Merge branch 'master' of ssh://gimli2.cadc.dao.nrc.ca/srv/cadc/git/wopencadc into s1814

package ca.nrc.cadc.ac.server.ldap;

import javax.net.SocketFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLSocketFactory;

import javax.security.auth.Subject;

import javax.security.auth.x500.X500Principal;

import java.io.File;

import java.net.MalformedURLException;

import org.apache.log4j.Logger;

import java.security.*;

import java.security.cert.CertificateException;

import java.util.Set;

import com.unboundid.ldap.sdk.*;

import com.unboundid.util.ssl.*;

import ca.nrc.cadc.auth.*;

import ca.nrc.cadc.net.TransientException;

public abstract class LdapDAO

{

	private static final Logger logger = Logger.getLogger(LdapDAO.class);

    private LDAPConnection conn;

    LdapConfig config;

    protected static void checkLdapResult(ResultCode code)

            throws TransientException

    {

    	logger.debug("Ldap result: " + code);

        if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)

        {

            throw new AccessControlException("Not authorized ");

        }

        catch (LDAPException e)

        {

        	logger.debug("addGroup Exception: " + e, e);

            LdapDAO.checkLdapResult(e.getResultCode());

            throw new RuntimeException("Unexpected LDAP exception", e);

        } 

            if (searchResult.getAttributeValue("nsaccountlock") == null)

            {

                throw new 

                GroupAlreadyExistsException("Group already exists " + group.getID());

                throw new GroupAlreadyExistsException("Group already exists " + group.getID());

            }

            // activate group            

            try

            {

                return modifyGroup(group, true);

                return modifyGroup(null, group, true);

            } 

            catch (GroupNotFoundException e)

            {

        } 

        catch (LDAPException e)

        {

        	logger.debug("reactivateGroup Exception: " + e, e);

            LdapDAO.checkLdapResult(e.getResultCode());

            throw new RuntimeException("Unexpected LDAP exception", e);

        }

        }

        catch (LDAPException e1)

        {

        	logger.debug("getGroupNames Exception: " + e1, e1);

            LdapDAO.checkLdapResult(e1.getResultCode());

            throw new IllegalStateException("Unexpected exception: " + e1.getMatchedDN(), e1);

        }

        }

        catch (LDAPException e1)

        {

        	logger.debug("getGroup Exception: " + e1, e1);

            LdapDAO.checkLdapResult(e1.getResultCode());

            throw new GroupNotFoundException("Not found " + groupID);

        }

        throws GroupNotFoundException, TransientException,

               AccessControlException, UserNotFoundException

    {

        getGroup(group.getID()); //group must exists first

        return modifyGroup(group, false); 

        Group existing = getGroup(group.getID()); //group must exists first

        return modifyGroup(existing, group, false); 

    }

    private Group modifyGroup(final Group group, boolean withActivate)

    private Group modifyGroup(final Group existing, final Group group, boolean withActivate)

        throws UserNotFoundException, TransientException,

               AccessControlException, GroupNotFoundException

    {

                    "Support for groups properties not available");

        }

        boolean adminChanges = false;

        List<Modification> mods = new ArrayList<Modification>();

        List<Modification> adminMods = new ArrayList<Modification>();

        if (withActivate)

        {

            mods.add(new Modification(ModificationType.DELETE, "nsaccountlock"));

            adminMods.add(new Modification(ModificationType.DELETE, "nsaccountlock"));

            adminChanges = true;

        }

        if (group.description == null)

            mods.add(new Modification(ModificationType.REPLACE, "description", group.description));

        }

        Set<String> newMembers = new HashSet<String>();

        for (User<?> member : group.getUserMembers())

        {

            DN grDN = getGroupDN(gr.getID());

            newMembers.add(grDN.toNormalizedString());

        }

        Set<String> newAdmins = new HashSet<String>();

        Set<User<? extends Principal>> existingUserAdmins = new HashSet<User<? extends Principal>>(0);

        if (existing != null)

        {

        	existingUserAdmins = existing.getUserAdmins();

        }

        for (User<?> member : group.getUserAdmins())

        {

        	DN memberDN = userPersist.getUserDN(member);

        	newAdmins.add(memberDN.toNormalizedString());

        	if (!existingUserAdmins.contains(member))

            {

            	adminChanges = true;

            }

        }

        Set<Group> existingGroupAdmins = new HashSet<Group>(0);

        if (existing != null)

        {

        	existingGroupAdmins = existing.getGroupAdmins();

        }

        for (Group gr : group.getGroupAdmins())

        {

            {

                throw new GroupNotFoundException(gr.getID());

            }

        	DN grDN = getGroupDN(gr.getID());

        	newAdmins.add(grDN.toNormalizedString());

        	if (!existingGroupAdmins.contains(gr))

            {

            	adminChanges = true;

            }

        }

        mods.add(new Modification(ModificationType.REPLACE, "uniquemember", 

        adminMods.add(new Modification(ModificationType.REPLACE, "uniquemember", 

                (String[]) newAdmins.toArray(new String[newAdmins.size()])));

        // modify admin group first

        ModifyRequest modifyRequest = new ModifyRequest(getAdminGroupDN(group.getID()), adminMods);

        try

        {

        	// modify admin group first (if necessary)

        	if (adminChanges)

        	{   

                ModifyRequest modifyRequest = new ModifyRequest(getAdminGroupDN(group.getID()), adminMods);

	            modifyRequest.addControl(

	                    new ProxiedAuthorizationV2RequestControl(

	                            "dn:" + getSubjectDN().toNormalizedString()));

	            LdapDAO.checkLdapResult(getConnection().

	                    modify(modifyRequest).getResultCode());

        	}

            // modify the group itself now

            modifyRequest = new ModifyRequest(getGroupDN(group.getID()), mods);

        	ModifyRequest modifyRequest = new ModifyRequest(getGroupDN(group.getID()), mods);

            modifyRequest.addControl(

                    new ProxiedAuthorizationV2RequestControl(

        }

        catch (LDAPException e1)

        {

        	logger.debug("Modify Exception: " + e1, e1);

            LdapDAO.checkLdapResult(e1.getResultCode());

        }

        try

        }

        catch (LDAPException e1)

        {

        	logger.debug("Delete Exception: " + e1, e1);

            LdapDAO.checkLdapResult(e1.getResultCode());

        }

        }

        catch (LDAPException e)

        {

        	logger.debug("getGroups Exception: " + e, e);

            throw new TransientException("Error getting group", e);

        }

        return groups;

        }

        catch (LDAPException e1)

        {

        	logger.debug("getOwnerGroups Exception: " + e1, e1);

            LdapDAO.checkLdapResult(e1.getResultCode());

        }

        return groupDNs; 

        }

        catch (LDAPException e)

        {

        	logger.debug("getGroupDN Exception: " + e, e);

            LdapDAO.checkLdapResult(e.getResultCode());

        }

        throw new IllegalArgumentException(groupID + " not a valid group ID");

        }

        catch (LDAPException e)

        {

        	logger.debug("getAdminGroupDN Exception: " + e, e);

            LdapDAO.checkLdapResult(e.getResultCode());

        }

        throw new IllegalArgumentException(groupID + " not a valid group ID");

        }

        catch (LDAPException e)

        {

        	logger.debug("isCreatorOwner Exception: " + e, e);

            throw new RuntimeException(e);

        }

    }