext(borrowDirContext);
                return removeEntry;
            } catch (Throwable th) {
                dirContextProvider.returnDirContext(borrowDirContext);
                throw th;
            }
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            throw new ServiceFailure("2490", e.getMessage());
        }
    }

    public boolean hasReservation(Session session, Subject subject, Identifier identifier) throws NotFound, NotAuthorized, InvalidRequest, ServiceFailure {
        if (subject == null) {
            throw new InvalidRequest("4926", "subject parameter cannot be null");
        }
        if (identifier == null) {
            throw new InvalidRequest("4926", "pid parameter cannot be null");
        }
        log.debug("hasReservation for Subject:" + subject.getValue() + " with pid: " + identifier.getValue());
        try {
            expireEntries(1);
            SubjectInfo subjectInfo = null;
            try {
                subjectInfo = identityService.getSubjectInfo(session, subject);
            } catch (Exception e) {
                log.warn("Could not look up SubjectInfo for: " + subject);
            }
            log.debug("SubjectInfo retrieved");
            ArrayList arrayList = new ArrayList();
            if (subjectInfo != null) {
                if (subjectInfo.getPersonList() != null) {
                    Iterator<Person> it = subjectInfo.getPersonList().iterator();
                    while (it.hasNext()) {
                        arrayList.add(it.next().getSubject());
                    }
                }
                if (subjectInfo.getGroupList() != null) {
                    Iterator<Group> it2 = subjectInfo.getGroupList().iterator();
                    while (it2.hasNext()) {
                        arrayList.add(it2.next().getSubject());
                    }
                }
            } else {
                arrayList.add(subject);
            }
            boolean z = false;
            try {
                DirContext borrowDirContext = dirContextProvider.borrowDirContext();
                if (borrowDirContext == null) {
                    throw new ServiceFailure("4921", "Context is null. Unable to retrieve LDAP Directory Context from pool. Please try again.");
                }
                try {
                    String lookupDN = lookupDN(borrowDirContext, identifier);
                    log.debug("Looked up DN");
                    if (lookupDN == null) {
                        throw new NotFound("4923", "No reservation found for pid: " + identifier.getValue());
                    }
                    Iterator it3 = arrayList.iterator();
                    while (it3.hasNext()) {
                        z = checkAttribute(borrowDirContext, lookupDN, NodeAccess.NODE_SUBJECT, ((Subject) it3.next()).getValue());
                        if (z) {
                            break;
                        }
                    }
                    if (!z) {
                        throw new NotAuthorized("4924", "Reserved Identifier (" + identifier.getValue() + ") is not owned by given subject[s]");
                    }
                    dirContextProvider.returnDirContext(borrowDirContext);
                    return true;
                } catch (Throwable th) {
                    dirContextProvider.returnDirContext(borrowDirContext);
                    throw th;
                }
            } catch (Exception e2) {
                log.error(e2.getMessage(), e2);
                throw new ServiceFailure("4921", e2.getMessage());
            }
        } catch (NamingException e3) {
            throw new ServiceFailure("4921", "Could not remove expired entries before checking reservation status");
        }
    }

    private boolean addEntry(DirContext dirContext, Subject subject, Identifier identifier) throws IdentifierNotUnique {
        BasicAttribute basicAttribute = new BasicAttribute("objectclass");
        basicAttribute.add("d1Reservation");
        Calendar calendar = Calendar.getInstance();
        String str = "reservedIdentifier." + calendar.getTimeInMillis();
        String str2 = "reservationId=" + str + StringArrayPropertyEditor.DEFAULT_SEPARATOR + getBase();
        String format = dateFormat.format(calendar.getTime());
        BasicAttribute basicAttribute2 = new BasicAttribute("reservationId", str);
        BasicAttribute basicAttribute3 = new BasicAttribute(NodeAccess.NODE_SUBJECT, subject.getValue());
        BasicAttribute basicAttribute4 = new BasicAttribute(SystemMetadataDaoMetacatImpl.IDENTIFIER_TABLE, identifier.getValue());
        BasicAttribute basicAttribute5 = new BasicAttribute("created", format);
        try {
            BasicAttributes basicAttributes = new BasicAttributes();
            basicAttributes.put(basicAttribute);
            basicAttributes.put(basicAttribute2);
            basicAttributes.put(basicAttribute3);
            basicAttributes.put(basicAttribute4);
            basicAttributes.put(basicAttribute5);
            dirContext.createSubcontext(str2, basicAttributes);
            log.debug("Added entry " + str2);
            return true;
        } catch (NamingException e) {
            log.error("Problem adding entry: " + str2, e);
            return false;
        } catch (NameAlreadyBoundException e2) {
            String str3 = "Entry " + str2 + " already exists, no need to add";
            log.warn(str3, e2);
            throw new IdentifierNotUnique("0000", str3);
        }
    }

    public void expireEntries(int i) throws NamingException, ServiceFailure {
        try {
            DirContext borrowDirContext = dirContextProvider.borrowDirContext();
            if (borrowDirContext == null) {
                throw new ServiceFailure("4921", "Context is null. Unable to retrieve LDAP Directory Context from pool. Please try again.");
            }
            try {
                Iterator<Identifier> it = lookupReservedIdentifiers(borrowDirContext).iterator();
                while (it.hasNext()) {
                    String lookupDN = lookupDN(borrowDirContext, it.next());
                    try {
                        Date parse = dateFormat.parse((String) getAttributeValues(borrowDirContext, lookupDN, "created").get(0));
                        Calendar calendar = Calendar.getInstance();
                        calendar.setTime(parse);
                        calendar.add(5, i);
                        if (calendar.before(Calendar.getInstance())) {
                            removeEntry(borrowDirContext, lookupDN);
                        }
                    } catch (ParseException e) {
                        log.error("(skipping) Could not parse created date for entry: " + lookupDN, e);
                    }
                }
                dirContextProvider.returnDirContext(borrowDirContext);
            } catch (Throwable th) {
                dirContextProvider.returnDirContext(borrowDirContext);
                throw th;
            }
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new ServiceFailure("4921", e2.getMessage());
        }
    }

    public static void schedule(ReserveIdentifierService reserveIdentifierService) {
        if (timer != null) {
            timer.cancel();
        }
        timer = new Timer(true);
        timer.scheduleAtFixedRate(new TimerTask() { // from class: org.dataone.service.cn.impl.v2.ReserveIdentifierService.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                try {
                    ReserveIdentifierService.this.expireEntries(1);
                } catch (NamingException | ServiceFailure e) {
                    ReserveIdentifierService.log.error(e.getMessage(), e);
                }
            }
        }, Calendar.getInstance().getTime(), 3600000L);
    }

    private List<Identifier> lookupReservedIdentifiers(DirContext dirContext) {
        ArrayList arrayList = new ArrayList();
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = dirContext.search(getBase(), "(objectClass=d1Reservation)", searchControls);
            while (search != null) {
                if (!search.hasMore()) {
                    break;
                }
                SearchResult searchResult = (SearchResult) search.next();
                log.debug("Search result found for: " + searchResult.getNameInNamespace());
                NamingEnumeration all = searchResult.getAttributes().getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equalsIgnoreCase(SystemMetadataDaoMetacatImpl.IDENTIFIER_TABLE)) {
                        String str = (String) attribute.get();
                        Identifier identifier = new Identifier();
                        identifier.setValue(str);
                        arrayList.add(identifier);
                    }
                }
            }
        } catch (Exception e) {
            log.error("problem looking up identifiers", e);
        }
        return arrayList;
    }

    private String lookupDN(DirContext dirContext, Identifier identifier) {
        String str = null;
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(2);
            NamingEnumeration search = dirContext.search(getBase(), "(&(objectClass=d1Reservation)(identifier=" + identifier.getValue().replace(LineOrientedInterpolatingReader.DEFAULT_ESCAPE_SEQ, "\\5c").replace("*", "\\2a").replace("(", "\\28").replace(")", "\\29").replace("��", "\\00") + "))", searchControls);
            while (search != null && search.hasMore()) {
                SearchResult searchResult = (SearchResult) search.next();
                str = searchResult.getNameInNamespace();
                log.debug("Search result found for: " + str);
                NamingEnumeration all = searchResult.getAttributes().getAll();
                while (all.hasMore()) {
                    Attribute attribute = (Attribute) all.next();
                    if (attribute.getID().equalsIgnoreCase(SystemMetadataDaoMetacatImpl.IDENTIFIER_TABLE)) {
                        if (identifier.getValue().equals((String) attribute.get())) {
                            search.close();
                            return str;
                        }
                    }
                }
            }
        } catch (Exception e) {
            log.error("problem looking up DN for identifier: " + identifier.getValue(), e);
        }
        return str;
    }
}
