package com.evolveum.polygon.connector.ldap.ad;

import com.evolveum.polygon.connector.ldap.LdapConstants;
import com.evolveum.polygon.connector.ldap.LdapUtil;
import com.evolveum.polygon.connector.ldap.ad.AdConstants;
import com.evolveum.polygon.connector.ldap.ad.AdUserParametersHandler;
import com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator;
import java.io.UnsupportedEncodingException;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.directory.api.ldap.model.entry.Attribute;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException;
import org.identityconnectors.framework.common.objects.AttributeInfoBuilder;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassInfoBuilder;
import org.identityconnectors.framework.common.objects.OperationalAttributes;

/* loaded from: input_file:com/evolveum/polygon/connector/ldap/ad/AdSchemaTranslator.class */
public class AdSchemaTranslator extends AbstractSchemaTranslator<AdLdapConfiguration> {
    private static final Log LOG = Log.getLog(AdSchemaTranslator.class);
    private static final String[] OPERATIONAL_ATTRIBUTE_NAMES = {"distinguishedname", "dscorepropagationdata", "allowedattributes", "allowedattributeseffective", "allowedchildclasses", "allowedchildclasseseffective", "replpropertymetadata", "usnchanged", "usncreated", "whenchanged", "whencreated"};
    private static final String[] OPTIONAL_TOP_ATTRIBUTES = {"ntsecuritydescriptor", "instancetype", "objectcategory"};
    private static final ObjectClass FSP_OBJECT_CLASS = new ObjectClass("foreignSecurityPrincipal");
    private static final Pattern FSP_DN_PATTERN = Pattern.compile("^CN=(.*),CN=ForeignSecurityPrincipals,DC=.*", 2);
    private AttributeType guidAttributeType;

    public AdSchemaTranslator(SchemaManager schemaManager, AdLdapConfiguration adLdapConfiguration) {
        super(schemaManager, adLdapConfiguration);
        this.guidAttributeType = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public void extendObjectClassDefinition(ObjectClassInfoBuilder objectClassInfoBuilder, org.apache.directory.api.ldap.model.schema.ObjectClass objectClass) {
        super.extendObjectClassDefinition(objectClassInfoBuilder, objectClass);
        if (getConfiguration().isTweakSchema() && (isUserObjectClass(objectClass.getName()) || isGroupObjectClass(objectClass.getName()))) {
            AttributeInfoBuilder attributeInfoBuilder = new AttributeInfoBuilder(AdConstants.ATTRIBUTE_SAM_ACCOUNT_NAME_NAME);
            attributeInfoBuilder.setType(String.class);
            objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder.build());
            AttributeInfoBuilder attributeInfoBuilder2 = new AttributeInfoBuilder(AdConstants.ATTRIBUTE_OBJECT_SID_NAME);
            attributeInfoBuilder2.setType(String.class);
            attributeInfoBuilder2.setCreateable(false);
            attributeInfoBuilder2.setUpdateable(false);
            objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder2.build());
        }
        if (!getConfiguration().isRawUserAccountControlAttribute()) {
            AttributeInfoBuilder attributeInfoBuilder3 = new AttributeInfoBuilder(OperationalAttributes.ENABLE_NAME);
            attributeInfoBuilder3.setType(Boolean.TYPE);
            objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder3.build());
            for (AdConstants.UAC uac : AdConstants.UAC.values()) {
                AttributeInfoBuilder attributeInfoBuilder4 = new AttributeInfoBuilder(uac.name());
                attributeInfoBuilder4.setType(Boolean.TYPE);
                attributeInfoBuilder4.setUpdateable(!uac.isReadOnly());
                objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder4.build());
            }
        }
        if (getConfiguration().isRawUserParametersAttribute() || !isUserObjectClass(objectClass.getName())) {
            return;
        }
        for (AdUserParametersHandler.UserParametersAttributes userParametersAttributes : AdUserParametersHandler.UserParametersAttributes.values()) {
            AttributeInfoBuilder attributeInfoBuilder5 = new AttributeInfoBuilder(userParametersAttributes.getName());
            attributeInfoBuilder5.setType(String.class);
            objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder5.build());
            if (userParametersAttributes.getType().equals(AdUserParametersHandler.UserParametersValueTypes.STRING_VALUE)) {
                AttributeInfoBuilder attributeInfoBuilder6 = new AttributeInfoBuilder(userParametersAttributes.getName() + "W");
                attributeInfoBuilder6.setType(String.class);
                objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder6.build());
            }
        }
        for (AdUserParametersHandler.CtxCfgFlagsBitValues ctxCfgFlagsBitValues : AdUserParametersHandler.CtxCfgFlagsBitValues.values()) {
            AttributeInfoBuilder attributeInfoBuilder7 = new AttributeInfoBuilder(ctxCfgFlagsBitValues.name());
            attributeInfoBuilder7.setType(Boolean.class);
            objectClassInfoBuilder.addAttributeInfo(attributeInfoBuilder7.build());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public void setAttributeMultiplicityAndPermissions(AttributeType attributeType, String str, AttributeInfoBuilder attributeInfoBuilder) {
        super.setAttributeMultiplicityAndPermissions(attributeType, str, attributeInfoBuilder);
        if (ArrayUtils.contains(OPTIONAL_TOP_ATTRIBUTES, attributeType.getName().toLowerCase())) {
            attributeInfoBuilder.setRequired(false);
        }
        if (getConfiguration().isAddDefaultObjectCategory() && AdConstants.ATTRIBUTE_OBJECT_CATEGORY_NAME.equals(attributeType.getName())) {
            attributeInfoBuilder.setRequired(false);
        }
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public AttributeType toLdapAttribute(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass, String str) {
        return (getConfiguration().isRawUserAccountControlAttribute() || !str.equals(OperationalAttributes.ENABLE_NAME)) ? super.toLdapAttribute(objectClass, str) : super.toLdapAttribute(objectClass, AdConstants.ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public Object toConnIdValue(String str, Value value, String str2, AttributeType attributeType) {
        return AdConstants.ATTRIBUTE_OBJECT_SID_NAME.equals(str2) ? sidToString(value.getBytes()) : super.toConnIdValue(str, value, str2, attributeType);
    }

    private String sidToString(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        if (bArr.length < 8) {
            throw new InvalidAttributeValueException("Wrong SID syntax, expected at least 8 bytes, but got " + bArr.length + " bytes");
        }
        StringBuilder sb = new StringBuilder("S-1");
        byte b = bArr[0];
        if (b != 1) {
            throw new InvalidAttributeValueException("Unexpected SID revision: " + b);
        }
        byte b2 = bArr[1];
        decodeSidAuthority(sb, bArr, 2);
        for (int i = 0; i < b2; i++) {
            decodeSidSubauthority(sb, bArr, 8 + (4 * i));
        }
        return sb.toString();
    }

    private void decodeSidAuthority(StringBuilder sb, byte[] bArr, int i) {
        long j = 0;
        for (int i2 = i; i2 < i + 6; i2++) {
            j = (j << 8) | (bArr[i2] & 255);
        }
        sb.append("-").append(j);
    }

    private void decodeSidSubauthority(StringBuilder sb, byte[] bArr, int i) {
        long j = 0;
        for (int i2 = i + 3; i2 >= i; i2--) {
            j = (j << 8) | (bArr[i2] & 255);
        }
        sb.append("-").append(j);
    }

    public boolean isFSPObjectClass(ObjectClass objectClass) {
        return FSP_OBJECT_CLASS.equals(objectClass);
    }

    public boolean isFSPDn(String str) {
        return FSP_DN_PATTERN.matcher(str).matches();
    }

    public String resolveMemberDn(String str) {
        Matcher matcher = FSP_DN_PATTERN.matcher(str);
        return matcher.matches() ? getSidDn(matcher.group(1)) : str;
    }

    public String getSidDn(String str) {
        return "<SID=" + str + ">";
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public Value toLdapIdentifierValue(AttributeType attributeType, String str) {
        if (isGuid(attributeType)) {
            str = parseGuidFromDashedNotation(str);
        }
        return super.toLdapIdentifierValue(attributeType, str);
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public String toConnIdIdentifierValue(Value value, String str, AttributeType attributeType) {
        String connIdIdentifierValue = super.toConnIdIdentifierValue(value, str, attributeType);
        if (isGuid(attributeType)) {
            connIdIdentifierValue = formatGuidToDashedNotation(connIdIdentifierValue);
        }
        return connIdIdentifierValue;
    }

    private boolean isGuid(AttributeType attributeType) {
        return attributeType.getName().equalsIgnoreCase(AdConstants.ATTRIBUTE_OBJECT_GUID_NAME);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public void extendConnectorObject(ConnectorObjectBuilder connectorObjectBuilder, Entry entry, String str) {
        Attribute attribute;
        super.extendConnectorObject(connectorObjectBuilder, entry, str);
        if (!getConfiguration().isRawUserAccountControlAttribute()) {
            Integer integerAttribute = LdapUtil.getIntegerAttribute(entry, AdConstants.ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME, null);
            if (integerAttribute != null) {
                if ((integerAttribute.intValue() & AdConstants.UAC.ADS_UF_ACCOUNTDISABLE.getBit()) == 0) {
                    connectorObjectBuilder.addAttribute(OperationalAttributes.ENABLE_NAME, new Object[]{Boolean.TRUE});
                } else {
                    connectorObjectBuilder.addAttribute(OperationalAttributes.ENABLE_NAME, new Object[]{Boolean.FALSE});
                }
                for (AdConstants.UAC uac : AdConstants.UAC.values()) {
                    if ((integerAttribute.intValue() & uac.getBit()) == 0) {
                        connectorObjectBuilder.addAttribute(uac.name(), new Object[]{Boolean.FALSE});
                    } else {
                        connectorObjectBuilder.addAttribute(uac.name(), new Object[]{Boolean.TRUE});
                    }
                }
            } else if (isUserObjectClass(str)) {
                connectorObjectBuilder.addAttribute(OperationalAttributes.ENABLE_NAME, new Object[]{Boolean.FALSE});
            }
        }
        if (getConfiguration().isRawUserParametersAttribute() || !isUserObjectClass(str) || (attribute = entry.get(AdUserParametersHandler.USER_PARAMETERS_LDAP_ATTR_NAME)) == null) {
            return;
        }
        AdUserParametersHandler adUserParametersHandler = new AdUserParametersHandler();
        try {
            adUserParametersHandler.setUserParameters(attribute.getString());
            try {
                connectorObjectBuilder.addAttributes(adUserParametersHandler.toIcf());
                connectorObjectBuilder.addAttribute(AdUserParametersHandler.USER_PARAMETERS_LDAP_ATTR_NAME, new Object[]{adUserParametersHandler.getUserParameters()});
            } catch (AdUserParametersHandlerException e) {
                LOG.error(e, "Could not parse userParameters to icf Attributes of entry with DN " + entry.getDn(), new Object[0]);
                throw new InvalidAttributeValueException("Could not parse userParameters to icf Attributes for entry with dn " + entry.getDn(), e);
            }
        } catch (LdapInvalidAttributeValueException e2) {
            throw new InvalidAttributeValueException(e2);
        }
    }

    public boolean isUserObjectClass(String str) {
        return getConfiguration().getUserObjectClass().equals(str);
    }

    public boolean isGroupObjectClass(String str) {
        return getConfiguration().getGroupObjectClass().equals(str);
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    protected Value toLdapPasswordValue(AttributeType attributeType, Object obj) {
        String str;
        if (obj instanceof String) {
            str = (String) obj;
        } else {
            if (!(obj instanceof GuardedString)) {
                throw new IllegalArgumentException("Password must be string or GuardedString, but it was " + obj.getClass());
            }
            final String[] strArr = new String[1];
            ((GuardedString) obj).access(new GuardedString.Accessor() { // from class: com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator.1
                public void access(char[] cArr) {
                    strArr[0] = new String(cArr);
                }
            });
            str = strArr[0];
        }
        try {
            try {
                return new Value(attributeType, ("\"" + str + "\"").getBytes("UTF-16LE"));
            } catch (LdapInvalidAttributeValueException e) {
                throw new IllegalArgumentException("Invalid value for attribute " + attributeType.getName() + ": " + e.getMessage() + "; attributeType=" + attributeType, e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new IllegalStateException("Error converting password to UTF-16: " + e2.getMessage(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public boolean isBinarySyntax(String str) {
        if (str == null) {
            return false;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 678118861:
                if (str.equals(LdapConstants.SYNTAX_AD_ADSTYPE_OCTET_STRING)) {
                    z = false;
                    break;
                }
                break;
            case 678118866:
                if (str.equals(LdapConstants.SYNTAX_AD_ADSTYPE_NT_SECURITY_DESCRIPTOR)) {
                    z = true;
                    break;
                }
                break;
            case 678118868:
                if (str.equals(LdapConstants.SYNTAX_AD_STRING_SID)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                return true;
            default:
                return super.isBinarySyntax(str);
        }
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public boolean isBinaryAttribute(String str) {
        if (AdConstants.ATTRIBUTE_NT_SECURITY_DESCRIPTOR.equalsIgnoreCase(str) || AdConstants.ATTRIBUTE_UNICODE_PWD_NAME.equalsIgnoreCase(str)) {
            return true;
        }
        return super.isBinaryAttribute(str);
    }

    public Dn getGuidDn(String str) {
        return toSchemaAwareDn("<GUID=" + str + ">");
    }

    public String getGuidAsDashedString(Entry entry) {
        return formatGuidToDashedNotation(super.toConnIdIdentifierValue(entry.get(AdConstants.ATTRIBUTE_OBJECT_GUID_NAME).get(), AdConstants.ATTRIBUTE_OBJECT_GUID_NAME, getGuidAttributeType()));
    }

    private AttributeType getGuidAttributeType() {
        if (this.guidAttributeType == null) {
            this.guidAttributeType = getSchemaManager().getAttributeType(AdConstants.ATTRIBUTE_OBJECT_GUID_NAME);
        }
        return this.guidAttributeType;
    }

    public String formatGuidToDashedNotation(String str) {
        if (str == null) {
            return null;
        }
        if (str.length() != 32) {
            throw new InvalidAttributeValueException("Unexpected GUID format: " + str);
        }
        return str.substring(6, 8) + str.substring(4, 6) + str.substring(2, 4) + str.substring(0, 2) + '-' + str.substring(10, 12) + str.substring(8, 10) + '-' + str.substring(14, 16) + str.substring(12, 14) + '-' + str.substring(16, 20) + '-' + str.substring(20, 32);
    }

    public String parseGuidFromDashedNotation(String str) {
        if (str == null) {
            return null;
        }
        if (str.length() != 36) {
            throw new InvalidAttributeValueException("Unexpected GUID format: " + str);
        }
        return str.substring(6, 8) + str.substring(4, 6) + str.substring(2, 4) + str.substring(0, 2) + str.substring(11, 13) + str.substring(9, 11) + str.substring(16, 18) + str.substring(14, 16) + str.substring(19, 23) + str.substring(24, 36);
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    public String getDn(Entry entry) {
        Attribute attribute = entry.get("distinguishedName");
        if (attribute == null) {
            return super.getDn(entry);
        }
        try {
            return attribute.getString();
        } catch (LdapInvalidAttributeValueException e) {
            LOG.warn("Error getting sting value from {0}, falling back to entry DN: {1}", new Object[]{attribute, e.getMessage(), e});
            return super.getDn(entry);
        }
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    protected boolean isConfiguredAsOperational(String str) {
        if (str.toLowerCase().startsWith("msds-")) {
            return true;
        }
        for (String str2 : OPERATIONAL_ATTRIBUTE_NAMES) {
            if (str2.equalsIgnoreCase(str)) {
                return true;
            }
        }
        for (String str3 : getConfiguration().getOperationalAttributes()) {
            if (str3.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    protected boolean isVirtualAttribute(String str) {
        return AdConstants.UAC.forName(str) != null;
    }

    @Override // com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator
    protected boolean isValidAttributeToGet(String str, AttributeType attributeType) {
        List<String> extension;
        if (isVirtualAttribute(str)) {
            return false;
        }
        if (attributeType == null || (extension = attributeType.getExtension("X-SEARCH-FLAGS")) == null) {
            return true;
        }
        LOG.info("X-SEARCH-FLAGS on {0}: {1}", new Object[]{str, extension});
        return true;
    }
}
