package net.tirasa.connid.bundles.ldap.search;

import com.sun.jndi.ldap.ctl.VirtualListViewControl;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.SortedSet;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import net.tirasa.connid.bundles.ad.ADConnector;
import net.tirasa.connid.bundles.ldap.LdapConnection;
import net.tirasa.connid.bundles.ldap.commons.GroupHelper;
import net.tirasa.connid.bundles.ldap.commons.LdapConstants;
import net.tirasa.connid.bundles.ldap.commons.LdapEntry;
import net.tirasa.connid.bundles.ldap.commons.LdapUtil;
import net.tirasa.connid.bundles.ldap.commons.StatusManagement;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeInfo;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassInfo;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.QualifiedUid;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.spi.SearchResultsHandler;

/* loaded from: input_file:lib/net.tirasa.connid.bundles.ldap-1.5.10.jar:net/tirasa/connid/bundles/ldap/search/LdapSearch.class */
public class LdapSearch {
    public static final String OP_IGNORE_CUSTOM_ANY_OBJECT_CONFIG = "IGNORE_CUSTOM_ANY_OBJECT_CONFIG";
    public static final String OP_IGNORE_BUILT_IN_FILTERS = "IGNORE_BUILT_IN_FILTERS";
    private static final Log LOG;
    protected final LdapConnection conn;
    protected final ObjectClass oclass;
    protected final LdapFilter filter;
    protected final OperationOptions options;
    protected final GroupHelper groupHelper;
    protected final String[] baseDNs;
    protected final ResultsHandler handler;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static Set<String> getAttributesReturnedByDefault(LdapConnection ldapConnection, ObjectClass objectClass) {
        SortedSet newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        ObjectClassInfo findObjectClassInfo = ldapConnection.getSchema().schema().findObjectClassInfo(objectClass.getObjectClassValue());
        if (findObjectClassInfo != null) {
            for (AttributeInfo attributeInfo : findObjectClassInfo.getAttributeInfo()) {
                if (attributeInfo.isReturnedByDefault()) {
                    newCaseInsensitiveSet.add(attributeInfo.getName());
                }
            }
        }
        return newCaseInsensitiveSet;
    }

    public LdapSearch(LdapConnection ldapConnection, ObjectClass objectClass, LdapFilter ldapFilter, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        this(ldapConnection, objectClass, ldapFilter, resultsHandler, operationOptions, ldapConnection.getConfiguration().getBaseContexts());
    }

    public LdapSearch(LdapConnection ldapConnection, ObjectClass objectClass, LdapFilter ldapFilter, ResultsHandler resultsHandler, OperationOptions operationOptions, String... strArr) {
        this.conn = ldapConnection;
        this.oclass = objectClass;
        this.filter = ldapFilter;
        this.options = operationOptions;
        this.baseDNs = strArr;
        this.groupHelper = new GroupHelper(ldapConnection);
        this.handler = resultsHandler;
    }

    public void execute() {
        final String[] attributesToGet = this.options.getAttributesToGet();
        final Set<String> attributesToGet2 = getAttributesToGet(attributesToGet);
        getInternalSearch(attributesToGet2).execute(new LdapSearchResultsHandler() { // from class: net.tirasa.connid.bundles.ldap.search.LdapSearch.1
            @Override // net.tirasa.connid.bundles.ldap.search.LdapSearchResultsHandler
            public boolean handle(String str, SearchResult searchResult) throws NamingException {
                return LdapSearch.this.handler.handle(LdapSearch.this.createConnectorObject(str, searchResult, attributesToGet2, attributesToGet != null));
            }
        });
    }

    public ConnectorObject getSingleResult() {
        final String[] attributesToGet = this.options.getAttributesToGet();
        final Set<String> attributesToGet2 = getAttributesToGet(attributesToGet);
        final ConnectorObject[] connectorObjectArr = {null};
        getInternalSearch(attributesToGet2).execute(new LdapSearchResultsHandler() { // from class: net.tirasa.connid.bundles.ldap.search.LdapSearch.2
            @Override // net.tirasa.connid.bundles.ldap.search.LdapSearchResultsHandler
            public boolean handle(String str, SearchResult searchResult) throws NamingException {
                connectorObjectArr[0] = LdapSearch.this.createConnectorObject(str, searchResult, attributesToGet2, attributesToGet != null);
                return false;
            }
        });
        return connectorObjectArr[0];
    }

    protected LdapInternalSearch getInternalSearch(Set<String> set) {
        LdapSearchStrategy newDefaultSearchStrategy;
        List<String> singletonList;
        int i;
        String searchFilter;
        boolean z = false;
        String entryDN = this.filter == null ? null : this.filter.getEntryDN();
        if (entryDN == null) {
            newDefaultSearchStrategy = getSearchStrategy();
            singletonList = getBaseDNs();
            if (this.options.getOptions().containsKey(OP_IGNORE_CUSTOM_ANY_OBJECT_CONFIG)) {
                z = ((Boolean) this.options.getOptions().get(OP_IGNORE_CUSTOM_ANY_OBJECT_CONFIG)).booleanValue();
            }
            i = getLdapSearchScope(z);
        } else {
            newDefaultSearchStrategy = this.conn.getConfiguration().newDefaultSearchStrategy(true);
            singletonList = Collections.singletonList(entryDN);
            i = 0;
        }
        SearchControls createDefaultSearchControls = LdapInternalSearch.createDefaultSearchControls();
        createDefaultSearchControls.setReturningAttributes((String[]) getLdapAttributesToGet(set).toArray(new String[0]));
        createDefaultSearchControls.setSearchScope(i);
        String searchFilter2 = LdapConstants.getSearchFilter(this.options);
        if (this.options.getOptions().containsKey(OP_IGNORE_BUILT_IN_FILTERS) ? ((Boolean) this.options.getOptions().get(OP_IGNORE_BUILT_IN_FILTERS)).booleanValue() : false) {
            searchFilter = searchFilter2;
        } else {
            String str = null;
            if (this.oclass.equals(ObjectClass.ACCOUNT)) {
                str = this.conn.getConfiguration().getAccountSearchFilter();
            } else if (this.oclass.equals(ObjectClass.GROUP)) {
                str = this.conn.getConfiguration().getGroupSearchFilter();
            } else if (!z) {
                str = this.conn.getConfiguration().getAnyObjectSearchFilter();
            }
            searchFilter = getSearchFilter(searchFilter2, this.filter == null ? null : this.filter.getNativeFilter(), str);
        }
        return new LdapInternalSearch(this.conn, searchFilter, singletonList, newDefaultSearchStrategy, createDefaultSearchControls);
    }

    protected Set<String> getLdapAttributesToGet(Set<String> set) {
        SortedSet newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        newCaseInsensitiveSet.addAll(set);
        newCaseInsensitiveSet.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove = newCaseInsensitiveSet.remove(LdapConstants.POSIX_GROUPS_NAME);
        Set<String> ldapAttributes = this.conn.getSchema().getLdapAttributes(this.oclass, newCaseInsensitiveSet, true);
        if (remove) {
            ldapAttributes.add(GroupHelper.getPosixRefAttribute());
        }
        ldapAttributes.addAll(StatusManagement.getInstance(this.conn.getConfiguration().getStatusManagementClass()).getOperationalAttributes());
        ldapAttributes.removeAll(LdapEntry.ENTRY_DN_ATTRS);
        return ldapAttributes;
    }

    protected ConnectorObject createConnectorObject(String str, SearchResult searchResult, Set<String> set, boolean z) {
        Attribute createAttribute;
        LdapEntry create = LdapEntry.create(str, searchResult);
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(this.oclass);
        connectorObjectBuilder.setUid(this.conn.getSchema().createUid(this.oclass, create));
        connectorObjectBuilder.setName(this.conn.getSchema().createName(this.oclass, create));
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : set) {
            if (LdapConstants.isLdapGroups(str2)) {
                arrayList.addAll(this.groupHelper.getLdapGroups(create.getDN().toString()));
                createAttribute = AttributeBuilder.build(LdapConstants.LDAP_GROUPS_NAME, arrayList);
            } else if (LdapConstants.isPosixGroups(str2)) {
                arrayList2.addAll(this.groupHelper.getPosixGroups(LdapUtil.getStringAttrValues(create.getAttributes(), GroupHelper.getPosixRefAttribute())));
                createAttribute = AttributeBuilder.build(LdapConstants.POSIX_GROUPS_NAME, arrayList2);
            } else {
                createAttribute = (!LdapConstants.PASSWORD.is(str2) || this.conn.getConfiguration().getRetrievePasswordsWithSearch()) ? this.conn.getSchema().createAttribute(this.oclass, str2, create, z) : AttributeBuilder.build(str2, new Object[]{new GuardedString()});
            }
            if (createAttribute != null) {
                connectorObjectBuilder.addAttribute(new Attribute[]{createAttribute});
            }
        }
        Optional.ofNullable(StatusManagement.getInstance(this.conn.getConfiguration().getStatusManagementClass()).getStatus(searchResult.getAttributes())).ifPresent(bool -> {
            connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildEnabled(bool.booleanValue())});
        });
        return connectorObjectBuilder.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSearchFilter(String... strArr) {
        StringBuilder sb = new StringBuilder();
        String objectClassFilter = getObjectClassFilter();
        int i = StringUtil.isBlank(objectClassFilter) ? 0 : 1;
        for (String str : strArr) {
            i += StringUtil.isBlank(str) ? 0 : 1;
        }
        if (i > 1) {
            sb.append("(&");
        }
        appendFilter(objectClassFilter, sb);
        for (String str2 : strArr) {
            appendFilter(str2, sb);
        }
        if (i > 1) {
            sb.append(')');
        }
        return sb.toString();
    }

    protected String getObjectClassFilter() {
        StringBuilder sb = new StringBuilder();
        List<String> ldapClasses = this.conn.getSchema().getLdapClasses(this.oclass);
        boolean z = ldapClasses.size() > 1;
        if (z) {
            sb.append("(&");
        }
        for (String str : ldapClasses) {
            sb.append("(objectClass=");
            sb.append(str);
            sb.append(')');
        }
        if (z) {
            sb.append(')');
        }
        return sb.toString();
    }

    protected static void appendFilter(String str, StringBuilder sb) {
        if (StringUtil.isBlank(str)) {
            return;
        }
        String trim = str.trim();
        boolean z = str.charAt(0) != '(';
        if (z) {
            sb.append('(');
        }
        sb.append(trim);
        if (z) {
            sb.append(')');
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getBaseDNs() {
        QualifiedUid container = this.options.getContainer();
        List<String> singletonList = container != null ? Collections.singletonList(LdapSearches.findEntryDN(this.conn, container.getObjectClass(), container.getUid(), true)) : Arrays.asList(this.baseDNs);
        if ($assertionsDisabled || singletonList != null) {
            return singletonList;
        }
        throw new AssertionError();
    }

    protected LdapSearchStrategy getSearchStrategy() {
        LdapSearchStrategy newDefaultSearchStrategy = this.conn.getConfiguration().newDefaultSearchStrategy(false);
        if (this.options.getPageSize() != null) {
            if (this.conn.getConfiguration().isUseVlvControls() && this.conn.supportsControl(VirtualListViewControl.OID)) {
                newDefaultSearchStrategy = new VlvIndexSearchStrategy(this.conn.getConfiguration().getVlvSortAttribute(), this.options.getPageSize().intValue());
            } else if (this.conn.supportsControl("1.2.840.113556.1.4.319")) {
                newDefaultSearchStrategy = new PagedSearchStrategy(this.options.getPageSize().intValue(), this.options.getPagedResultsCookie(), this.options.getPagedResultsOffset(), this.handler instanceof SearchResultsHandler ? (SearchResultsHandler) this.handler : null, this.options.getSortKeys());
            }
        }
        return newDefaultSearchStrategy;
    }

    protected Set<String> getAttributesToGet(String[] strArr) {
        Set<String> attributesReturnedByDefault;
        if (strArr != null) {
            attributesReturnedByDefault = CollectionUtil.newCaseInsensitiveSet();
            attributesReturnedByDefault.addAll(Arrays.asList(strArr));
            removeNonReadableAttributes(attributesReturnedByDefault);
            attributesReturnedByDefault.add(Name.NAME);
        } else {
            attributesReturnedByDefault = getAttributesReturnedByDefault(this.conn, this.oclass);
        }
        attributesReturnedByDefault.add(Uid.NAME);
        if (!this.conn.getConfiguration().getRetrievePasswordsWithSearch() && attributesReturnedByDefault.contains(OperationalAttributes.PASSWORD_NAME)) {
            LOG.warn("Reading passwords not supported", new Object[0]);
        }
        return attributesReturnedByDefault;
    }

    protected void removeNonReadableAttributes(Set<String> set) {
        boolean remove = set.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove2 = set.remove(LdapConstants.POSIX_GROUPS_NAME);
        this.conn.getSchema().removeNonReadableAttributes(this.oclass, set);
        if (remove) {
            set.add(LdapConstants.LDAP_GROUPS_NAME);
        }
        if (remove2) {
            set.add(LdapConstants.POSIX_GROUPS_NAME);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getLdapSearchScope(boolean z) {
        String scope = this.options.getScope();
        if (scope == null) {
            scope = this.oclass.is(ObjectClass.ACCOUNT_NAME) ? this.conn.getConfiguration().getUserSearchScope() : this.oclass.is(ObjectClass.GROUP_NAME) ? this.conn.getConfiguration().getGroupSearchScope() : !z ? this.conn.getConfiguration().getAnyObjectSearchScope() : "subtree";
        }
        String str = scope;
        boolean z2 = -1;
        switch (str.hashCode()) {
            case -1867574818:
                if (str.equals("subtree")) {
                    z2 = 2;
                    break;
                }
                break;
            case -1023368385:
                if (str.equals("object")) {
                    z2 = false;
                    break;
                }
                break;
            case 2013986014:
                if (str.equals("onelevel")) {
                    z2 = true;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                return 0;
            case true:
                return 1;
            case ADConnector.UF_ACCOUNTDISABLE /* 2 */:
                return 2;
            default:
                throw new IllegalArgumentException("Invalid search scope " + scope);
        }
    }

    static {
        $assertionsDisabled = !LdapSearch.class.desiredAssertionStatus();
        LOG = Log.getLog(LdapSearch.class);
    }
}
