package org.identityconnectors.ldap.search;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import javax.naming.NamingException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedByteArray;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.ConfigurationException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeInfo;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassInfo;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationalAttributeInfos;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.QualifiedUid;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.SortKey;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.spi.SearchResultsHandler;
import org.identityconnectors.ldap.ADLdapUtil;
import org.identityconnectors.ldap.ADUserAccountControl;
import org.identityconnectors.ldap.GroupHelper;
import org.identityconnectors.ldap.LdapConfiguration;
import org.identityconnectors.ldap.LdapConnection;
import org.identityconnectors.ldap.LdapConstants;
import org.identityconnectors.ldap.LdapEntry;
import org.identityconnectors.ldap.LdapUtil;
import org.identityconnectors.ldap.schema.LdapSchemaMapping;
import org.identityconnectors.ldap.sync.sunds.PasswordDecryptor;

/* loaded from: input_file:org/identityconnectors/ldap/search/LdapSearch.class */
public class LdapSearch {
    private static final Log log;
    private final LdapConnection conn;
    private final ObjectClass oclass;
    private final LdapFilter filter;
    private final OperationOptions options;
    private final GroupHelper groupHelper;
    private final String[] baseDNs;
    private PasswordDecryptor passwordDecryptor;
    private final ResultsHandler handler;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.identityconnectors.ldap.search.LdapSearch$4, reason: invalid class name */
    /* loaded from: input_file:org/identityconnectors/ldap/search/LdapSearch$4.class */
    public static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType = new int[LdapConnection.ServerType.values().length];

        static {
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD_GC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[LdapConnection.ServerType.MSAD_LDS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public static Set<String> getAttributesReturnedByDefault(LdapConnection ldapConnection, ObjectClass objectClass) {
        if (objectClass.equals(LdapSchemaMapping.ANY_OBJECT_CLASS)) {
            return CollectionUtil.newSet(new String[]{Name.NAME});
        }
        SortedSet newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        ObjectClassInfo findObjectClassInfo = ldapConnection.getSchemaMapping().schema().findObjectClassInfo(objectClass.getObjectClassValue());
        if (findObjectClassInfo != null) {
            for (AttributeInfo attributeInfo : findObjectClassInfo.getAttributeInfo()) {
                if (attributeInfo.isReturnedByDefault()) {
                    newCaseInsensitiveSet.add(attributeInfo.getName());
                }
            }
        }
        return newCaseInsensitiveSet;
    }

    public LdapSearch(LdapConnection ldapConnection, ObjectClass objectClass, LdapFilter ldapFilter, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        this(ldapConnection, objectClass, ldapFilter, resultsHandler, operationOptions, ldapConnection.getConfiguration().getBaseContexts());
    }

    public LdapSearch(LdapConnection ldapConnection, ObjectClass objectClass, LdapFilter ldapFilter, ResultsHandler resultsHandler, OperationOptions operationOptions, String... strArr) {
        this.passwordDecryptor = null;
        this.conn = ldapConnection;
        this.oclass = objectClass;
        this.filter = ldapFilter;
        this.options = operationOptions;
        this.baseDNs = strArr;
        this.handler = resultsHandler;
        this.groupHelper = new GroupHelper(ldapConnection);
    }

    public final void execute() {
        execute(this.handler);
    }

    public final void execute(final ResultsHandler resultsHandler) {
        final String[] attributesToGet = this.options.getAttributesToGet();
        final Set<String> attributesToGet2 = getAttributesToGet(attributesToGet);
        LdapInternalSearch internalSearch = getInternalSearch(attributesToGet2);
        internalSearch.execute(new LdapSearchResultsHandler() { // from class: org.identityconnectors.ldap.search.LdapSearch.1
            @Override // org.identityconnectors.ldap.search.LdapSearchResultsHandler
            public boolean handle(String str, SearchResult searchResult) throws NamingException {
                return resultsHandler.handle(LdapSearch.this.createConnectorObject(str, searchResult, attributesToGet2, attributesToGet != null));
            }
        });
        if (resultsHandler instanceof SearchResultsHandler) {
            ((SearchResultsHandler) resultsHandler).handleResult(new org.identityconnectors.framework.common.objects.SearchResult(internalSearch.getPagedResultsCookie(), internalSearch.getRemainingPagedResults()));
        }
    }

    public final ConnectorObject getSingleResult() {
        final String[] attributesToGet = this.options.getAttributesToGet();
        final Set<String> attributesToGet2 = getAttributesToGet(attributesToGet);
        final ConnectorObject[] connectorObjectArr = {null};
        getInternalSearch(attributesToGet2).execute(new LdapSearchResultsHandler() { // from class: org.identityconnectors.ldap.search.LdapSearch.2
            @Override // org.identityconnectors.ldap.search.LdapSearchResultsHandler
            public boolean handle(String str, SearchResult searchResult) throws NamingException {
                connectorObjectArr[0] = LdapSearch.this.createConnectorObject(str, searchResult, attributesToGet2, attributesToGet != null);
                return false;
            }
        });
        return connectorObjectArr[0];
    }

    private LdapInternalSearch getInternalSearch(Set<String> set) {
        LdapSearchStrategy searchStrategy;
        List<String> baseDNs;
        int ldapSearchScope;
        String entryDN = this.filter != null ? this.filter.getEntryDN() : null;
        if (entryDN != null) {
            searchStrategy = new DefaultSearchStrategy(true);
            baseDNs = Collections.singletonList(entryDN);
            ldapSearchScope = 0;
        } else {
            searchStrategy = getSearchStrategy();
            baseDNs = getBaseDNs();
            ldapSearchScope = getLdapSearchScope();
        }
        SearchControls createDefaultSearchControls = LdapInternalSearch.createDefaultSearchControls();
        Set<String> ldapAttributesToGet = getLdapAttributesToGet(set);
        createDefaultSearchControls.setReturningAttributes((String[]) ldapAttributesToGet.toArray(new String[ldapAttributesToGet.size()]));
        createDefaultSearchControls.setSearchScope(ldapSearchScope);
        String searchFilter = LdapConstants.getSearchFilter(this.options);
        String str = null;
        if (this.oclass.equals(ObjectClass.ACCOUNT)) {
            str = this.conn.getConfiguration().getAccountSearchFilter();
        } else if (this.oclass.equals(ObjectClass.GROUP)) {
            str = this.conn.getConfiguration().getGroupSearchFilter();
        }
        return new LdapInternalSearch(this.conn, getSearchFilter(searchFilter, this.filter != null ? this.filter.getNativeFilter() : null, str), baseDNs, searchStrategy, createDefaultSearchControls);
    }

    private Set<String> getLdapAttributesToGet(Set<String> set) {
        SortedSet newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        newCaseInsensitiveSet.addAll(set);
        newCaseInsensitiveSet.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove = newCaseInsensitiveSet.remove(LdapConstants.POSIX_GROUPS_NAME);
        Set<String> ldapAttributes = this.conn.getSchemaMapping().getLdapAttributes(this.oclass, newCaseInsensitiveSet, true);
        if (remove) {
            ldapAttributes.add(GroupHelper.getPosixRefAttribute());
        }
        ldapAttributes.removeAll(LdapEntry.ENTRY_DN_ATTRS);
        return ldapAttributes;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Failed to find 'out' block for switch in B:74:0x0214. Please report as an issue. */
    public ConnectorObject createConnectorObject(String str, SearchResult searchResult, Set<String> set, boolean z) {
        LdapEntry create = LdapEntry.create(str, searchResult);
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(this.oclass);
        connectorObjectBuilder.setUid(this.conn.getSchemaMapping().createUid(this.oclass, create));
        connectorObjectBuilder.setName(this.conn.getSchemaMapping().createName(this.oclass, create));
        for (String str2 : set) {
            Attribute attribute = null;
            if (!str2.equalsIgnoreCase(Uid.NAME) && !str2.equalsIgnoreCase(Name.NAME)) {
                if (LdapConstants.isLdapGroups(str2)) {
                    attribute = AttributeBuilder.build(LdapConstants.LDAP_GROUPS_NAME, this.groupHelper.getLdapGroups(create.getDN().toString()));
                } else if (LdapConstants.isPosixGroups(str2)) {
                    attribute = AttributeBuilder.build(LdapConstants.POSIX_GROUPS_NAME, this.groupHelper.getPosixGroups(LdapUtil.getStringAttrValues(create.getAttributes(), GroupHelper.getPosixRefAttribute())));
                } else if (LdapConstants.PASSWORD.is(str2)) {
                    try {
                        String passwordHashAlgorithm = this.conn.getConfiguration().getPasswordHashAlgorithm();
                        if (StringUtil.isBlank(passwordHashAlgorithm) || "NONE".equalsIgnoreCase(passwordHashAlgorithm)) {
                            javax.naming.directory.Attribute attribute2 = create.getAttributes().get(this.conn.getConfiguration().getPasswordAttribute());
                            if (attribute2 != null) {
                                String str3 = new String((byte[]) attribute2.get());
                                if (str3.startsWith("{")) {
                                    log.warn("Could not read password value. Password is in unsupported format.", new Object[0]);
                                    AttributeBuilder.build(str2, new Object[]{new GuardedString()});
                                }
                                attribute = AttributeBuilder.buildPassword(str3.toCharArray());
                            } else {
                                log.warn("Could not read password value. Password is in unsupported format.", new Object[0]);
                                attribute = AttributeBuilder.build(str2, new Object[]{new GuardedString()});
                            }
                        } else {
                            log.warn("Could not read password value. Password is in unsupported format.", new Object[0]);
                            attribute = AttributeBuilder.build(str2, new Object[]{new GuardedString()});
                        }
                    } catch (NamingException e) {
                        log.error(e, "Can't read password attribute", new Object[0]);
                    }
                } else if (LdapConstants.MS_GUID_ATTR.equalsIgnoreCase(str2)) {
                    attribute = AttributeBuilder.build(LdapConstants.MS_GUID_ATTR, new Object[]{ADLdapUtil.objectGUIDtoString(create.getAttributes().get(LdapConstants.MS_GUID_ATTR))});
                } else if (this.oclass.equals(ObjectClass.ACCOUNT) && OperationalAttributes.OPERATIONAL_ATTRIBUTE_NAMES.contains(str2)) {
                    try {
                        switch (AnonymousClass4.$SwitchMap$org$identityconnectors$ldap$LdapConnection$ServerType[this.conn.getServerType().ordinal()]) {
                            case 1:
                            case ADUserAccountControl.ACCOUNT_DISABLED /* 2 */:
                                String obj = create.getAttributes().get(ADUserAccountControl.MS_USR_ACCT_CTRL_ATTR).get().toString();
                                if (OperationalAttributeInfos.ENABLE.is(str2)) {
                                    Attribute[] attributeArr = new Attribute[1];
                                    attributeArr[0] = AttributeBuilder.buildEnabled(!ADUserAccountControl.isAccountDisabled(obj));
                                    connectorObjectBuilder.addAttribute(attributeArr);
                                } else if (OperationalAttributeInfos.LOCK_OUT.is(str2)) {
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildLockOut(ADUserAccountControl.isAccountLockOut(obj))});
                                } else if (OperationalAttributeInfos.PASSWORD_EXPIRED.is(str2)) {
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildPasswordExpired(ADUserAccountControl.isPasswordExpired(obj))});
                                }
                                break;
                            case 3:
                                if (OperationalAttributeInfos.ENABLE.is(str2) && create.getAttributes().get(LdapConstants.MS_DS_USER_ACCOUNT_DISABLED) != null) {
                                    Attribute[] attributeArr2 = new Attribute[1];
                                    attributeArr2[0] = AttributeBuilder.buildEnabled(!Boolean.parseBoolean(create.getAttributes().get(LdapConstants.MS_DS_USER_ACCOUNT_DISABLED).get().toString()));
                                    connectorObjectBuilder.addAttribute(attributeArr2);
                                } else if (OperationalAttributeInfos.PASSWORD_EXPIRED.is(str2) && create.getAttributes().get(LdapConstants.MS_DS_USER_PASSWORD_EXPIRED) != null) {
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildPasswordExpired(Boolean.parseBoolean(create.getAttributes().get(LdapConstants.MS_DS_USER_PASSWORD_EXPIRED).get().toString()))});
                                } else if (OperationalAttributeInfos.LOCK_OUT.is(str2) && create.getAttributes().get(LdapConstants.MS_DS_USER_ACCOUNT_AUTOLOCKED) != null) {
                                    connectorObjectBuilder.addAttribute(new Attribute[]{AttributeBuilder.buildLockOut(Boolean.parseBoolean(create.getAttributes().get(LdapConstants.MS_DS_USER_ACCOUNT_AUTOLOCKED).get().toString()))});
                                }
                                break;
                            default:
                                log.warn("Special Attribute {0} of object class {1} is not mapped to an LDAP attribute", new Object[]{str2, this.oclass.getObjectClassValue()});
                                break;
                        }
                    } catch (NamingException e2) {
                        log.error(e2, "Can't read userAccountControl", new Object[0]);
                    }
                } else {
                    attribute = this.conn.getSchemaMapping().createAttribute(this.oclass, str2, create, z);
                }
                if (this.conn.getServerType().equals(LdapConnection.ServerType.MSAD) && this.oclass.equals(ObjectClass.ACCOUNT)) {
                    try {
                        if (ADLdapUtil.ACCOUNT_EXPIRES.equalsIgnoreCase(str2)) {
                            String str4 = (String) create.getAttributes().get(ADLdapUtil.ACCOUNT_EXPIRES).get(0);
                            attribute = ("0".equalsIgnoreCase(str4) || ADLdapUtil.ACCOUNT_NEVER_EXPIRES.equalsIgnoreCase(str4)) ? AttributeBuilder.build(ADLdapUtil.ACCOUNT_EXPIRES, new Object[]{"0"}) : AttributeBuilder.build(ADLdapUtil.ACCOUNT_EXPIRES, new Object[]{ADLdapUtil.getADLdapDatefromJavaDate(ADLdapUtil.getJavaDateFromADTime(str4))});
                        } else if (ADLdapUtil.PWD_LAST_SET.equalsIgnoreCase(str2)) {
                            String str5 = (String) create.getAttributes().get(ADLdapUtil.PWD_LAST_SET).get(0);
                            attribute = "0".equalsIgnoreCase(str5) ? AttributeBuilder.build(ADLdapUtil.PWD_LAST_SET, new Object[]{"0"}) : AttributeBuilder.build(ADLdapUtil.PWD_LAST_SET, new Object[]{ADLdapUtil.getADLdapDatefromJavaDate(ADLdapUtil.getJavaDateFromADTime(str5))});
                        }
                    } catch (NamingException e3) {
                        log.warn("Special Attribute {0} of object class {1} can not be read from entry", new Object[]{str2, this.oclass.getObjectClassValue()});
                    }
                }
                if (ObjectClass.GROUP.equals(this.oclass) && this.conn.getConfiguration().getGroupMemberAttribute().equalsIgnoreCase(str2)) {
                    if ((LdapConnection.ServerType.MSAD.equals(this.conn.getServerType()) || LdapConnection.ServerType.MSAD_GC.equals(this.conn.getServerType()) || LdapConnection.ServerType.MSAD_LDS.equals(this.conn.getServerType())) && create.getAttributes().get("member;range=0-1499") != null) {
                        attribute = AttributeBuilder.build(str2, ADLdapUtil.fetchGroupMembersByRange(this.conn, create));
                    }
                    if (this.conn.getConfiguration().isGetGroupMemberId()) {
                        connectorObjectBuilder.addAttribute(new Attribute[]{LdapUtil.buildMemberIdAttribute(this.conn, attribute)});
                    }
                }
                if (attribute != null) {
                    connectorObjectBuilder.addAttribute(new Attribute[]{attribute});
                }
            }
        }
        return connectorObjectBuilder.build();
    }

    private PasswordDecryptor getPasswordDecryptor() {
        if (this.passwordDecryptor == null) {
            this.conn.getConfiguration().getPasswordDecryptionKey().access(new GuardedByteArray.Accessor() { // from class: org.identityconnectors.ldap.search.LdapSearch.3
                public void access(final byte[] bArr) {
                    LdapSearch.this.conn.getConfiguration().getPasswordDecryptionInitializationVector().access(new GuardedByteArray.Accessor() { // from class: org.identityconnectors.ldap.search.LdapSearch.3.1
                        public void access(byte[] bArr2) {
                            LdapSearch.this.passwordDecryptor = new PasswordDecryptor(bArr, bArr2);
                        }
                    });
                }
            });
        }
        if ($assertionsDisabled || this.passwordDecryptor != null) {
            return this.passwordDecryptor;
        }
        throw new AssertionError();
    }

    private String getSearchFilter(String... strArr) {
        StringBuilder sb = new StringBuilder();
        String objectClassFilter = getObjectClassFilter();
        int i = StringUtil.isBlank(objectClassFilter) ? 0 : 1;
        for (String str : strArr) {
            i += StringUtil.isBlank(str) ? 0 : 1;
        }
        if (i > 1) {
            sb.append("(&");
        }
        appendFilter(objectClassFilter, sb);
        for (String str2 : strArr) {
            appendFilter(str2, sb);
        }
        if (i > 1) {
            sb.append(')');
        }
        return sb.toString();
    }

    private String getObjectClassFilter() {
        StringBuilder sb = new StringBuilder();
        List<String> ldapClasses = this.conn.getSchemaMapping().getLdapClasses(this.oclass);
        boolean z = ldapClasses.size() > 1;
        if (z) {
            sb.append("(&");
        }
        for (String str : ldapClasses) {
            sb.append("(objectClass=");
            sb.append(str);
            sb.append(')');
        }
        if (z) {
            sb.append(')');
        }
        return sb.toString();
    }

    private static void appendFilter(String str, StringBuilder sb) {
        if (StringUtil.isBlank(str)) {
            return;
        }
        String trim = str.trim();
        boolean z = str.charAt(0) != '(';
        if (z) {
            sb.append('(');
        }
        sb.append(trim);
        if (z) {
            sb.append(')');
        }
    }

    private List<String> getBaseDNs() {
        QualifiedUid container = this.options.getContainer();
        List<String> singletonList = container != null ? Collections.singletonList(LdapSearches.findEntryDN(this.conn, container.getObjectClass(), container.getUid())) : Arrays.asList(this.baseDNs);
        if ($assertionsDisabled || singletonList != null) {
            return singletonList;
        }
        throw new AssertionError();
    }

    private LdapSearchStrategy getSearchStrategy() {
        LdapSearchStrategy ldapSearchStrategy = null;
        Boolean useBlocks = this.conn.getConfiguration().getUseBlocks();
        Boolean usePagedResultControl = this.conn.getConfiguration().getUsePagedResultControl();
        String pagingStrategy = this.conn.getConfiguration().getPagingStrategy();
        if (pagingStrategy == null) {
            pagingStrategy = (useBlocks == null || useBlocks.booleanValue()) ? (usePagedResultControl == null || !usePagedResultControl.booleanValue()) ? (usePagedResultControl == null || usePagedResultControl.booleanValue()) ? LdapConfiguration.PAGING_STRATEGY_AUTO : LdapConfiguration.PAGING_STRATEGY_VLV : LdapConfiguration.PAGING_STRATEGY_SPR : LdapConfiguration.PAGING_STRATEGY_NONE;
        }
        int blockSize = this.conn.getConfiguration().getBlockSize();
        SortKey[] sortKeyArr = null;
        if (this.options.getSortKeys() != null && this.options.getSortKeys().length > 0 && this.conn.supportsControl("1.2.840.113556.1.4.473")) {
            sortKeyArr = this.options.getSortKeys();
        }
        if (this.options != null && this.options.getAllowPartialResults() != null && this.options.getAllowPartialResults().booleanValue() && this.options.getPagedResultsOffset() == null && this.options.getPagedResultsCookie() == null && this.options.getPageSize() == null) {
            return new DefaultSearchStrategy(false, sortKeyArr);
        }
        if (LdapConfiguration.PAGING_STRATEGY_NONE.equals(pagingStrategy)) {
            log.ok("Selecting default search strategy because strategy setting is set to {0}", new Object[]{pagingStrategy});
            ldapSearchStrategy = new DefaultSearchStrategy(false, sortKeyArr);
        } else if (LdapConfiguration.PAGING_STRATEGY_SPR.equals(pagingStrategy)) {
            if (!this.conn.supportsControl("1.2.840.113556.1.4.319")) {
                throw new ConfigurationException("Configured paging strategy " + pagingStrategy + ", but the server does not support PagedResultsControl.");
            }
            log.ok("Selecting SimplePaged search strategy because strategy setting is set to {0}", new Object[]{pagingStrategy});
            ldapSearchStrategy = new SimplePagedSearchStrategy(this.options, blockSize, sortKeyArr);
        } else if (LdapConfiguration.PAGING_STRATEGY_VLV.equals(pagingStrategy)) {
            if (!this.conn.supportsControl(VirtualListViewRequestControl.OID)) {
                throw new ConfigurationException("Configured paging strategy " + pagingStrategy + ", but the server does not support VLV.");
            }
            log.ok("Selecting VLV search strategy because strategy setting is set to {0}", new Object[]{pagingStrategy});
            ldapSearchStrategy = new VlvIndexSearchStrategy(this.options, this.conn.getConfiguration().getVlvSortAttribute(), this.conn.getConfiguration().getVlvSortOrderingRule(), blockSize);
        } else if (LdapConfiguration.PAGING_STRATEGY_AUTO.equals(pagingStrategy)) {
            if (this.options.getPagedResultsOffset() != null) {
                if (!this.conn.supportsControl(VirtualListViewRequestControl.OID)) {
                    throw new UnsupportedOperationException("Requested search from offset (" + this.options.getPagedResultsOffset() + "), but the server does not support VLV. Unable to execute the search.");
                }
                log.ok("Selecting VLV search strategy because strategy setting is set to {0} and the request specifies an offset", new Object[]{pagingStrategy});
                ldapSearchStrategy = new VlvIndexSearchStrategy(this.options, this.conn.getConfiguration().getVlvSortAttribute(), this.conn.getConfiguration().getVlvSortOrderingRule(), blockSize);
            } else if (this.conn.supportsControl("1.2.840.113556.1.4.319")) {
                log.ok("Selecting SimplePaged search strategy because strategy setting is set to {0} and the request does not specify an offset", new Object[]{pagingStrategy});
                ldapSearchStrategy = new SimplePagedSearchStrategy(this.options, blockSize, sortKeyArr);
            } else {
                if (!this.conn.supportsControl(VirtualListViewRequestControl.OID)) {
                    throw new UnsupportedOperationException("Requested paged search, but the server does not support VLV or PagedResultsControl. Unable to execute the search.");
                }
                ldapSearchStrategy = new VlvIndexSearchStrategy(this.options, this.conn.getConfiguration().getVlvSortAttribute(), this.conn.getConfiguration().getVlvSortOrderingRule(), blockSize);
            }
        }
        if (ldapSearchStrategy == null) {
            log.warn("Fallback to default strategy, strategy setting is set to {0}", new Object[]{pagingStrategy});
            ldapSearchStrategy = new DefaultSearchStrategy(false, sortKeyArr);
        }
        return ldapSearchStrategy;
    }

    private Set<String> getAttributesToGet(String[] strArr) {
        Set<String> attributesReturnedByDefault;
        if (strArr != null) {
            attributesReturnedByDefault = CollectionUtil.newCaseInsensitiveSet();
            attributesReturnedByDefault.addAll(Arrays.asList(strArr));
            removeNonReadableAttributes(attributesReturnedByDefault);
            attributesReturnedByDefault.add(Name.NAME);
        } else {
            attributesReturnedByDefault = getAttributesReturnedByDefault(this.conn, this.oclass);
        }
        attributesReturnedByDefault.add(Uid.NAME);
        if (attributesReturnedByDefault.contains(OperationalAttributes.PASSWORD_NAME)) {
            log.warn("Reading passwords not supported", new Object[0]);
        }
        return attributesReturnedByDefault;
    }

    private void removeNonReadableAttributes(Set<String> set) {
        boolean remove = set.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove2 = set.remove(LdapConstants.POSIX_GROUPS_NAME);
        this.conn.getSchemaMapping().removeNonReadableAttributes(this.oclass, set);
        if (remove) {
            set.add(LdapConstants.LDAP_GROUPS_NAME);
        }
        if (remove2) {
            set.add(LdapConstants.POSIX_GROUPS_NAME);
        }
    }

    private int getLdapSearchScope() {
        String scope = this.options.getScope();
        if ("object".equals(scope)) {
            return 0;
        }
        if ("onelevel".equals(scope)) {
            return 1;
        }
        if ("subtree".equals(scope) || scope == null) {
            return 2;
        }
        throw new IllegalArgumentException("Invalid search scope " + scope);
    }

    static {
        $assertionsDisabled = !LdapSearch.class.desiredAssertionStatus();
        log = Log.getLog(LdapSearch.class);
    }
}
