package org.identityconnectors.ldap.modify;

import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.naming.NameAlreadyBoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.framework.common.exceptions.AlreadyExistsException;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.ldap.GroupHelper;
import org.identityconnectors.ldap.LdapAuthenticate;
import org.identityconnectors.ldap.LdapConnection;
import org.identityconnectors.ldap.LdapConstants;
import org.identityconnectors.ldap.LdapModifyOperation;
import org.identityconnectors.ldap.LdapUtil;
import org.identityconnectors.ldap.schema.GuardedPasswordAttribute;

/* loaded from: input_file:org/identityconnectors/ldap/modify/LdapCreate.class */
public class LdapCreate extends LdapModifyOperation {
    private final ObjectClass oclass;
    private final Set<Attribute> attrs;
    private final OperationOptions options;
    private static final Log log = Log.getLog(LdapCreate.class);

    public LdapCreate(LdapConnection ldapConnection, ObjectClass objectClass, Set<Attribute> set, OperationOptions operationOptions) {
        super(ldapConnection);
        this.oclass = objectClass;
        this.options = operationOptions;
        this.attrs = set;
    }

    public Uid execute() {
        try {
            return executeImpl();
        } catch (NamingException e) {
            throw new ConnectorException(e);
        }
    }

    private Uid executeImpl() throws NamingException {
        final Name nameFromAttributes = AttributeUtil.getNameFromAttributes(this.attrs);
        if (nameFromAttributes == null) {
            throw new IllegalArgumentException("No Name attribute provided in the attributes");
        }
        List list = null;
        List list2 = null;
        GuardedPasswordAttribute guardedPasswordAttribute = null;
        final BasicAttributes basicAttributes = new BasicAttributes(true);
        for (Attribute attribute : this.attrs) {
            if (!attribute.is(Name.NAME)) {
                if (LdapConstants.isLdapGroups(attribute.getName())) {
                    list = LdapUtil.checkedListByFilter(CollectionUtil.nullAsEmpty(attribute.getValue()), String.class);
                } else if (LdapConstants.isPosixGroups(attribute.getName())) {
                    list2 = LdapUtil.checkedListByFilter(CollectionUtil.nullAsEmpty(attribute.getValue()), String.class);
                } else if (attribute.is(OperationalAttributes.PASSWORD_NAME)) {
                    guardedPasswordAttribute = this.conn.getSchemaMapping().encodePassword(this.oclass, attribute);
                } else {
                    javax.naming.directory.Attribute encodeAttribute = this.conn.getSchemaMapping().encodeAttribute(this.oclass, attribute);
                    if (encodeAttribute != null && encodeAttribute.size() > 0) {
                        basicAttributes.put(encodeAttribute);
                    }
                }
            }
        }
        LdapContext runAsContext = StringUtil.isNotBlank(this.options.getRunAsUser()) ? this.conn.getRunAsContext(new LdapAuthenticate(this.conn, this.oclass, this.options.getRunAsUser(), this.options).getDn(), this.options.getRunWithPassword()) : null;
        final String[] strArr = {null};
        try {
            if (guardedPasswordAttribute != null) {
                final LdapContext ldapContext = runAsContext;
                guardedPasswordAttribute.access(new GuardedPasswordAttribute.Accessor() { // from class: org.identityconnectors.ldap.modify.LdapCreate.1
                    @Override // org.identityconnectors.ldap.schema.GuardedPasswordAttribute.Accessor
                    public void access(javax.naming.directory.Attribute attribute2) {
                        LdapCreate.this.hashPassword(attribute2, null);
                        basicAttributes.put(attribute2);
                        strArr[0] = LdapCreate.this.doCreate(nameFromAttributes, basicAttributes, ldapContext);
                    }
                });
            } else {
                strArr[0] = doCreate(nameFromAttributes, basicAttributes, runAsContext);
            }
            strArr[0] = LdapUtil.escapeDNValueOfJNDIReservedChars(strArr[0]);
            if (!CollectionUtil.isEmpty(list)) {
                this.groupHelper.addLdapGroupMemberships(strArr[0], list, runAsContext);
            }
            if (!CollectionUtil.isEmpty(list2)) {
                this.groupHelper.addPosixGroupMemberships(getFirstPosixRefAttr(strArr[0], getAttributeValues(GroupHelper.getPosixRefAttribute(), null, basicAttributes)), list2, runAsContext);
            }
            return this.conn.getSchemaMapping().createUid(this.oclass, strArr[0]);
        } finally {
            if (runAsContext != null) {
                try {
                    runAsContext.close();
                } catch (NamingException e) {
                }
            }
        }
    }

    public String doCreate(Name name, Attributes attributes, LdapContext ldapContext) {
        LdapName quietCreateLdapName = LdapUtil.quietCreateLdapName(name.getNameValue());
        BasicAttributes basicAttributes = new BasicAttributes();
        NamingEnumeration all = attributes.getAll();
        while (all.hasMoreElements()) {
            basicAttributes.put((javax.naming.directory.Attribute) all.nextElement());
        }
        BasicAttribute basicAttribute = new BasicAttribute(LdapConstants.OBJECTCLASS_ATTR);
        Iterator<String> it = this.conn.getSchemaMapping().getEffectiveLdapClasses(this.oclass).iterator();
        while (it.hasNext()) {
            basicAttribute.add(it.next());
        }
        basicAttributes.put(basicAttribute);
        log.ok("Creating LDAP entry {0} with attributes {1}", new Object[]{quietCreateLdapName, basicAttributes});
        try {
            if (ldapContext == null) {
                this.conn.getInitialContext().createSubcontext(quietCreateLdapName, basicAttributes).close();
            } else {
                ldapContext.createSubcontext(quietCreateLdapName, basicAttributes).close();
            }
            return quietCreateLdapName.toString();
        } catch (NameAlreadyBoundException e) {
            throw new AlreadyExistsException(e);
        } catch (NamingException e2) {
            throw new ConnectorException(e2);
        }
    }
}
