package org.forgerock.openidm.provisioner.openicf.impl;

import java.io.IOException;
import java.io.Serializable;
import java.io.StringWriter;
import java.lang.reflect.Array;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.codehaus.jackson.map.ObjectMapper;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.fluent.JsonValueException;
import org.forgerock.json.resource.JsonResource;
import org.forgerock.json.resource.JsonResourceException;
import org.forgerock.json.resource.SimpleJsonResource;
import org.forgerock.openidm.audit.util.ActivityLog;
import org.forgerock.openidm.audit.util.Status;
import org.forgerock.openidm.config.JSONEnhancedConfig;
import org.forgerock.openidm.crypto.CryptoService;
import org.forgerock.openidm.provisioner.Id;
import org.forgerock.openidm.provisioner.ProvisionerService;
import org.forgerock.openidm.provisioner.SystemIdentifier;
import org.forgerock.openidm.provisioner.openicf.ConnectorInfoProvider;
import org.forgerock.openidm.provisioner.openicf.ConnectorReference;
import org.forgerock.openidm.provisioner.openicf.OperationHelper;
import org.forgerock.openidm.provisioner.openicf.commons.ConnectorUtil;
import org.forgerock.openidm.provisioner.openicf.internal.SystemAction;
import org.forgerock.openidm.provisioner.openicf.syncfailure.SyncFailureHandler;
import org.forgerock.openidm.provisioner.openicf.syncfailure.SyncFailureHandlerFactory;
import org.forgerock.openidm.smartevent.EventEntry;
import org.forgerock.openidm.smartevent.Name;
import org.forgerock.openidm.smartevent.Publisher;
import org.forgerock.openidm.sync.SynchronizationListener;
import org.identityconnectors.common.Pair;
import org.identityconnectors.common.event.ConnectorEvent;
import org.identityconnectors.common.event.ConnectorEventHandler;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.api.ConnectorFacade;
import org.identityconnectors.framework.api.ConnectorFacadeFactory;
import org.identityconnectors.framework.api.ConnectorInfo;
import org.identityconnectors.framework.api.operations.AuthenticationApiOp;
import org.identityconnectors.framework.api.operations.CreateApiOp;
import org.identityconnectors.framework.api.operations.DeleteApiOp;
import org.identityconnectors.framework.api.operations.GetApiOp;
import org.identityconnectors.framework.api.operations.ScriptOnConnectorApiOp;
import org.identityconnectors.framework.api.operations.ScriptOnResourceApiOp;
import org.identityconnectors.framework.api.operations.SearchApiOp;
import org.identityconnectors.framework.api.operations.SyncApiOp;
import org.identityconnectors.framework.api.operations.TestApiOp;
import org.identityconnectors.framework.api.operations.UpdateApiOp;
import org.identityconnectors.framework.common.FrameworkUtil;
import org.identityconnectors.framework.common.exceptions.AlreadyExistsException;
import org.identityconnectors.framework.common.exceptions.ConfigurationException;
import org.identityconnectors.framework.common.exceptions.ConnectionBrokenException;
import org.identityconnectors.framework.common.exceptions.ConnectionFailedException;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.exceptions.ConnectorIOException;
import org.identityconnectors.framework.common.exceptions.ConnectorSecurityException;
import org.identityconnectors.framework.common.exceptions.InvalidCredentialException;
import org.identityconnectors.framework.common.exceptions.InvalidPasswordException;
import org.identityconnectors.framework.common.exceptions.OperationTimeoutException;
import org.identityconnectors.framework.common.exceptions.PasswordExpiredException;
import org.identityconnectors.framework.common.exceptions.PermissionDeniedException;
import org.identityconnectors.framework.common.exceptions.UnknownUidException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptionsBuilder;
import org.identityconnectors.framework.common.objects.ScriptContextBuilder;
import org.identityconnectors.framework.common.objects.SyncDelta;
import org.identityconnectors.framework.common.objects.SyncDeltaType;
import org.identityconnectors.framework.common.objects.SyncResultsHandler;
import org.identityconnectors.framework.common.objects.SyncToken;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.common.objects.filter.Filter;
import org.identityconnectors.framework.common.serializer.SerializerUtil;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.ComponentException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidm/provisioner/openicf/impl/OpenICFProvisionerService.class */
public class OpenICFProvisionerService implements ProvisionerService, ConnectorEventHandler {
    public static final String PID = "org.forgerock.openidm.provisioner.openicf";
    private static final String EVENT_PREFIX = "openidm/internal/system/";
    private JsonResource router;
    private static final Logger logger = LoggerFactory.getLogger(OpenICFProvisionerService.class);
    private static final ObjectMapper MAPPER = new ObjectMapper();
    private SimpleSystemIdentifier systemIdentifier = null;
    private OperationHelperBuilder operationHelperBuilder = null;
    private boolean allowModification = true;
    private ConnectorFacade connectorFacade = null;
    private boolean serviceAvailable = false;
    private JsonValue jsonConfiguration = null;
    private ConnectorReference connectorReference = null;
    private Map<String, SystemAction> systemActions = new HashMap();
    private SyncFailureHandler syncFailureHandler = null;
    private ConnectorInfoProvider connectorInfoProvider = null;
    protected CryptoService cryptoService = null;
    protected SyncFailureHandlerFactory syncFailureHandlerFactory = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService$2, reason: invalid class name */
    /* loaded from: input_file:org/forgerock/openidm/provisioner/openicf/impl/OpenICFProvisionerService$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method;
        static final /* synthetic */ int[] $SwitchMap$org$identityconnectors$framework$common$objects$SyncDeltaType = new int[SyncDeltaType.values().length];

        static {
            try {
                $SwitchMap$org$identityconnectors$framework$common$objects$SyncDeltaType[SyncDeltaType.CREATE_OR_UPDATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$identityconnectors$framework$common$objects$SyncDeltaType[SyncDeltaType.DELETE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$org$forgerock$openidm$provisioner$openicf$impl$OpenICFProvisionerService$ActionId = new int[ActionId.values().length];
            try {
                $SwitchMap$org$forgerock$openidm$provisioner$openicf$impl$OpenICFProvisionerService$ActionId[ActionId.script.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$forgerock$openidm$provisioner$openicf$impl$OpenICFProvisionerService$ActionId[ActionId.authenticate.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method = new int[SimpleJsonResource.Method.values().length];
            try {
                $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method[SimpleJsonResource.Method.create.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method[SimpleJsonResource.Method.read.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method[SimpleJsonResource.Method.update.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method[SimpleJsonResource.Method.delete.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method[SimpleJsonResource.Method.query.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method[SimpleJsonResource.Method.action.ordinal()] = 6;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    /* loaded from: input_file:org/forgerock/openidm/provisioner/openicf/impl/OpenICFProvisionerService$ActionId.class */
    private enum ActionId {
        script,
        authenticate
    }

    protected void activate(ComponentContext componentContext) {
        try {
            this.jsonConfiguration = JSONEnhancedConfig.newInstance().getConfigurationAsJson(componentContext);
            this.systemIdentifier = new SimpleSystemIdentifier(this.jsonConfiguration);
            this.allowModification = !this.jsonConfiguration.get("readOnly").defaultTo(false).asBoolean().booleanValue();
            if (!this.allowModification) {
                logger.debug("OpenICF Provisioner Service {} is running in read-only mode", this.systemIdentifier);
            }
            this.connectorReference = ConnectorUtil.getConnectorReference(this.jsonConfiguration);
            this.syncFailureHandler = this.syncFailureHandlerFactory.create(this.jsonConfiguration.get("syncFailureHandler"));
            ConnectorInfo findConnectorInfo = this.connectorInfoProvider.findConnectorInfo(this.connectorReference);
            if (null != findConnectorInfo) {
                logger.info("OpenICF ConnectorInfo of {} was found.", this.connectorReference);
                init(findConnectorInfo);
            } else {
                if (this.connectorReference.getConnectorLocation().equals(ConnectorReference.ConnectorLocation.LOCAL)) {
                    logger.error("OpenICF ConnectorInfo can not be loaded for {} from #LOCAL", this.connectorReference);
                    throw new ComponentException("OpenICF ConnectorInfo can not be retrieved for " + this.connectorReference);
                }
                logger.info("OpenICF ConnectorInfo for {} is not available yet.", this.connectorReference);
            }
            if (!this.connectorReference.getConnectorLocation().equals(ConnectorReference.ConnectorLocation.LOCAL)) {
                this.connectorInfoProvider.addConnectorEventHandler(this.connectorReference, this);
            }
            if (this.jsonConfiguration.isDefined("systemActions")) {
                Iterator it = this.jsonConfiguration.get("systemActions").expect(List.class).iterator();
                while (it.hasNext()) {
                    SystemAction systemAction = new SystemAction((JsonValue) it.next());
                    this.systemActions.put(systemAction.getName(), systemAction);
                }
            }
            logger.info("OpenICF Provisioner Service component {} is activated{}", this.systemIdentifier, this.serviceAvailable ? "." : " although the service is not available yet.");
        } catch (Exception e) {
            logger.error("OpenICF Provisioner Service configuration has errors", e);
            throw new ComponentException("OpenICF Provisioner Service configuration has errors", e);
        }
    }

    private void init(ConnectorInfo connectorInfo) {
        try {
            this.operationHelperBuilder = new OperationHelperBuilder(this.systemIdentifier.getName(), this.jsonConfiguration, connectorInfo.createDefaultAPIConfiguration());
            logger.debug("OpenICF connector configuration has no errors.");
            ConnectorFacade connectorFacade = getConnectorFacade();
            if (null == connectorFacade || !connectorFacade.getSupportedOperations().contains(TestApiOp.class)) {
                if (null == connectorFacade) {
                    logger.warn("OpenICF ConnectorFacade of {} is not available", this.connectorReference);
                    return;
                } else {
                    this.serviceAvailable = true;
                    logger.debug("OpenICF connector of {} does not support test.", this.connectorReference);
                    return;
                }
            }
            try {
                connectorFacade.test();
                logger.debug("OpenICF connector test of {} succeeded!", this.systemIdentifier);
                this.serviceAvailable = true;
            } catch (Throwable th) {
                logger.error("OpenICF connector test of {} failed!", this.systemIdentifier, th);
            }
        } catch (Exception e) {
            logger.error("OpenICF connector configuration of {} has errors.", this.systemIdentifier, e);
            throw new ComponentException("OpenICF connector configuration has errors and the service can not be initiated.", e);
        }
    }

    protected void deactivate(ComponentContext componentContext) {
        this.connectorInfoProvider.deleteConnectorEventHandler(this);
        this.serviceAvailable = true;
        this.systemIdentifier = null;
        this.operationHelperBuilder = null;
        this.connectorFacade = null;
        logger.info("OpenICF Provisioner Service component {} is deactivated.", this.systemIdentifier);
    }

    public void handleEvent(ConnectorEvent connectorEvent) {
        logger.debug("ConnectorEvent received. Topic: {}, Source: {}", connectorEvent.getTopic(), connectorEvent.getSource());
        if (!"ORG_FORGEROCK_OPENICF_CONNECTOREVENT-REGISTERED".equals(connectorEvent.getTopic())) {
            if ("ORG_FORGEROCK_OPENICF_CONNECTOREVENT-UNREGISTERING".equals(connectorEvent.getTopic())) {
                this.serviceAvailable = false;
                logger.info("OpenICF Provisioner Service component {} is deactivated.", this.systemIdentifier);
                this.connectorFacade = null;
                this.operationHelperBuilder = null;
                return;
            }
            return;
        }
        ConnectorInfo findConnectorInfo = this.connectorInfoProvider.findConnectorInfo(this.connectorReference);
        if (null == findConnectorInfo) {
            logger.error("OpenICF ConnectorInfo for {} is not available.", this.connectorReference);
            return;
        }
        logger.info("OpenICF ConnectorInfo of {} was found.", this.connectorReference);
        try {
            init(findConnectorInfo);
            logger.info("OpenICF Provisioner Service component {} is activated{}", this.systemIdentifier, this.serviceAvailable ? "." : " although the service is not available yet.");
        } catch (Throwable th) {
        }
    }

    public SystemIdentifier getSystemIdentifier() {
        return this.systemIdentifier;
    }

    public Map<String, Object> getStatus() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            JsonValue jsonValue = new JsonValue(linkedHashMap);
            jsonValue.put("name", this.systemIdentifier.getName());
            try {
                getConnectorFacade().test();
            } catch (UnsupportedOperationException e) {
                jsonValue.put("reason", "TEST UnsupportedOperation");
            }
            jsonValue.put("ok", true);
        } catch (Throwable th) {
            linkedHashMap.put("error", th.getMessage());
        }
        return linkedHashMap;
    }

    public Map<String, Object> testConfig(JsonValue jsonValue) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        JsonValue jsonValue2 = new JsonValue(linkedHashMap);
        jsonValue2.add("name", this.systemIdentifier.getName());
        jsonValue2.add("ok", false);
        try {
            SimpleSystemIdentifier simpleSystemIdentifier = new SimpleSystemIdentifier(jsonValue);
            ConnectorReference connectorReference = ConnectorUtil.getConnectorReference(this.jsonConfiguration);
            ConnectorInfo findConnectorInfo = this.connectorInfoProvider.findConnectorInfo(connectorReference);
            if (null != findConnectorInfo) {
                try {
                    ConnectorFacade newInstance = ConnectorFacadeFactory.getInstance().newInstance(new OperationHelperBuilder(simpleSystemIdentifier.getName(), jsonValue, findConnectorInfo.createDefaultAPIConfiguration()).getRuntimeAPIConfiguration());
                    if (null != newInstance && newInstance.getSupportedOperations().contains(TestApiOp.class)) {
                        try {
                            newInstance.test();
                        } catch (UnsupportedOperationException e) {
                            jsonValue2.put("reason", "TEST UnsupportedOperation");
                        } catch (Throwable th) {
                            jsonValue2.put("error", th.getMessage());
                            return linkedHashMap;
                        }
                        jsonValue2.put("ok", true);
                    } else if (null == newInstance) {
                        jsonValue2.add("error", "OpenICF ConnectorFacade of " + connectorReference + " is not available");
                    } else {
                        jsonValue2.add("error", "OpenICF connector of " + connectorReference + " does not support test.");
                    }
                } catch (Exception e2) {
                    e2.printStackTrace();
                    jsonValue2.add("error", "OpenICF connector configuration has errors: " + e2.getMessage());
                    return linkedHashMap;
                }
            } else if (connectorReference.getConnectorLocation().equals(ConnectorReference.ConnectorLocation.LOCAL)) {
                jsonValue2.add("error", "OpenICF ConnectorInfo can not be loaded for " + connectorReference + " from #LOCAL");
            } else {
                jsonValue2.add("error", "OpenICF ConnectorInfo for " + connectorReference + " is not available yet.");
            }
            return linkedHashMap;
        } catch (JsonValueException e3) {
            jsonValue2.add("error", "OpenICF Provisioner Service configuration has errors: " + e3.getMessage());
            return linkedHashMap;
        }
    }

    public JsonValue handle(JsonValue jsonValue) throws JsonResourceException {
        if (!this.serviceAvailable) {
            throw new JsonResourceException(503);
        }
        JsonValue jsonValue2 = null;
        try {
            SimpleJsonResource.Method method = (SimpleJsonResource.Method) jsonValue.get("method").required().asEnum(SimpleJsonResource.Method.class);
            Id id = new Id(jsonValue.get("id").required().asString());
            String asString = jsonValue.get("rev").asString();
            JsonValue jsonValue3 = jsonValue.get("value");
            JsonValue jsonValue4 = jsonValue.get("params");
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        try {
                                            try {
                                                try {
                                                    try {
                                                        traceObject(method, id, jsonValue3);
                                                        switch (AnonymousClass2.$SwitchMap$org$forgerock$json$resource$SimpleJsonResource$Method[method.ordinal()]) {
                                                            case 1:
                                                                JsonValue create = create(id, jsonValue3.required(), jsonValue4);
                                                                ActivityLog.log(this.router, jsonValue, "message", id.toString(), jsonValue3, create, Status.SUCCESS);
                                                                return create;
                                                            case 2:
                                                                JsonValue read = read(id, jsonValue4);
                                                                ActivityLog.log(this.router, jsonValue, "message", id.toString(), (JsonValue) null, read, Status.SUCCESS);
                                                                return read;
                                                            case 3:
                                                                JsonValue update = update(id, asString, jsonValue3.required(), jsonValue4);
                                                                ActivityLog.log(this.router, jsonValue, "message", id.toString(), jsonValue3, update, Status.SUCCESS);
                                                                return update;
                                                            case 4:
                                                                try {
                                                                    jsonValue2 = read(id, jsonValue4);
                                                                } catch (Exception e) {
                                                                    logger.info("Operation read of {} failed before delete", id, e);
                                                                }
                                                                JsonValue delete = delete(id, asString, jsonValue4);
                                                                ActivityLog.log(this.router, jsonValue, "message", id.toString(), jsonValue2, delete, Status.SUCCESS);
                                                                return delete;
                                                            case 5:
                                                                JsonValue query = query(id, jsonValue4.required());
                                                                ActivityLog.log(this.router, jsonValue, "message", id.toString(), jsonValue4, query, Status.SUCCESS);
                                                                return query;
                                                            case 6:
                                                                JsonValue jsonValue5 = new JsonValue(new HashMap());
                                                                jsonValue5.put("value", jsonValue3);
                                                                jsonValue5.put("params", filterParamsToLog(jsonValue4));
                                                                JsonValue action = action(id, (ActionId) jsonValue4.get("_action").required().asEnum(ActionId.class), jsonValue3, jsonValue4.required());
                                                                ActivityLog.log(this.router, jsonValue, "message", id.toString(), jsonValue5, action, Status.SUCCESS);
                                                                return action;
                                                            default:
                                                                throw new JsonResourceException(400);
                                                        }
                                                    } catch (InvalidPasswordException e2) {
                                                        if (logger.isDebugEnabled()) {
                                                            logger.error("Invalid password has been provided to operation {} for system object: {}", new Object[]{method, id}, e2);
                                                        }
                                                        ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e2.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                                                        throw new JsonResourceException(500, e2.getClass().getSimpleName(), e2);
                                                    }
                                                } catch (AlreadyExistsException e3) {
                                                    if (logger.isDebugEnabled()) {
                                                        logger.error("System object {} already exists", id, e3);
                                                    }
                                                    ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e3.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                                                    throw new JsonResourceException(409, e3.getClass().getSimpleName(), e3);
                                                }
                                            } catch (UnknownUidException e4) {
                                                if (logger.isDebugEnabled()) {
                                                    logger.error("Operation {} failed with UnknownUidException on system object: {}", new Object[]{method, id}, e4);
                                                }
                                                ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e4.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                                                throw new JsonResourceException(404, e4.getClass().getSimpleName(), e4);
                                            }
                                        } catch (ConnectorIOException e5) {
                                            if (logger.isDebugEnabled()) {
                                                logger.error("Operation {} failed with ConnectorIOException on system object: {}", new Object[]{method, id}, e5);
                                            }
                                            ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e5.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                                            throw new JsonResourceException(503, e5.getClass().getSimpleName(), e5);
                                        }
                                    } catch (InvalidCredentialException e6) {
                                        if (logger.isDebugEnabled()) {
                                            logger.error("Invalid credential has been provided to operation {} for system object: {}", new Object[]{method, id}, e6);
                                        }
                                        ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e6.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                                        throw new JsonResourceException(500, e6.getClass().getSimpleName(), e6);
                                    }
                                } catch (Exception e7) {
                                    if (logger.isDebugEnabled()) {
                                        logger.error("Operation {} failed with Exception on system object: {}", new Object[]{method, id}, e7);
                                    }
                                    ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e7.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                                    throw new JsonResourceException(500, e7.getClass().getSimpleName(), e7);
                                }
                            } catch (PermissionDeniedException e8) {
                                if (logger.isDebugEnabled()) {
                                    logger.error("Permission was denied on {} operation for system object: {}", new Object[]{method, id}, e8);
                                }
                                ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e8.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                                throw new JsonResourceException(403, e8.getClass().getSimpleName(), e8);
                            }
                        } catch (ConnectorSecurityException e9) {
                            if (logger.isDebugEnabled()) {
                                logger.error("Operation {} failed with ConnectorSecurityException on system object: {}", new Object[]{method, id}, e9);
                            }
                            ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e9.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                            throw new JsonResourceException(500, e9.getClass().getSimpleName(), e9);
                        } catch (ConnectionBrokenException e10) {
                            if (logger.isDebugEnabled()) {
                                logger.error("Operation {} failed with ConnectionBrokenException on system object: {}", new Object[]{method, id}, e10);
                            }
                            ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e10.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                            throw new JsonResourceException(503, e10.getClass().getSimpleName(), e10);
                        }
                    } catch (OperationTimeoutException e11) {
                        if (logger.isDebugEnabled()) {
                            logger.error("Operation {} Timeout on system object: {}", new Object[]{method, id}, e11);
                        }
                        ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e11.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                        throw new JsonResourceException(503, e11.getClass().getSimpleName(), e11);
                    } catch (ConnectionFailedException e12) {
                        if (logger.isDebugEnabled()) {
                            logger.error("Connection failed during operation {} on system object: {}", new Object[]{method, id}, e12);
                        }
                        ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e12.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                        throw new JsonResourceException(503, e12.getClass().getSimpleName(), e12);
                    }
                } catch (PasswordExpiredException e13) {
                    if (logger.isDebugEnabled()) {
                        logger.error("Operation {} failed with PasswordExpiredException on system object: {}", new Object[]{method, id}, e13);
                    }
                    ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e13.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                    throw new JsonResourceException(500, e13.getClass().getSimpleName(), e13);
                } catch (ConfigurationException e14) {
                    if (logger.isDebugEnabled()) {
                        logger.error("Operation {} failed with ConfigurationException on system object: {}", new Object[]{method, id}, e14);
                    }
                    ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e14.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                    throw new JsonResourceException(500, e14.getClass().getSimpleName(), e14);
                }
            } catch (ConnectorException e15) {
                if (logger.isDebugEnabled()) {
                    logger.error("Operation {} failed with ConnectorException on system object: {}", new Object[]{method, id}, e15);
                }
                ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e15.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                throw new JsonResourceException(500, e15.getClass().getSimpleName(), e15);
            } catch (JsonResourceException e16) {
                ActivityLog.log(this.router, jsonValue, "Operation " + method.name() + " failed with " + e16.getClass().getSimpleName(), id.toString(), (JsonValue) null, (JsonValue) null, Status.FAILURE);
                throw e16;
            }
        } catch (JsonValueException e17) {
            ActivityLog.log(this.router, jsonValue, "Bad Request", (String) null, (JsonValue) null, (JsonValue) null, Status.FAILURE);
            throw new JsonResourceException(400, e17);
        }
    }

    public JsonValue create(Id id, JsonValue jsonValue, JsonValue jsonValue2) throws Exception {
        OperationHelper build = this.operationHelperBuilder.build(id.getObjectType(), jsonValue2, this.cryptoService);
        if (!this.allowModification || !build.isOperationPermitted(CreateApiOp.class)) {
            logger.debug("Operation create of {} is not permitted", id);
            return null;
        }
        Pair<ObjectClass, Set<Attribute>> build2 = build.build(CreateApiOp.class, jsonValue);
        build.resetUid(getConnectorFacade().create((ObjectClass) build2.first, AttributeUtil.filterUid((Set) build2.second), build.getOperationOptionsBuilder(CreateApiOp.class, jsonValue2).build()), jsonValue);
        return jsonValue;
    }

    public JsonValue read(Id id, JsonValue jsonValue) throws Exception {
        OperationHelper build = this.operationHelperBuilder.build(id.getObjectType(), jsonValue, this.cryptoService);
        ConnectorFacade connectorFacade = getConnectorFacade();
        if (build.isOperationPermitted(GetApiOp.class)) {
            ConnectorObject object = connectorFacade.getObject(build.getObjectClass(), new Uid(id.getLocalId()), build.getOperationOptionsBuilder(GetApiOp.class, jsonValue).build());
            if (null != object) {
                return build.build(object);
            }
        } else {
            logger.debug("Operation read of {} is not permitted", id);
        }
        throw new JsonResourceException(404, id.toString());
    }

    public JsonValue update(Id id, String str, JsonValue jsonValue, JsonValue jsonValue2) throws Exception {
        OperationHelper build = this.operationHelperBuilder.build(id.getObjectType(), jsonValue2, this.cryptoService);
        if (!this.allowModification || !build.isOperationPermitted(UpdateApiOp.class)) {
            logger.debug("Operation update of {} is not permitted", id);
            return null;
        }
        Pair<ObjectClass, Set<Attribute>> build2 = build.build(UpdateApiOp.class, jsonValue);
        build.resetUid(getConnectorFacade().update((ObjectClass) build2.first, new Uid(id.getLocalId()), (Set) build2.second, build.getOperationOptionsBuilder(UpdateApiOp.class, jsonValue2).build()), jsonValue);
        return jsonValue;
    }

    public JsonValue delete(Id id, String str, JsonValue jsonValue) throws Exception {
        OperationHelper build = this.operationHelperBuilder.build(id.getObjectType(), jsonValue, this.cryptoService);
        if (!this.allowModification || !build.isOperationPermitted(DeleteApiOp.class)) {
            logger.debug("Operation DELETE of {} is not permitted", id);
            return null;
        }
        getConnectorFacade().delete(build.getObjectClass(), new Uid(id.getLocalId()), build.getOperationOptionsBuilder(DeleteApiOp.class, null).build());
        return null;
    }

    public JsonValue query(Id id, JsonValue jsonValue) throws Exception {
        OperationHelper build = this.operationHelperBuilder.build(id.getObjectType(), jsonValue, this.cryptoService);
        JsonValue jsonValue2 = new JsonValue(new HashMap());
        if (build.isOperationPermitted(SearchApiOp.class)) {
            OperationOptionsBuilder operationOptionsBuilder = build.getOperationOptionsBuilder(SearchApiOp.class, null);
            JsonValue jsonValue3 = jsonValue.get("query");
            JsonValue jsonValue4 = jsonValue.get("_queryId");
            EventEntry start = Publisher.start(getQueryEventName(id, jsonValue, jsonValue3.asMap(), jsonValue4.asString()), (Object) null, id);
            try {
                Filter filter = null;
                if (!jsonValue3.isNull()) {
                    filter = build.build(jsonValue3.asMap(), jsonValue.get("params").asMap());
                } else {
                    if (jsonValue4.isNull()) {
                        throw new JsonResourceException(400, "Query request does not contain valid query");
                    }
                    if (!"query-all-ids".equals(jsonValue4.asString())) {
                        throw new JsonResourceException(400, "Unknown query id: " + jsonValue4);
                    }
                    operationOptionsBuilder.setAttributesToGet(new String[]{Uid.NAME});
                }
                getConnectorFacade().search(build.getObjectClass(), filter, build.getResultsHandler(), operationOptionsBuilder.build());
                jsonValue2.put("result", build.getQueryResult());
                start.setResult(jsonValue2);
                start.end();
            } catch (Throwable th) {
                start.end();
                throw th;
            }
        } else {
            logger.debug("Operation QUERY of {} is not permitted", id);
        }
        return jsonValue2;
    }

    Name getQueryEventName(Id id, JsonValue jsonValue, Map<String, Object> map, String str) {
        String str2 = EVENT_PREFIX + id.getSystemName() + "/" + id.getObjectType() + "/query/";
        return jsonValue == null ? Name.get(str2 + "_default_query") : map != null ? Name.get(str2 + "_query_expression") : Name.get(str2 + str);
    }

    public JsonValue action(Id id, ActionId actionId, JsonValue jsonValue, JsonValue jsonValue2) throws Exception {
        Object runScriptOnConnector;
        JsonValue jsonValue3 = null;
        switch (actionId) {
            case script:
                SystemAction systemAction = this.systemActions.get(jsonValue2.get(SystemAction.SCRIPT_ID).required().asString());
                if (null == systemAction) {
                    throw new JsonResourceException(400, "SystemAction not found: " + jsonValue2.get("name").getObject());
                }
                List<ScriptContextBuilder> scriptContextBuilders = systemAction.getScriptContextBuilders(this.connectorReference.getConnectorKey().getConnectorName());
                if (null == scriptContextBuilders) {
                    return null;
                }
                OperationHelper build = this.operationHelperBuilder.build(id.getObjectType(), jsonValue2, this.cryptoService);
                JsonValue jsonValue4 = new JsonValue(new HashMap());
                boolean z = !"resource".equalsIgnoreCase(jsonValue2.get(SystemAction.SCRIPT_EXECUTE_MODE).asString());
                if (build.isOperationPermitted(z ? ScriptOnConnectorApiOp.class : ScriptOnResourceApiOp.class)) {
                    JsonValue jsonValue5 = jsonValue2.get(SystemAction.SCRIPT_VARIABLE_PREFIX);
                    String str = null;
                    if (!jsonValue5.isNull() && jsonValue5.isString()) {
                        str = jsonValue5.asString();
                    }
                    ArrayList arrayList = new ArrayList(scriptContextBuilders.size());
                    jsonValue4.put("actions", arrayList);
                    for (ScriptContextBuilder scriptContextBuilder : scriptContextBuilders) {
                        boolean equalsIgnoreCase = scriptContextBuilder.getScriptLanguage().equalsIgnoreCase("Shell");
                        for (Map.Entry entry : jsonValue2.asMap().entrySet()) {
                            if (!((String) entry.getKey()).startsWith("_")) {
                                Object value = entry.getValue();
                                Object obj = value;
                                if (equalsIgnoreCase) {
                                    if ("password".equalsIgnoreCase((String) entry.getKey())) {
                                        if (!(value instanceof String)) {
                                            throw new JsonResourceException(400, "Invalid type for password.");
                                        }
                                        obj = new GuardedString(((String) value).toCharArray());
                                    }
                                    if ("username".equalsIgnoreCase((String) entry.getKey()) && !(value instanceof String)) {
                                        throw new JsonResourceException(400, "Invalid type for username.");
                                    }
                                    if ("workingdir".equalsIgnoreCase((String) entry.getKey()) && !(value instanceof String)) {
                                        throw new JsonResourceException(400, "Invalid type for workingdir.");
                                    }
                                    if ("timeout".equalsIgnoreCase((String) entry.getKey()) && !(value instanceof String) && !(value instanceof Number)) {
                                        throw new JsonResourceException(400, "Invalid type for timeout.");
                                    }
                                    scriptContextBuilder.addScriptArgument((String) entry.getKey(), obj);
                                } else {
                                    if (null != value) {
                                        if (value instanceof Collection) {
                                            obj = Array.newInstance((Class<?>) Object.class, ((Collection) value).size());
                                            int i = 0;
                                            for (Object obj2 : (Collection) value) {
                                                if (null == obj2 || FrameworkUtil.isSupportedAttributeType(obj2.getClass())) {
                                                    Array.set(obj, i, obj2);
                                                } else {
                                                    Array.set(obj, i, obj2 instanceof Serializable ? obj2 : obj2.toString());
                                                }
                                                i++;
                                            }
                                        } else if (!value.getClass().isArray() && !FrameworkUtil.isSupportedAttributeType(value.getClass())) {
                                            obj = value instanceof Serializable ? value : value.toString();
                                        }
                                    }
                                    scriptContextBuilder.addScriptArgument((String) entry.getKey(), obj);
                                }
                            }
                        }
                        scriptContextBuilder.addScriptArgument("openidm_id", id.toString());
                        OperationOptionsBuilder operationOptionsBuilder = new OperationOptionsBuilder();
                        if (null != str && equalsIgnoreCase) {
                            operationOptionsBuilder.setOption("variablePrefix", str);
                        }
                        HashMap hashMap = new HashMap(2);
                        if (z) {
                            try {
                                runScriptOnConnector = getConnectorFacade().runScriptOnConnector(scriptContextBuilder.build(), operationOptionsBuilder.build());
                            } catch (Throwable th) {
                                if (logger.isDebugEnabled()) {
                                    logger.error("Script execution error.", th);
                                }
                                hashMap.put("error", th.getMessage());
                            }
                        } else {
                            runScriptOnConnector = getConnectorFacade().runScriptOnResource(scriptContextBuilder.build(), operationOptionsBuilder.build());
                        }
                        hashMap.put("result", ConnectorUtil.coercedTypeCasting(runScriptOnConnector, Object.class));
                        arrayList.add(hashMap);
                    }
                } else {
                    logger.debug("Operation ACTION of {} is not permitted", id);
                }
                return jsonValue4;
            case authenticate:
                OperationHelper build2 = this.operationHelperBuilder.build(id.getObjectType(), jsonValue2, this.cryptoService);
                if (build2.isOperationPermitted(AuthenticationApiOp.class)) {
                    Uid authenticate = getConnectorFacade().authenticate(build2.getObjectClass(), jsonValue2.get("username").required().asString(), new GuardedString(jsonValue2.get("password").required().asString().toCharArray()), build2.getOperationOptionsBuilder(AuthenticationApiOp.class, null).build());
                    jsonValue3 = new JsonValue(new HashMap());
                    build2.resetUid(authenticate, jsonValue3);
                    break;
                } else {
                    logger.debug("Operation AUTHENTICATE of {} is not permitted", id);
                    break;
                }
        }
        return jsonValue3;
    }

    public JsonValue liveSynchronize(final String str, JsonValue jsonValue, final SynchronizationListener synchronizationListener) throws JsonResourceException {
        SyncToken syncToken;
        if (!this.serviceAvailable) {
            return jsonValue;
        }
        JsonValue copy = jsonValue != null ? jsonValue.copy() : new JsonValue(new LinkedHashMap());
        JsonValue jsonValue2 = copy.get("connectorData");
        SyncToken syncToken2 = null;
        if (!jsonValue2.isNull()) {
            if (!jsonValue2.isMap()) {
                throw new IllegalArgumentException("Illegal connectorData property. Value must be Map");
            }
            syncToken2 = ConnectorUtil.convertToSyncToken(jsonValue2);
        }
        copy.remove("lastException");
        try {
            final OperationHelper build = this.operationHelperBuilder.build(str, copy, this.cryptoService);
            if (build.isOperationPermitted(SyncApiOp.class)) {
                SyncApiOp operation = getConnectorFacade().getOperation(SyncApiOp.class);
                if (null == operation) {
                    throw new UnsupportedOperationException(SyncApiOp.class.getCanonicalName());
                }
                if (null == syncToken2) {
                    syncToken = operation.getLatestSyncToken(build.getObjectClass());
                    logger.debug("New LatestSyncToken has been fetched. New token is: {}", syncToken);
                } else {
                    final SyncToken[] syncTokenArr = {syncToken2};
                    final String[] strArr = new String[1];
                    OperationOptionsBuilder operationOptionsBuilder = build.getOperationOptionsBuilder(SyncApiOp.class, jsonValue);
                    try {
                        try {
                            logger.debug("Execute sync(ObjectClass:{}, SyncToken:{})", new Object[]{build.getObjectClass().getObjectClassValue(), syncToken2});
                            operation.sync(build.getObjectClass(), syncToken2, new SyncResultsHandler() { // from class: org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService.1
                                public boolean handle(SyncDelta syncDelta) {
                                    try {
                                        switch (AnonymousClass2.$SwitchMap$org$identityconnectors$framework$common$objects$SyncDeltaType[syncDelta.getDeltaType().ordinal()]) {
                                            case 1:
                                                JsonValue build2 = build.build(syncDelta.getObject());
                                                if (null != syncDelta.getPreviousUid()) {
                                                    build2.put("_previous-id", Id.escapeUid(syncDelta.getPreviousUid().getUidValue()));
                                                }
                                                synchronizationListener.onUpdate(build.resolveQualifiedId(syncDelta.getUid()).toString(), (JsonValue) null, new JsonValue(build2));
                                                break;
                                            case 2:
                                                synchronizationListener.onDelete(build.resolveQualifiedId(syncDelta.getUid()).toString(), (JsonValue) null);
                                                break;
                                        }
                                    } catch (Exception e) {
                                        strArr[0] = SerializerUtil.serializeXmlObject(syncDelta, true);
                                        if (OpenICFProvisionerService.logger.isDebugEnabled()) {
                                            OpenICFProvisionerService.logger.error("Failed synchronise {} object, handle failure using {}", new Object[]{syncDelta.getUid(), OpenICFProvisionerService.this.syncFailureHandler, e});
                                        }
                                        HashMap hashMap = new HashMap(6);
                                        hashMap.put("token", syncDelta.getToken().getValue());
                                        hashMap.put("systemIdentifier", OpenICFProvisionerService.this.systemIdentifier.getName());
                                        hashMap.put("objectType", str);
                                        hashMap.put("uid", syncDelta.getUid().getUidValue());
                                        hashMap.put("failedRecord", strArr[0]);
                                        OpenICFProvisionerService.this.syncFailureHandler.invoke(hashMap, e);
                                    }
                                    syncTokenArr[0] = syncDelta.getToken();
                                    return true;
                                }
                            }, operationOptionsBuilder.build());
                            syncToken = syncTokenArr[0];
                            logger.debug("Synchronization is finished. New LatestSyncToken value: {}", syncToken);
                        } catch (Throwable th) {
                            logger.debug("Synchronization is finished. New LatestSyncToken value: {}", syncTokenArr[0]);
                            throw th;
                        }
                    } catch (Throwable th2) {
                        LinkedHashMap linkedHashMap = new LinkedHashMap(2);
                        linkedHashMap.put("throwable", th2.getMessage());
                        if (null != strArr[0]) {
                            linkedHashMap.put("syncDelta", strArr[0]);
                        }
                        copy.put("lastException", linkedHashMap);
                        logger.warn("Live synchronization of {} failed on {}", new Object[]{str, this.systemIdentifier.getName()}, th2);
                        syncToken = syncTokenArr[0];
                        logger.debug("Synchronization is finished. New LatestSyncToken value: {}", syncToken);
                    }
                }
                if (null != syncToken) {
                    copy.put("connectorData", ConnectorUtil.convertFromSyncToken(syncToken));
                }
            }
            return copy;
        } catch (JsonResourceException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("Failed to get OperationHelper", e);
            }
            throw e;
        } catch (Exception e2) {
            if (logger.isDebugEnabled()) {
                logger.debug("Failed to get OperationOptionsBuilder", e2);
            }
            throw new JsonResourceException(500, "Failed to get OperationOptionsBuilder: " + e2.getMessage(), e2);
        }
    }

    ConnectorFacade getConnectorFacade() {
        if (null == this.connectorFacade) {
            this.connectorFacade = ConnectorFacadeFactory.getInstance().newInstance(this.operationHelperBuilder.getRuntimeAPIConfiguration());
        }
        return this.connectorFacade;
    }

    private JsonValue filterParamsToLog(JsonValue jsonValue) {
        JsonValue copy = jsonValue.copy();
        copy.remove("password");
        return copy;
    }

    private void traceObject(SimpleJsonResource.Method method, Id id, JsonValue jsonValue) {
        if (!logger.isTraceEnabled() || null == jsonValue) {
            return;
        }
        try {
            StringWriter stringWriter = new StringWriter();
            MAPPER.writeValue(stringWriter, jsonValue.getObject());
            logger.info("Action: {}, Id: {}, Object: {}", new Object[]{method, id, stringWriter});
        } catch (IOException e) {
        }
    }

    protected void bindConnectorInfoProvider(ConnectorInfoProvider connectorInfoProvider) {
        this.connectorInfoProvider = connectorInfoProvider;
    }

    protected void unbindConnectorInfoProvider(ConnectorInfoProvider connectorInfoProvider) {
        if (this.connectorInfoProvider == connectorInfoProvider) {
            this.connectorInfoProvider = null;
        }
    }

    protected void bindRouter(JsonResource jsonResource) {
        this.router = jsonResource;
    }

    protected void unbindRouter(JsonResource jsonResource) {
        if (this.router == jsonResource) {
            this.router = null;
        }
    }

    protected void bindCryptoService(CryptoService cryptoService) {
        this.cryptoService = cryptoService;
    }

    protected void unbindCryptoService(CryptoService cryptoService) {
        if (this.cryptoService == cryptoService) {
            this.cryptoService = null;
        }
    }

    protected void bindSyncFailureHandlerFactory(SyncFailureHandlerFactory syncFailureHandlerFactory) {
        this.syncFailureHandlerFactory = syncFailureHandlerFactory;
    }

    protected void unbindSyncFailureHandlerFactory(SyncFailureHandlerFactory syncFailureHandlerFactory) {
        if (this.syncFailureHandlerFactory == syncFailureHandlerFactory) {
            this.syncFailureHandlerFactory = null;
        }
    }
}
