package org.identityconnectors.ldap.sync.activedirectory;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.BasicControl;
import javax.naming.ldap.Control;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.SyncDelta;
import org.identityconnectors.framework.common.objects.SyncDeltaBuilder;
import org.identityconnectors.framework.common.objects.SyncDeltaType;
import org.identityconnectors.framework.common.objects.SyncResultsHandler;
import org.identityconnectors.framework.common.objects.SyncToken;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.ldap.ADUserAccountControl;
import org.identityconnectors.ldap.LdapConnection;
import org.identityconnectors.ldap.LdapConstants;
import org.identityconnectors.ldap.LdapUtil;
import org.identityconnectors.ldap.search.LdapInternalSearch;
import org.identityconnectors.ldap.search.SearchResultsHandler;
import org.identityconnectors.ldap.search.SimplePagedSearchStrategy;
import org.identityconnectors.ldap.sync.LdapSyncStrategy;

/* loaded from: input_file:org/identityconnectors/ldap/sync/activedirectory/ActiveDirectoryChangeLogSyncStrategy.class */
public class ActiveDirectoryChangeLogSyncStrategy implements LdapSyncStrategy {
    private static final String DELETE_CTRL = "1.2.840.113556.1.4.417";
    private static final String DELETED_PREFIX = "cn=deleted objects,";
    private static final String NAMING_CTX_ATTR = "defaultNamingContext";
    private static final String OBJSID_ATTR = "objectSID";
    private static final String USN_CHANGED_ATTR = "uSNChanged";
    private static final String HCU_CHANGED_ATTR = "highestCommittedUSN";
    private static final Log logger = Log.getLog(ActiveDirectoryChangeLogSyncStrategy.class);
    private final LdapConnection conn;
    private final ObjectClass oclass;

    public ActiveDirectoryChangeLogSyncStrategy(LdapConnection ldapConnection, ObjectClass objectClass) {
        this.conn = ldapConnection;
        this.oclass = objectClass;
    }

    @Override // org.identityconnectors.ldap.sync.LdapSyncStrategy
    public SyncToken getLatestSyncToken() {
        return new SyncToken(gethighestCommittedUSN());
    }

    @Override // org.identityconnectors.ldap.sync.LdapSyncStrategy
    public void sync(SyncToken syncToken, SyncResultsHandler syncResultsHandler, OperationOptions operationOptions) {
        final TreeMap treeMap = new TreeMap();
        SearchControls createDefaultSearchControls = LdapInternalSearch.createDefaultSearchControls();
        createDefaultSearchControls.setSearchScope(2);
        createDefaultSearchControls.setDerefLinkFlag(false);
        try {
            new LdapInternalSearch(this.conn, generateUSNChangedFilter(this.oclass, syncToken, false), Arrays.asList(this.conn.getConfiguration().getBaseContextsToSynchronize()), new SimplePagedSearchStrategy(this.conn.getConfiguration().getBlockSize()), createDefaultSearchControls).execute(new SearchResultsHandler() { // from class: org.identityconnectors.ldap.sync.activedirectory.ActiveDirectoryChangeLogSyncStrategy.1
                @Override // org.identityconnectors.ldap.search.SearchResultsHandler
                public boolean handle(String str, SearchResult searchResult) throws NamingException {
                    Attributes attributes = searchResult.getAttributes();
                    NamingEnumeration all = attributes.getAll();
                    Uid createUid = ActiveDirectoryChangeLogSyncStrategy.this.conn.getSchemaMapping().createUid(ActiveDirectoryChangeLogSyncStrategy.this.conn.getConfiguration().getUidAttribute(), attributes);
                    ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
                    connectorObjectBuilder.setUid(createUid);
                    connectorObjectBuilder.setObjectClass(ActiveDirectoryChangeLogSyncStrategy.this.oclass);
                    connectorObjectBuilder.setName(searchResult.getNameInNamespace());
                    attributes.remove(LdapConstants.MS_GUID_ATTR);
                    attributes.remove(ActiveDirectoryChangeLogSyncStrategy.OBJSID_ATTR);
                    while (all.hasMore()) {
                        Attribute attribute = (Attribute) all.next();
                        String id = attribute.getID();
                        NamingEnumeration all2 = attribute.getAll();
                        ArrayList arrayList = new ArrayList();
                        while (all2.hasMore()) {
                            arrayList.add(all2.next());
                        }
                        connectorObjectBuilder.addAttribute(new org.identityconnectors.framework.common.objects.Attribute[]{AttributeBuilder.build(id, arrayList)});
                        if (ActiveDirectoryChangeLogSyncStrategy.this.conn.getConfiguration().isGetGroupMemberId() && ActiveDirectoryChangeLogSyncStrategy.this.oclass.equals(ObjectClass.GROUP) && attribute.getID().equalsIgnoreCase("member")) {
                            connectorObjectBuilder.addAttribute(new org.identityconnectors.framework.common.objects.Attribute[]{LdapUtil.buildMemberIdAttribute(ActiveDirectoryChangeLogSyncStrategy.this.conn, attribute)});
                        }
                        if (ActiveDirectoryChangeLogSyncStrategy.this.oclass.equals(ObjectClass.ACCOUNT) && id.equalsIgnoreCase(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR)) {
                            String obj = arrayList.get(0).toString();
                            org.identityconnectors.framework.common.objects.Attribute[] attributeArr = new org.identityconnectors.framework.common.objects.Attribute[1];
                            attributeArr[0] = AttributeBuilder.buildEnabled(!ADUserAccountControl.isAccountDisabled(obj));
                            connectorObjectBuilder.addAttribute(attributeArr);
                            connectorObjectBuilder.addAttribute(new org.identityconnectors.framework.common.objects.Attribute[]{AttributeBuilder.buildLockOut(ADUserAccountControl.isAccountLockOut(obj))});
                            connectorObjectBuilder.addAttribute(new org.identityconnectors.framework.common.objects.Attribute[]{AttributeBuilder.buildPasswordExpired(ADUserAccountControl.isPasswordExpired(obj))});
                        }
                    }
                    String obj2 = attributes.get(ActiveDirectoryChangeLogSyncStrategy.USN_CHANGED_ATTR).get().toString();
                    SyncDeltaBuilder syncDeltaBuilder = new SyncDeltaBuilder();
                    syncDeltaBuilder.setToken(new SyncToken(obj2));
                    syncDeltaBuilder.setDeltaType(SyncDeltaType.CREATE_OR_UPDATE);
                    syncDeltaBuilder.setUid(createUid);
                    syncDeltaBuilder.setObject(connectorObjectBuilder.build());
                    treeMap.put(Integer.valueOf(Integer.parseInt(obj2)), syncDeltaBuilder.build());
                    return true;
                }
            });
        } catch (ConnectorException e) {
            if (!(e.getCause() instanceof PartialResultException)) {
                throw e;
            }
            logger.warn("Default naming context of the DC is used as baseContextsToSynchronize.\nPartialResultException has been caught", new Object[0]);
        }
        if (this.conn.supportsControl(DELETE_CTRL)) {
            try {
                NamingEnumeration search = this.conn.getInitialContext().newInstance(new Control[]{new BasicControl(DELETE_CTRL)}).search(DELETED_PREFIX + LdapUtil.getStringAttrValue(this.conn.getInitialContext().getAttributes("", new String[]{NAMING_CTX_ATTR}), NAMING_CTX_ATTR), generateUSNChangedFilter(this.oclass, syncToken, true), createDefaultSearchControls);
                while (search.hasMore()) {
                    Attributes attributes = ((SearchResult) search.next()).getAttributes();
                    Uid createUid = this.conn.getSchemaMapping().createUid(this.conn.getConfiguration().getUidAttribute(), attributes);
                    String obj = attributes.get(USN_CHANGED_ATTR).get().toString();
                    SyncDeltaBuilder syncDeltaBuilder = new SyncDeltaBuilder();
                    syncDeltaBuilder.setToken(new SyncToken(obj));
                    syncDeltaBuilder.setDeltaType(SyncDeltaType.DELETE);
                    syncDeltaBuilder.setUid(createUid);
                    treeMap.put(Integer.valueOf(Integer.parseInt(obj)), syncDeltaBuilder.build());
                }
            } catch (NamingException e2) {
                logger.info(e2.getExplanation(), new Object[0]);
            }
        } else {
            logger.info("The server does not support the control to search for deleted entries", new Object[0]);
        }
        Iterator it = treeMap.entrySet().iterator();
        while (it.hasNext() && syncResultsHandler.handle((SyncDelta) ((Map.Entry) it.next()).getValue())) {
        }
    }

    private String gethighestCommittedUSN() {
        try {
            String stringAttrValue = LdapUtil.getStringAttrValue(this.conn.getInitialContext().getAttributes("", new String[]{HCU_CHANGED_ATTR}), HCU_CHANGED_ATTR);
            if (stringAttrValue == null) {
                throw new ConnectorException("Unable to read the highestCommittedUSN attributefrom the rootDSE of Active Directory ");
            }
            return stringAttrValue;
        } catch (NamingException e) {
            throw new ConnectorException(e);
        }
    }

    private String generateUSNChangedFilter(ObjectClass objectClass, SyncToken syncToken, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (syncToken == null) {
            syncToken = getLatestSyncToken();
        }
        sb.append("(uSNChanged>=");
        sb.append(Integer.parseInt(syncToken.getValue().toString()) + 1);
        sb.append(")");
        if (z) {
            sb.append("(isDeleted=TRUE)");
        }
        if (ObjectClass.ACCOUNT.equals(objectClass)) {
            for (String str : this.conn.getConfiguration().getAccountObjectClasses()) {
                sb.append("(objectClass=");
                sb.append(str);
                sb.append(")");
            }
            if (this.conn.getConfiguration().getAccountSynchronizationFilter() != null) {
                sb.append(this.conn.getConfiguration().getAccountSynchronizationFilter());
            }
        } else if (ObjectClass.GROUP.equals(objectClass)) {
            for (String str2 : this.conn.getConfiguration().getGroupObjectClasses()) {
                sb.append("(objectClass=");
                sb.append(str2);
                sb.append(")");
            }
            if (this.conn.getConfiguration().getGroupSynchronizationFilter() != null) {
                sb.append(this.conn.getConfiguration().getGroupSynchronizationFilter());
            }
        } else {
            sb.append("(objectClass=");
            sb.append(objectClass.getObjectClassValue());
            sb.append(")");
        }
        sb.insert(0, "(&");
        sb.append(")");
        return sb.toString();
    }
}
