package org.identityconnectors.ldap.sync.activedirectory;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.BasicControl;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassUtil;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.SyncDelta;
import org.identityconnectors.framework.common.objects.SyncDeltaBuilder;
import org.identityconnectors.framework.common.objects.SyncDeltaType;
import org.identityconnectors.framework.common.objects.SyncResultsHandler;
import org.identityconnectors.framework.common.objects.SyncToken;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.spi.SyncTokenResultsHandler;
import org.identityconnectors.ldap.ADLdapUtil;
import org.identityconnectors.ldap.ADUserAccountControl;
import org.identityconnectors.ldap.LdapConnection;
import org.identityconnectors.ldap.LdapConstants;
import org.identityconnectors.ldap.LdapUtil;
import org.identityconnectors.ldap.search.LdapInternalSearch;
import org.identityconnectors.ldap.search.LdapSearchResultsHandler;
import org.identityconnectors.ldap.search.SimplePagedSearchStrategy;
import org.identityconnectors.ldap.sync.LdapSyncStrategy;

/* loaded from: input_file:org/identityconnectors/ldap/sync/activedirectory/ActiveDirectoryChangeLogSyncStrategy.class */
public class ActiveDirectoryChangeLogSyncStrategy implements LdapSyncStrategy {
    private static final String DELETE_CTRL = "1.2.840.113556.1.4.417";
    private static final String DELETED_PREFIX = "cn=deleted objects,";
    private static final String NAMING_CTX_ATTR = "defaultNamingContext";
    private static final String OBJSID_ATTR = "objectSID";
    private static final String USN_CHANGED_ATTR = "uSNChanged";
    private static final String USN_CREATED_ATTR = "uSNCreated";
    private static final String HCU_CHANGED_ATTR = "highestCommittedUSN";
    private static final String DIRSYNC_EVENTS_OBJCLASS = ObjectClassUtil.createSpecialName("DIRSYNC_EVENTS");
    private static final Log logger = Log.getLog(ActiveDirectoryChangeLogSyncStrategy.class);
    private final LdapConnection conn;
    private final ObjectClass oclass;

    /* renamed from: org.identityconnectors.ldap.sync.activedirectory.ActiveDirectoryChangeLogSyncStrategy$2, reason: invalid class name */
    /* loaded from: input_file:org/identityconnectors/ldap/sync/activedirectory/ActiveDirectoryChangeLogSyncStrategy$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType = new int[LdapConnection.ServerType.values().length];

        static {
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD_GC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD_LDS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public ActiveDirectoryChangeLogSyncStrategy(LdapConnection ldapConnection, ObjectClass objectClass) {
        this.conn = ldapConnection;
        this.oclass = objectClass;
    }

    @Override // org.identityconnectors.ldap.sync.LdapSyncStrategy
    public SyncToken getLatestSyncToken() {
        return this.oclass.is(DIRSYNC_EVENTS_OBJCLASS) ? new SyncToken(getDirSyncCookie()) : new SyncToken(gethighestCommittedUSN());
    }

    @Override // org.identityconnectors.ldap.sync.LdapSyncStrategy
    public void sync(SyncToken syncToken, SyncResultsHandler syncResultsHandler, OperationOptions operationOptions) {
        if (this.oclass.is(DIRSYNC_EVENTS_OBJCLASS)) {
            handleEvents(syncToken, syncResultsHandler, operationOptions);
            return;
        }
        final TreeMap treeMap = new TreeMap();
        final String[] strArr = {""};
        String str = gethighestCommittedUSN();
        SearchControls createDefaultSearchControls = LdapInternalSearch.createDefaultSearchControls();
        createDefaultSearchControls.setSearchScope(2);
        createDefaultSearchControls.setDerefLinkFlag(false);
        try {
            new LdapInternalSearch(this.conn, generateUSNChangedFilter(this.oclass, syncToken, false), Arrays.asList(this.conn.getConfiguration().getBaseContextsToSynchronize()), new SimplePagedSearchStrategy(this.conn.getConfiguration().getBlockSize()), createDefaultSearchControls).execute(new LdapSearchResultsHandler() { // from class: org.identityconnectors.ldap.sync.activedirectory.ActiveDirectoryChangeLogSyncStrategy.1
                @Override // org.identityconnectors.ldap.search.LdapSearchResultsHandler
                public boolean handle(String str2, SearchResult searchResult) throws NamingException {
                    Attributes attributes = searchResult.getAttributes();
                    Uid createUid = ActiveDirectoryChangeLogSyncStrategy.this.conn.getSchemaMapping().createUid(ActiveDirectoryChangeLogSyncStrategy.this.conn.getConfiguration().getUidAttribute(), attributes);
                    ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
                    connectorObjectBuilder.setUid(createUid);
                    if (ObjectClass.ALL.equals(ActiveDirectoryChangeLogSyncStrategy.this.oclass)) {
                        connectorObjectBuilder.setObjectClass(LdapUtil.guessObjectClass(ActiveDirectoryChangeLogSyncStrategy.this.conn, attributes.get(LdapConstants.OBJECTCLASS_ATTR)));
                    } else {
                        connectorObjectBuilder.setObjectClass(ActiveDirectoryChangeLogSyncStrategy.this.oclass);
                    }
                    connectorObjectBuilder.setName(searchResult.getNameInNamespace());
                    if (attributes.get(LdapConstants.MS_GUID_ATTR) != null) {
                        connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build(LdapConstants.MS_GUID_ATTR, new Object[]{ADLdapUtil.objectGUIDtoString(attributes.get(LdapConstants.MS_GUID_ATTR))})});
                        attributes.remove(LdapConstants.MS_GUID_ATTR);
                    }
                    attributes.remove(ActiveDirectoryChangeLogSyncStrategy.OBJSID_ATTR);
                    if (ObjectClass.GROUP.equals(ActiveDirectoryChangeLogSyncStrategy.this.oclass) && attributes.get("member;range=0-1499") != null) {
                        Attribute build = AttributeBuilder.build("member", ADLdapUtil.fetchGroupMembersByRange(ActiveDirectoryChangeLogSyncStrategy.this.conn, searchResult));
                        connectorObjectBuilder.addAttribute(new Attribute[]{build});
                        if (ActiveDirectoryChangeLogSyncStrategy.this.conn.getConfiguration().isGetGroupMemberId()) {
                            connectorObjectBuilder.addAttribute(new Attribute[]{LdapUtil.buildMemberIdAttribute(ActiveDirectoryChangeLogSyncStrategy.this.conn, build)});
                        }
                        attributes.remove("member;range=0-1499");
                        attributes.remove("member");
                    }
                    if (ActiveDirectoryChangeLogSyncStrategy.this.oclass.equals(ObjectClass.ACCOUNT)) {
                        switch (AnonymousClass2.$SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[ActiveDirectoryChangeLogSyncStrategy.this.conn.getServerType().ordinal()]) {
                            case 1:
                            case ADUserAccountControl.ACCOUNT_DISABLED /* 2 */:
                                if (attributes.get(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR) != null) {
                                    String obj = attributes.get(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR).get(0).toString();
                                    Attribute[] attributeArr = new Attribute[1];
                                    attributeArr[0] = AttributeBuilder.buildEnabled(!ADUserAccountControl.isAccountDisabled(obj));
                                    connectorObjectBuilder.addAttribute(attributeArr);
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildLockOut(ADUserAccountControl.isAccountLockOut(obj))});
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildPasswordExpired(ADUserAccountControl.isPasswordExpired(obj))});
                                    break;
                                }
                                break;
                            case 3:
                                if (attributes.get(LdapConstants.MS_DS_USER_ACCOUNT_DISABLED) == null) {
                                    if (attributes.get(LdapConstants.MS_DS_USER_PASSWORD_EXPIRED) == null) {
                                        if (attributes.get(LdapConstants.MS_DS_USER_ACCOUNT_AUTOLOCKED) != null) {
                                            connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildLockOut(Boolean.parseBoolean(attributes.get(LdapConstants.MS_DS_USER_ACCOUNT_AUTOLOCKED).get().toString()))});
                                            break;
                                        }
                                    } else {
                                        connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildPasswordExpired(Boolean.parseBoolean(attributes.get(LdapConstants.MS_DS_USER_PASSWORD_EXPIRED).get().toString()))});
                                        break;
                                    }
                                } else {
                                    Attribute[] attributeArr2 = new Attribute[1];
                                    attributeArr2[0] = AttributeBuilder.buildEnabled(!Boolean.parseBoolean(attributes.get(LdapConstants.MS_DS_USER_ACCOUNT_DISABLED).get().toString()));
                                    connectorObjectBuilder.addAttribute(attributeArr2);
                                    break;
                                }
                                break;
                        }
                        if (attributes.get(ADLdapUtil.ACCOUNT_EXPIRES) != null) {
                            String str3 = (String) attributes.get(ADLdapUtil.ACCOUNT_EXPIRES).get();
                            if ("0".equalsIgnoreCase(str3) || ADLdapUtil.ACCOUNT_NEVER_EXPIRES.equalsIgnoreCase(str3)) {
                                connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build(ADLdapUtil.ACCOUNT_EXPIRES, new Object[]{"0"})});
                            } else {
                                connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build(ADLdapUtil.ACCOUNT_EXPIRES, new Object[]{ADLdapUtil.getADLdapDatefromJavaDate(ADLdapUtil.getJavaDateFromADTime(str3))})});
                            }
                            attributes.remove(ADLdapUtil.ACCOUNT_EXPIRES);
                        }
                        if (attributes.get(ADLdapUtil.PWD_LAST_SET) != null) {
                            String str4 = (String) attributes.get(ADLdapUtil.PWD_LAST_SET).get();
                            if ("0".equalsIgnoreCase(str4)) {
                                connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build(ADLdapUtil.PWD_LAST_SET, new Object[]{"0"})});
                            } else {
                                connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build(ADLdapUtil.PWD_LAST_SET, new Object[]{ADLdapUtil.getADLdapDatefromJavaDate(ADLdapUtil.getJavaDateFromADTime(str4))})});
                            }
                            attributes.remove(ADLdapUtil.PWD_LAST_SET);
                        }
                    }
                    NamingEnumeration all = attributes.getAll();
                    while (all.hasMore()) {
                        javax.naming.directory.Attribute attribute = (javax.naming.directory.Attribute) all.next();
                        String id = attribute.getID();
                        NamingEnumeration all2 = attribute.getAll();
                        ArrayList arrayList = new ArrayList();
                        while (all2.hasMore()) {
                            arrayList.add(all2.next());
                        }
                        connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build(id, arrayList)});
                        if (ActiveDirectoryChangeLogSyncStrategy.this.conn.getConfiguration().isGetGroupMemberId() && ActiveDirectoryChangeLogSyncStrategy.this.oclass.equals(ObjectClass.GROUP) && attribute.getID().equalsIgnoreCase("member")) {
                            connectorObjectBuilder.addAttribute(new Attribute[]{LdapUtil.buildMemberIdAttribute(ActiveDirectoryChangeLogSyncStrategy.this.conn, attribute)});
                        }
                    }
                    SyncDeltaBuilder syncDeltaBuilder = new SyncDeltaBuilder();
                    strArr[0] = attributes.get(ActiveDirectoryChangeLogSyncStrategy.USN_CHANGED_ATTR).get().toString();
                    if (strArr[0].equalsIgnoreCase(attributes.get(ActiveDirectoryChangeLogSyncStrategy.USN_CREATED_ATTR).get().toString())) {
                        syncDeltaBuilder.setDeltaType(SyncDeltaType.CREATE);
                    } else {
                        syncDeltaBuilder.setDeltaType(SyncDeltaType.UPDATE);
                    }
                    syncDeltaBuilder.setToken(new SyncToken(strArr[0]));
                    syncDeltaBuilder.setUid(createUid);
                    syncDeltaBuilder.setObject(connectorObjectBuilder.build());
                    treeMap.put(Integer.valueOf(Integer.parseInt(strArr[0])), syncDeltaBuilder.build());
                    return true;
                }
            });
        } catch (ConnectorException e) {
            if (!(e.getCause() instanceof PartialResultException)) {
                throw e;
            }
            logger.warn("Default naming context of the DC is used as baseContextsToSynchronize.\nPartialResultException has been caught", new Object[0]);
        }
        if (this.conn.supportsControl(DELETE_CTRL)) {
            try {
                String stringAttrValue = LdapUtil.getStringAttrValue(this.conn.getInitialContext().getAttributes("", new String[]{NAMING_CTX_ATTR}), NAMING_CTX_ATTR);
                if (stringAttrValue != null) {
                    NamingEnumeration search = this.conn.getInitialContext().newInstance(new Control[]{new BasicControl(DELETE_CTRL)}).search(DELETED_PREFIX + stringAttrValue, generateUSNChangedFilter(this.oclass, syncToken, true), createDefaultSearchControls);
                    while (search.hasMore()) {
                        Attributes attributes = ((SearchResult) search.next()).getAttributes();
                        Uid createUid = this.conn.getSchemaMapping().createUid(this.conn.getConfiguration().getUidAttribute(), attributes);
                        strArr[0] = attributes.get(USN_CHANGED_ATTR).get().toString();
                        SyncDeltaBuilder syncDeltaBuilder = new SyncDeltaBuilder();
                        syncDeltaBuilder.setToken(new SyncToken(strArr[0]));
                        syncDeltaBuilder.setDeltaType(SyncDeltaType.DELETE);
                        syncDeltaBuilder.setUid(createUid);
                        if (ObjectClass.ALL.equals(this.oclass)) {
                            syncDeltaBuilder.setObjectClass(LdapUtil.guessObjectClass(this.conn, attributes.get(LdapConstants.OBJECTCLASS_ATTR)));
                        } else {
                            syncDeltaBuilder.setObjectClass(this.oclass);
                        }
                        treeMap.put(Integer.valueOf(Integer.parseInt(strArr[0])), syncDeltaBuilder.build());
                    }
                } else if (LdapConnection.ServerType.MSAD_LDS.equals(this.conn.getServerType())) {
                    logger.error("Active Directory Lightweight Directory Services is used but defaultNamingContext has not been set - impossible to detect deleted objects", new Object[0]);
                }
            } catch (NamingException e2) {
                logger.info(e2.getExplanation(), new Object[0]);
            }
        } else {
            logger.info("The server does not support the control to search for deleted entries", new Object[0]);
        }
        for (Map.Entry entry : treeMap.entrySet()) {
            if (!syncResultsHandler.handle((SyncDelta) entry.getValue())) {
                break;
            } else {
                str = ((Integer) entry.getKey()).toString();
            }
        }
        ((SyncTokenResultsHandler) syncResultsHandler).handleResult(new SyncToken(str));
    }

    private String gethighestCommittedUSN() {
        try {
            String stringAttrValue = LdapUtil.getStringAttrValue(this.conn.getInitialContext().getAttributes("", new String[]{HCU_CHANGED_ATTR}), HCU_CHANGED_ATTR);
            if (stringAttrValue == null) {
                throw new ConnectorException("Unable to read the highestCommittedUSN attributefrom the rootDSE of Active Directory ");
            }
            return stringAttrValue;
        } catch (NamingException e) {
            throw new ConnectorException(e);
        }
    }

    private String generateUSNChangedFilter(ObjectClass objectClass, SyncToken syncToken, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (syncToken == null) {
            syncToken = getLatestSyncToken();
        }
        sb.append("(uSNChanged>=");
        sb.append(Integer.parseInt(syncToken.getValue().toString()) + 1);
        sb.append(")");
        if (z) {
            sb.append("(isDeleted=TRUE)");
        }
        if (ObjectClass.ACCOUNT.equals(objectClass)) {
            sb.append(LdapUtil.getObjectClassFilter(this.conn.getConfiguration().getAccountObjectClasses()));
            if (this.conn.getConfiguration().getAccountSynchronizationFilter() != null) {
                sb.append(this.conn.getConfiguration().getAccountSynchronizationFilter());
            }
        } else if (ObjectClass.GROUP.equals(objectClass)) {
            sb.append(LdapUtil.getObjectClassFilter(this.conn.getConfiguration().getGroupObjectClasses()));
            if (this.conn.getConfiguration().getGroupSynchronizationFilter() != null) {
                sb.append(this.conn.getConfiguration().getGroupSynchronizationFilter());
            }
        } else if (ObjectClass.ALL.equals(objectClass)) {
            sb.append(LdapUtil.getObjectClassFilter(this.conn.getConfiguration().getObjectClassesToSynchronize()));
        } else {
            sb.append("(objectClass=");
            sb.append(objectClass.getObjectClassValue());
            sb.append(")");
        }
        sb.insert(0, "(&");
        sb.append(")");
        return sb.toString();
    }

    private byte[] getDirSyncCookie() {
        try {
            String stringAttrValue = LdapUtil.getStringAttrValue(this.conn.getInitialContext().getAttributes("", new String[]{NAMING_CTX_ATTR}), NAMING_CTX_ATTR);
            LdapContext newInstance = this.conn.getInitialContext().newInstance((Control[]) null);
            byte[] bArr = null;
            boolean z = false;
            do {
                newInstance.setRequestControls(new Control[]{new DirSyncControl(bArr)});
                NamingEnumeration search = newInstance.search(stringAttrValue, "(|(objectClass=group)(objectclass=user))", getSearchCtls());
                while (search.hasMoreElements()) {
                    search.next();
                }
                search.close();
                DirSyncResponseControl[] responseControls = newInstance.getResponseControls();
                if (responseControls != null) {
                    for (DirSyncResponseControl dirSyncResponseControl : responseControls) {
                        if (dirSyncResponseControl instanceof DirSyncResponseControl) {
                            DirSyncResponseControl dirSyncResponseControl2 = dirSyncResponseControl;
                            bArr = dirSyncResponseControl2.getResponseCookie();
                            z = dirSyncResponseControl2.hasMore();
                        }
                    }
                }
            } while (z);
            newInstance.close();
            return bArr;
        } catch (NamingException e) {
            logger.error("Problem reading naming context", new Object[0]);
            return null;
        } catch (IOException e2) {
            logger.error("Problem reading cookie", new Object[0]);
            return null;
        }
    }

    private void handleEvents(SyncToken syncToken, SyncResultsHandler syncResultsHandler, OperationOptions operationOptions) {
        ArrayList<SearchResult> arrayList = new ArrayList<>();
        byte[] bArr = (byte[]) syncToken.getValue();
        boolean z = false;
        try {
            String stringAttrValue = LdapUtil.getStringAttrValue(this.conn.getInitialContext().getAttributes("", new String[]{NAMING_CTX_ATTR}), NAMING_CTX_ATTR);
            LdapContext newInstance = this.conn.getInitialContext().newInstance((Control[]) null);
            do {
                newInstance.setRequestControls(new Control[]{new DirSyncControl(bArr)});
                NamingEnumeration search = newInstance.search(stringAttrValue, "(|(objectClass=group)(objectclass=user))", getSearchCtls());
                while (search.hasMoreElements()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attributes attributes = searchResult.getAttributes();
                    String nameInNamespace = searchResult.getNameInNamespace();
                    if (attributes.get("member;range=0-0") == null && attributes.get("member;range=1-1") == null) {
                        boolean z2 = false;
                        if (attributes.get("parentGUID") != null && attributes.get("WhenCreated") == null) {
                            z2 = isOutOfScope(nameInNamespace);
                        }
                        if (attributes.get(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR) != null) {
                            z2 = true;
                        }
                        if (z2) {
                            arrayList.add(searchResult);
                        }
                    } else {
                        arrayList.add(searchResult);
                    }
                }
                DirSyncResponseControl[] responseControls = newInstance.getResponseControls();
                if (responseControls != null) {
                    for (DirSyncResponseControl dirSyncResponseControl : responseControls) {
                        if (dirSyncResponseControl instanceof DirSyncResponseControl) {
                            DirSyncResponseControl dirSyncResponseControl2 = dirSyncResponseControl;
                            bArr = dirSyncResponseControl2.getResponseCookie();
                            z = dirSyncResponseControl2.hasMore();
                        }
                    }
                }
                processChanges(syncResultsHandler, arrayList, new SyncToken(bArr));
                ((SyncTokenResultsHandler) syncResultsHandler).handleResult(new SyncToken(bArr));
                arrayList.clear();
            } while (z);
            newInstance.close();
        } catch (NamingException e) {
            logger.error("Problem reading naming context", new Object[0]);
        } catch (IOException e2) {
            logger.error("Problem reading cookie", new Object[0]);
        }
    }

    private boolean isOutOfScope(String str) throws InvalidNameException {
        boolean z = true;
        LdapName ldapName = new LdapName(str);
        for (String str2 : this.conn.getConfiguration().getBaseContextsToSynchronize()) {
            if (ldapName.startsWith(new LdapName(str2))) {
                z = false;
            }
        }
        return z;
    }

    private void processChanges(SyncResultsHandler syncResultsHandler, ArrayList<SearchResult> arrayList, SyncToken syncToken) throws NamingException {
        Iterator<SearchResult> it = arrayList.iterator();
        while (it.hasNext()) {
            SearchResult next = it.next();
            Attributes attributes = next.getAttributes();
            if (attributes.get("member;range=0-0") == null && attributes.get("member;range=1-1") == null) {
                processUserChange(syncResultsHandler, next, syncToken);
            } else {
                processGroupChange(syncResultsHandler, next, syncToken);
            }
        }
    }

    private void processGroupChange(SyncResultsHandler syncResultsHandler, SearchResult searchResult, SyncToken syncToken) throws NamingException {
        Attributes attributes = searchResult.getAttributes();
        String nameInNamespace = searchResult.getNameInNamespace();
        String objectGUIDtoString = ADLdapUtil.objectGUIDtoString(attributes.get(LdapConstants.MS_GUID_ATTR));
        javax.naming.directory.Attribute attribute = attributes.get("member;range=1-1");
        javax.naming.directory.Attribute attribute2 = attributes.get("member;range=0-0");
        if (attribute != null) {
            NamingEnumeration all = attribute.getAll();
            while (all.hasMore()) {
                String str = (String) all.next();
                String objectGUIDtoString2 = ADLdapUtil.objectGUIDtoString(this.conn.getInitialContext().getAttributes(str, new String[]{LdapConstants.MS_GUID_ATTR}).get(LdapConstants.MS_GUID_ATTR));
                ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
                connectorObjectBuilder.setUid(objectGUIDtoString2);
                connectorObjectBuilder.setName(str);
                connectorObjectBuilder.setObjectClass(this.oclass);
                connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build("addedToGroup", new Object[]{nameInNamespace})});
                connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build("groupGUID", new Object[]{objectGUIDtoString})});
                SyncDeltaBuilder syncDeltaBuilder = new SyncDeltaBuilder();
                syncDeltaBuilder.setToken(syncToken);
                syncDeltaBuilder.setDeltaType(SyncDeltaType.UPDATE);
                syncDeltaBuilder.setUid(new Uid(objectGUIDtoString2));
                syncDeltaBuilder.setObject(connectorObjectBuilder.build());
                if (!syncResultsHandler.handle(syncDeltaBuilder.build())) {
                    break;
                }
            }
        }
        if (attribute2 != null) {
            NamingEnumeration all2 = attribute2.getAll();
            while (all2.hasMore()) {
                String str2 = (String) all2.next();
                String objectGUIDtoString3 = ADLdapUtil.objectGUIDtoString(this.conn.getInitialContext().getAttributes(str2, new String[]{LdapConstants.MS_GUID_ATTR}).get(LdapConstants.MS_GUID_ATTR));
                ConnectorObjectBuilder connectorObjectBuilder2 = new ConnectorObjectBuilder();
                connectorObjectBuilder2.setUid(objectGUIDtoString3);
                connectorObjectBuilder2.setName(str2);
                connectorObjectBuilder2.setObjectClass(this.oclass);
                connectorObjectBuilder2.addAttribute(new Attribute[]{AttributeBuilder.build("removedFromGroup", new Object[]{nameInNamespace})});
                connectorObjectBuilder2.addAttribute(new Attribute[]{AttributeBuilder.build("groupGUID", new Object[]{objectGUIDtoString})});
                SyncDeltaBuilder syncDeltaBuilder2 = new SyncDeltaBuilder();
                syncDeltaBuilder2.setToken(syncToken);
                syncDeltaBuilder2.setDeltaType(SyncDeltaType.UPDATE);
                syncDeltaBuilder2.setUid(new Uid(objectGUIDtoString3));
                syncDeltaBuilder2.setObject(connectorObjectBuilder2.build());
                if (!syncResultsHandler.handle(syncDeltaBuilder2.build())) {
                    return;
                }
            }
        }
    }

    private void processUserChange(SyncResultsHandler syncResultsHandler, SearchResult searchResult, SyncToken syncToken) throws NamingException {
        Attributes attributes = searchResult.getAttributes();
        String nameInNamespace = searchResult.getNameInNamespace();
        String objectGUIDtoString = ADLdapUtil.objectGUIDtoString(attributes.get(LdapConstants.MS_GUID_ATTR));
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        if (attributes.get(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR) != null) {
            String obj = attributes.get(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR).get(0).toString();
            Attribute[] attributeArr = new Attribute[1];
            attributeArr[0] = AttributeBuilder.buildEnabled(!ADUserAccountControl.isAccountDisabled(obj));
            connectorObjectBuilder.addAttribute(attributeArr);
            connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildLockOut(ADUserAccountControl.isAccountLockOut(obj))});
            connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildPasswordExpired(ADUserAccountControl.isPasswordExpired(obj))});
        }
        if (attributes.get("parentGUID") != null) {
            connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build("outOfScope", new Object[]{true})});
        }
        connectorObjectBuilder.setUid(objectGUIDtoString);
        connectorObjectBuilder.setName(nameInNamespace);
        connectorObjectBuilder.setObjectClass(this.oclass);
        connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.build(LdapConstants.MS_GUID_ATTR, new Object[]{objectGUIDtoString})});
        SyncDeltaBuilder syncDeltaBuilder = new SyncDeltaBuilder();
        syncDeltaBuilder.setToken(syncToken);
        syncDeltaBuilder.setDeltaType(SyncDeltaType.UPDATE);
        syncDeltaBuilder.setUid(new Uid(objectGUIDtoString));
        syncDeltaBuilder.setObject(connectorObjectBuilder.build());
        syncResultsHandler.handle(syncDeltaBuilder.build());
    }

    private SearchControls getSearchCtls() {
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[0]);
        searchControls.setSearchScope(2);
        return searchControls;
    }
}
