package org.identityconnectors.ldap.search;

import com.sun.jndi.ldap.ctl.VirtualListViewControl;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeInfo;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassInfo;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationalAttributeInfos;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.QualifiedUid;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.ldap.ADUserAccountControl;
import org.identityconnectors.ldap.GroupHelper;
import org.identityconnectors.ldap.LdapConnection;
import org.identityconnectors.ldap.LdapConstants;
import org.identityconnectors.ldap.LdapEntry;
import org.identityconnectors.ldap.LdapUtil;
import org.identityconnectors.ldap.schema.LdapSchemaMapping;

/* loaded from: input_file:org/identityconnectors/ldap/search/LdapSearch.class */
public class LdapSearch {
    private static final Log log;
    private final LdapConnection conn;
    private final ObjectClass oclass;
    private final LdapFilter filter;
    private final OperationOptions options;
    private final GroupHelper groupHelper;
    private final String[] baseDNs;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.identityconnectors.ldap.search.LdapSearch$3, reason: invalid class name */
    /* loaded from: input_file:org/identityconnectors/ldap/search/LdapSearch$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType = new int[LdapConnection.ServerType.values().length];

        static {
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD_GC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public static Set<String> getAttributesReturnedByDefault(LdapConnection ldapConnection, ObjectClass objectClass) {
        if (objectClass.equals(LdapSchemaMapping.ANY_OBJECT_CLASS)) {
            return CollectionUtil.newSet(new String[]{Name.NAME});
        }
        SortedSet newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        ObjectClassInfo findObjectClassInfo = ldapConnection.getSchemaMapping().schema().findObjectClassInfo(objectClass.getObjectClassValue());
        if (findObjectClassInfo != null) {
            for (AttributeInfo attributeInfo : findObjectClassInfo.getAttributeInfo()) {
                if (attributeInfo.isReturnedByDefault()) {
                    newCaseInsensitiveSet.add(attributeInfo.getName());
                }
            }
        }
        return newCaseInsensitiveSet;
    }

    public LdapSearch(LdapConnection ldapConnection, ObjectClass objectClass, LdapFilter ldapFilter, OperationOptions operationOptions) {
        this(ldapConnection, objectClass, ldapFilter, operationOptions, ldapConnection.getConfiguration().getBaseContexts());
    }

    public LdapSearch(LdapConnection ldapConnection, ObjectClass objectClass, LdapFilter ldapFilter, OperationOptions operationOptions, String... strArr) {
        this.conn = ldapConnection;
        this.oclass = objectClass;
        this.filter = ldapFilter;
        this.options = operationOptions;
        this.baseDNs = strArr;
        this.groupHelper = new GroupHelper(ldapConnection);
    }

    public final void execute(final ResultsHandler resultsHandler) {
        final String[] attributesToGet = this.options.getAttributesToGet();
        final Set<String> attributesToGet2 = getAttributesToGet(attributesToGet);
        getInternalSearch(attributesToGet2).execute(new SearchResultsHandler() { // from class: org.identityconnectors.ldap.search.LdapSearch.1
            @Override // org.identityconnectors.ldap.search.SearchResultsHandler
            public boolean handle(String str, SearchResult searchResult) throws NamingException {
                return resultsHandler.handle(LdapSearch.this.createConnectorObject(str, searchResult, attributesToGet2, attributesToGet != null));
            }
        });
    }

    public final ConnectorObject getSingleResult() {
        final String[] attributesToGet = this.options.getAttributesToGet();
        final Set<String> attributesToGet2 = getAttributesToGet(attributesToGet);
        final ConnectorObject[] connectorObjectArr = {null};
        getInternalSearch(attributesToGet2).execute(new SearchResultsHandler() { // from class: org.identityconnectors.ldap.search.LdapSearch.2
            @Override // org.identityconnectors.ldap.search.SearchResultsHandler
            public boolean handle(String str, SearchResult searchResult) throws NamingException {
                connectorObjectArr[0] = LdapSearch.this.createConnectorObject(str, searchResult, attributesToGet2, attributesToGet != null);
                return false;
            }
        });
        return connectorObjectArr[0];
    }

    private LdapInternalSearch getInternalSearch(Set<String> set) {
        LdapSearchStrategy searchStrategy;
        List<String> baseDNs;
        int ldapSearchScope;
        String entryDN = this.filter != null ? this.filter.getEntryDN() : null;
        if (entryDN != null) {
            searchStrategy = new DefaultSearchStrategy(true);
            baseDNs = Collections.singletonList(entryDN);
            ldapSearchScope = 0;
        } else {
            searchStrategy = getSearchStrategy();
            baseDNs = getBaseDNs();
            ldapSearchScope = getLdapSearchScope();
        }
        SearchControls createDefaultSearchControls = LdapInternalSearch.createDefaultSearchControls();
        Set<String> ldapAttributesToGet = getLdapAttributesToGet(set);
        createDefaultSearchControls.setReturningAttributes((String[]) ldapAttributesToGet.toArray(new String[ldapAttributesToGet.size()]));
        createDefaultSearchControls.setSearchScope(ldapSearchScope);
        String searchFilter = LdapConstants.getSearchFilter(this.options);
        String str = null;
        if (this.oclass.equals(ObjectClass.ACCOUNT)) {
            str = this.conn.getConfiguration().getAccountSearchFilter();
        } else if (this.oclass.equals(ObjectClass.GROUP)) {
            str = this.conn.getConfiguration().getGroupSearchFilter();
        }
        return new LdapInternalSearch(this.conn, getSearchFilter(searchFilter, this.filter != null ? this.filter.getNativeFilter() : null, str), baseDNs, searchStrategy, createDefaultSearchControls);
    }

    private Set<String> getLdapAttributesToGet(Set<String> set) {
        SortedSet newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        newCaseInsensitiveSet.addAll(set);
        newCaseInsensitiveSet.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove = newCaseInsensitiveSet.remove(LdapConstants.POSIX_GROUPS_NAME);
        Set<String> ldapAttributes = this.conn.getSchemaMapping().getLdapAttributes(this.oclass, newCaseInsensitiveSet, true);
        if (remove) {
            ldapAttributes.add(GroupHelper.getPosixRefAttribute());
        }
        ldapAttributes.removeAll(LdapEntry.ENTRY_DN_ATTRS);
        return ldapAttributes;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Failed to find 'out' block for switch in B:43:0x011c. Please report as an issue. */
    public ConnectorObject createConnectorObject(String str, SearchResult searchResult, Set<String> set, boolean z) {
        LdapEntry create = LdapEntry.create(str, searchResult);
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(this.oclass);
        connectorObjectBuilder.setUid(this.conn.getSchemaMapping().createUid(this.oclass, create));
        connectorObjectBuilder.setName(this.conn.getSchemaMapping().createName(this.oclass, create));
        for (String str2 : set) {
            Attribute attribute = null;
            if (!str2.equalsIgnoreCase(Uid.NAME) && !str2.equalsIgnoreCase(Name.NAME)) {
                if (LdapConstants.isLdapGroups(str2)) {
                    attribute = AttributeBuilder.build(LdapConstants.LDAP_GROUPS_NAME, this.groupHelper.getLdapGroups(create.getDN().toString()));
                } else if (LdapConstants.isPosixGroups(str2)) {
                    attribute = AttributeBuilder.build(LdapConstants.POSIX_GROUPS_NAME, this.groupHelper.getPosixGroups(LdapUtil.getStringAttrValues(create.getAttributes(), GroupHelper.getPosixRefAttribute())));
                } else if (LdapConstants.PASSWORD.is(str2)) {
                    attribute = AttributeBuilder.build(str2, new Object[]{new GuardedString()});
                } else if (this.oclass.equals(ObjectClass.ACCOUNT) && OperationalAttributes.OPERATIONAL_ATTRIBUTE_NAMES.contains(str2)) {
                    try {
                        switch (AnonymousClass3.$SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[this.conn.getServerType().ordinal()]) {
                            case 1:
                            case ADUserAccountControl.ACCOUNT_DISABLED /* 2 */:
                                String obj = create.getAttributes().get(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR).get().toString();
                                if (OperationalAttributeInfos.ENABLE.is(str2)) {
                                    Attribute[] attributeArr = new Attribute[1];
                                    attributeArr[0] = AttributeBuilder.buildEnabled(!ADUserAccountControl.isAccountDisabled(obj));
                                    connectorObjectBuilder.addAttribute(attributeArr);
                                } else if (OperationalAttributeInfos.LOCK_OUT.is(str2)) {
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildLockOut(ADUserAccountControl.isAccountLockOut(obj))});
                                } else if (OperationalAttributeInfos.PASSWORD_EXPIRED.is(str2)) {
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildPasswordExpired(ADUserAccountControl.isPasswordExpired(obj))});
                                }
                                break;
                            default:
                                log.warn("Special Attribute {0} of object class {1} is not mapped to an LDAP attribute", new Object[]{str2, this.oclass.getObjectClassValue()});
                                break;
                        }
                    } catch (NamingException e) {
                        log.error(e, "Can't read userAccountControl", new Object[0]);
                    }
                } else {
                    attribute = this.conn.getSchemaMapping().createAttribute(this.oclass, str2, create, z);
                }
                if (attribute != null) {
                    connectorObjectBuilder.addAttribute(new Attribute[]{attribute});
                }
                if (this.conn.getConfiguration().isGetGroupMemberId() && this.oclass.equals(ObjectClass.GROUP) && this.conn.getConfiguration().getGroupMemberAttribute().equalsIgnoreCase(str2)) {
                    connectorObjectBuilder.addAttribute(new Attribute[]{LdapUtil.buildMemberIdAttribute(this.conn, create.getAttributes().get(str2))});
                }
            }
        }
        return connectorObjectBuilder.build();
    }

    private String getSearchFilter(String... strArr) {
        StringBuilder sb = new StringBuilder();
        String objectClassFilter = getObjectClassFilter();
        int i = StringUtil.isBlank(objectClassFilter) ? 0 : 1;
        for (String str : strArr) {
            i += StringUtil.isBlank(str) ? 0 : 1;
        }
        if (i > 1) {
            sb.append("(&");
        }
        appendFilter(objectClassFilter, sb);
        for (String str2 : strArr) {
            appendFilter(str2, sb);
        }
        if (i > 1) {
            sb.append(')');
        }
        return sb.toString();
    }

    private String getObjectClassFilter() {
        StringBuilder sb = new StringBuilder();
        List<String> ldapClasses = this.conn.getSchemaMapping().getLdapClasses(this.oclass);
        boolean z = ldapClasses.size() > 1;
        if (z) {
            sb.append("(&");
        }
        for (String str : ldapClasses) {
            sb.append("(objectClass=");
            sb.append(str);
            sb.append(')');
        }
        if (z) {
            sb.append(')');
        }
        return sb.toString();
    }

    private static void appendFilter(String str, StringBuilder sb) {
        if (StringUtil.isBlank(str)) {
            return;
        }
        String trim = str.trim();
        boolean z = str.charAt(0) != '(';
        if (z) {
            sb.append('(');
        }
        sb.append(trim);
        if (z) {
            sb.append(')');
        }
    }

    private List<String> getBaseDNs() {
        QualifiedUid container = this.options.getContainer();
        List<String> singletonList = container != null ? Collections.singletonList(LdapSearches.findEntryDN(this.conn, container.getObjectClass(), container.getUid())) : Arrays.asList(this.baseDNs);
        if ($assertionsDisabled || singletonList != null) {
            return singletonList;
        }
        throw new AssertionError();
    }

    private LdapSearchStrategy getSearchStrategy() {
        LdapSearchStrategy defaultSearchStrategy;
        if (ObjectClass.ACCOUNT.equals(this.oclass)) {
            boolean isUseBlocks = this.conn.getConfiguration().isUseBlocks();
            boolean isUsePagedResultControl = this.conn.getConfiguration().isUsePagedResultControl();
            int blockSize = this.conn.getConfiguration().getBlockSize();
            defaultSearchStrategy = (isUseBlocks && !isUsePagedResultControl && this.conn.supportsControl(VirtualListViewControl.OID)) ? new VlvIndexSearchStrategy(this.conn.getConfiguration().getVlvSortAttribute(), blockSize) : (isUseBlocks && this.conn.supportsControl("1.2.840.113556.1.4.319")) ? new SimplePagedSearchStrategy(blockSize) : new DefaultSearchStrategy(false);
        } else {
            defaultSearchStrategy = new DefaultSearchStrategy(false);
        }
        return defaultSearchStrategy;
    }

    private Set<String> getAttributesToGet(String[] strArr) {
        Set<String> attributesReturnedByDefault;
        if (strArr != null) {
            attributesReturnedByDefault = CollectionUtil.newCaseInsensitiveSet();
            attributesReturnedByDefault.addAll(Arrays.asList(strArr));
            removeNonReadableAttributes(attributesReturnedByDefault);
            attributesReturnedByDefault.add(Name.NAME);
        } else {
            attributesReturnedByDefault = getAttributesReturnedByDefault(this.conn, this.oclass);
        }
        attributesReturnedByDefault.add(Uid.NAME);
        if (attributesReturnedByDefault.contains(OperationalAttributes.PASSWORD_NAME)) {
            log.warn("Reading passwords not supported", new Object[0]);
        }
        return attributesReturnedByDefault;
    }

    private void removeNonReadableAttributes(Set<String> set) {
        boolean remove = set.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove2 = set.remove(LdapConstants.POSIX_GROUPS_NAME);
        this.conn.getSchemaMapping().removeNonReadableAttributes(this.oclass, set);
        if (remove) {
            set.add(LdapConstants.LDAP_GROUPS_NAME);
        }
        if (remove2) {
            set.add(LdapConstants.POSIX_GROUPS_NAME);
        }
    }

    private int getLdapSearchScope() {
        String scope = this.options.getScope();
        if ("object".equals(scope)) {
            return 0;
        }
        if ("onelevel".equals(scope)) {
            return 1;
        }
        if ("subtree".equals(scope) || scope == null) {
            return 2;
        }
        throw new IllegalArgumentException("Invalid search scope " + scope);
    }

    static {
        $assertionsDisabled = !LdapSearch.class.desiredAssertionStatus();
        log = Log.getLog(LdapSearch.class);
    }
}
