package com.evolveum.polygon.connector.ldap.ad;

import com.evolveum.polygon.common.SchemaUtil;
import com.evolveum.polygon.connector.ldap.AbstractLdapConfiguration;
import com.evolveum.polygon.connector.ldap.AbstractLdapConnector;
import com.evolveum.polygon.connector.ldap.ErrorHandler;
import com.evolveum.polygon.connector.ldap.LdapUtil;
import com.evolveum.polygon.connector.ldap.ad.AdConstants;
import com.evolveum.polygon.connector.ldap.schema.AbstractSchemaTranslator;
import com.evolveum.polygon.connector.ldap.schema.LdapFilterTranslator;
import com.evolveum.polygon.connector.ldap.search.DefaultSearchStrategy;
import com.evolveum.polygon.connector.ldap.search.SearchStrategy;
import com.evolveum.polygon.connector.ldap.sync.ModifyTimestampSyncStrategy;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.directory.api.ldap.model.constants.SchemaConstants;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.message.ModifyResponse;
import org.apache.directory.api.ldap.model.message.ResultCodeEnum;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.LdapSyntax;
import org.apache.directory.api.ldap.model.schema.MatchingRule;
import org.apache.directory.api.ldap.model.schema.ObjectClass;
import org.apache.directory.api.ldap.model.schema.SchemaErrorHandler;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.ldap.model.schema.SchemaObject;
import org.apache.directory.api.ldap.model.schema.comparators.NormalizingComparator;
import org.apache.directory.api.ldap.model.schema.comparators.StringComparator;
import org.apache.directory.api.ldap.model.schema.normalizers.DeepTrimToLowerNormalizer;
import org.apache.directory.api.ldap.model.schema.registries.AttributeTypeRegistry;
import org.apache.directory.api.ldap.model.schema.registries.MatchingRuleRegistry;
import org.apache.directory.api.ldap.model.schema.registries.ObjectClassRegistry;
import org.apache.directory.api.ldap.model.schema.registries.Registries;
import org.apache.directory.api.ldap.model.schema.registries.Schema;
import org.apache.directory.api.ldap.model.schema.registries.SchemaObjectRegistry;
import org.apache.directory.api.ldap.model.schema.syntaxCheckers.DirectoryStringSyntaxChecker;
import org.apache.directory.api.ldap.model.schema.syntaxCheckers.OctetStringSyntaxChecker;
import org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException;
import org.identityconnectors.framework.common.exceptions.UnknownUidException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeDelta;
import org.identityconnectors.framework.common.objects.AttributeDeltaBuilder;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationalAttributeInfos;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.spi.Configuration;
import org.identityconnectors.framework.spi.ConnectorClass;

@ConnectorClass(displayNameKey = "connector.ldap.ad.display", configurationClass = AdLdapConfiguration.class)
/* loaded from: input_file:WEB-INF/lib/connector-ldap-3.4.jar:com/evolveum/polygon/connector/ldap/ad/AdLdapConnector.class */
public class AdLdapConnector extends AbstractLdapConnector<AdLdapConfiguration> {
    private static final Log LOG = Log.getLog(AdLdapConnector.class);
    private GlobalCatalogConnectionManager globalCatalogConnectionManager;

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector, org.identityconnectors.framework.spi.Connector
    public void init(Configuration configuration) {
        super.init(configuration);
        this.globalCatalogConnectionManager = new GlobalCatalogConnectionManager(getConfiguration(), getErrorHandler(), getConnectionLog());
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector, org.identityconnectors.framework.spi.Connector
    public void dispose() {
        super.dispose();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public void extraTests() {
        super.extraTests();
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected AbstractSchemaTranslator<AdLdapConfiguration> createSchemaTranslator() {
        return new AdSchemaTranslator(getSchemaManager(), getConfiguration());
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected LdapFilterTranslator<AdLdapConfiguration> createLdapFilterTranslator(ObjectClass objectClass) {
        return new AdLdapFilterTranslator(getSchemaTranslator2(), objectClass);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public DefaultSchemaManager createBlankSchemaManager(LdapNetworkConnection ldapNetworkConnection, boolean z) throws LdapException {
        if (!getConfiguration().isNativeAdSchema()) {
            return super.createBlankSchemaManager(ldapNetworkConnection, z);
        }
        AdSchemaLoader adSchemaLoader = new AdSchemaLoader(ldapNetworkConnection);
        if (LOG.isOk()) {
            LOG.ok("AD Schema loader: {0} schemas ({1} enabled)", Integer.valueOf(adSchemaLoader.getAllSchemas().size()), Integer.valueOf(adSchemaLoader.getAllEnabled().size()));
            for (Schema schema : adSchemaLoader.getAllSchemas()) {
                LOG.ok("AD Schema loader: schema {0}: enabled={1}, {2} objects", schema.getSchemaName(), Boolean.valueOf(schema.isEnabled()), Integer.valueOf(schema.getContent().size()));
            }
        }
        return new AdSchemaManager(adSchemaLoader);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    /* renamed from: getSchemaTranslator, reason: merged with bridge method [inline-methods] */
    public AbstractSchemaTranslator<AdLdapConfiguration> getSchemaTranslator2() {
        return (AdSchemaTranslator) super.getSchemaTranslator2();
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected SchemaErrorHandler createSchemaErrorHandler() {
        return new MutedLoggingSchemaErrorHandler();
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected ErrorHandler createErrorHandler() {
        return new AdErrorHandler();
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected boolean isLogSchemaErrors() {
        return false;
    }

    /* JADX WARN: Type inference failed for: r0v9, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector, org.identityconnectors.framework.spi.operations.CreateOp
    public Uid create(org.identityconnectors.framework.common.objects.ObjectClass objectClass, Set<Attribute> set, OperationOptions operationOptions) {
        if (getConfiguration().isAllowFSPProcessing()) {
            set = prepareFSPAttributes(set);
            if (getSchemaTranslator2().isFSPObjectClass(objectClass)) {
                return new Uid(AttributeUtil.getNameFromAttributes(set).getNameValue());
            }
        }
        return super.create(objectClass, set, operationOptions);
    }

    private Set<Attribute> prepareFSPAttributes(Set<Attribute> set) {
        HashSet hashSet = new HashSet();
        for (Attribute attribute : set) {
            if (attribute.is(getConfiguration().getGroupObjectMemberAttribute())) {
                hashSet.add(new AttributeBuilder().setName(getConfiguration().getGroupObjectMemberAttribute()).addValue((List) attribute.getValue().stream().map(obj -> {
                    return getSchemaTranslator2().resolveMemberDn(obj.toString());
                }).collect(Collectors.toList())).build());
            } else {
                hashSet.add(attribute);
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v7, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public Set<Attribute> prepareCreateConnIdAttributes(org.identityconnectors.framework.common.objects.ObjectClass objectClass, ObjectClass objectClass2, Set<Attribute> set) {
        if (getConfiguration().isRawUserAccountControlAttribute() || !getSchemaTranslator2().isUserObjectClass(objectClass2.getName())) {
            return super.prepareCreateConnIdAttributes(objectClass, objectClass2, set);
        }
        HashSet<AdConstants.UAC> hashSet = new HashSet();
        HashSet<AdConstants.UAC> hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (Attribute attribute : set) {
            String name = attribute.getName();
            if (name.equals(OperationalAttributes.ENABLE_NAME) || AdConstants.UAC.forName(name) != null) {
                AdConstants.UAC uac = (AdConstants.UAC) Enum.valueOf(AdConstants.UAC.class, name.equals(OperationalAttributes.ENABLE_NAME) ? AdConstants.UAC.ADS_UF_ACCOUNTDISABLE.name() : name);
                List<Object> value = attribute.getValue();
                if (value != null && value.size() > 0) {
                    Object obj = value.get(0);
                    if (obj instanceof Boolean) {
                        if (name.equals(OperationalAttributes.ENABLE_NAME)) {
                            obj = ((Boolean) obj).booleanValue() ? Boolean.FALSE : Boolean.TRUE;
                        }
                        if (((Boolean) obj).booleanValue()) {
                            hashSet.add(uac);
                        } else {
                            hashSet2.add(uac);
                        }
                    }
                }
            } else {
                hashSet3.add(attribute);
            }
        }
        Integer valueOf = Integer.valueOf(AdConstants.UAC.ADS_UF_NORMAL_ACCOUNT.getBit());
        for (AdConstants.UAC uac2 : hashSet) {
            if ((valueOf.intValue() & uac2.getBit()) == 0) {
                valueOf = Integer.valueOf(valueOf.intValue() + uac2.getBit());
            }
        }
        for (AdConstants.UAC uac3 : hashSet2) {
            if ((valueOf.intValue() & uac3.getBit()) != 0) {
                valueOf = Integer.valueOf(valueOf.intValue() - uac3.getBit());
            }
        }
        hashSet3.add(AttributeBuilder.build(AdConstants.ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME, valueOf));
        return hashSet3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public void prepareCreateLdapAttributes(ObjectClass objectClass, Entry entry) {
        super.prepareCreateLdapAttributes(objectClass, entry);
        if (getConfiguration().isAddDefaultObjectCategory()) {
            if (!(objectClass instanceof AdObjectClass)) {
                LOG.warn("Requested to add default object class, but native AD schema is not available for object class {0}", objectClass.getName());
                return;
            }
            if (LdapUtil.getStringAttribute(entry, AdConstants.ATTRIBUTE_OBJECT_CATEGORY_NAME) == null) {
                String defaultObjectCategory = ((AdObjectClass) objectClass).getDefaultObjectCategory();
                if (defaultObjectCategory == null) {
                    LOG.warn("Requested to add default object class, but there is no default object category definition in object class {0}", objectClass.getName());
                    return;
                }
                try {
                    entry.add(AdConstants.ATTRIBUTE_OBJECT_CATEGORY_NAME, defaultObjectCategory);
                } catch (LdapException e) {
                    throw new IllegalStateException("Error adding attribute objectCategory to entry: " + e.getMessage(), e);
                }
            }
        }
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector, org.identityconnectors.framework.spi.operations.UpdateDeltaOp
    public Set<AttributeDelta> updateDelta(org.identityconnectors.framework.common.objects.ObjectClass objectClass, Uid uid, Set<AttributeDelta> set, OperationOptions operationOptions) {
        boolean z = !getConfiguration().isRawUserAccountControlAttribute();
        boolean z2 = !getConfiguration().isRawUserParametersAttribute();
        if (z || z2) {
            Entry existingEntry = getExistingEntry(uid);
            if (z) {
                set = prepareUacDeltas(uid, set, existingEntry);
            }
            if (z2) {
                set = prepareUpDeltas(uid, set, existingEntry);
            }
        }
        if (getConfiguration().isAllowFSPProcessing()) {
            set = prepareFSPDeltas(set);
        }
        return super.updateDelta(objectClass, uid, set, operationOptions);
    }

    private Set<AttributeDelta> prepareUpDeltas(Uid uid, Set<AttributeDelta> set, Entry entry) {
        AdUserParametersHandler adUserParametersHandler = new AdUserParametersHandler();
        HashSet hashSet = new HashSet();
        org.apache.directory.api.ldap.model.entry.Attribute attribute = entry.get(AdUserParametersHandler.USER_PARAMETERS_LDAP_ATTR_NAME);
        if (attribute != null) {
            try {
                adUserParametersHandler.setUserParameters(attribute.getString());
            } catch (LdapInvalidAttributeValueException e) {
                throw new ConnectorException("The existing userparameters attribute in LDAP is not a string value, it is " + attribute.getAttributeType().getName(), e);
            }
        }
        for (AttributeDelta attributeDelta : set) {
            String name = attributeDelta.getName();
            if (AdUserParametersHandler.isUserParametersAttribute(name)) {
                LOG.ok("Applying deltas for userParameters attribute {0}", attributeDelta);
                try {
                    if (attributeDelta.getValuesToAdd() != null && !attributeDelta.getValuesToAdd().isEmpty()) {
                        adUserParametersHandler.toLdap(name, attributeDelta.getValuesToAdd().get(0));
                    }
                    if (attributeDelta.getValuesToReplace() != null) {
                        if (attributeDelta.getValuesToReplace().size() > 0) {
                            adUserParametersHandler.toLdap(name, attributeDelta.getValuesToReplace().get(0));
                        } else {
                            adUserParametersHandler.toLdap(name, null);
                        }
                    }
                    if (attributeDelta.getValuesToRemove() != null) {
                        adUserParametersHandler.toLdap(name, null);
                    }
                } catch (AdUserParametersHandlerException e2) {
                    throw new ConnectorException("There was an error while preparing Userparameters delta " + name, e2);
                }
            } else {
                hashSet.add(attributeDelta);
            }
        }
        String userParameters = adUserParametersHandler.getUserParameters();
        if (userParameters != null) {
            hashSet.add(AttributeDeltaBuilder.build(AdUserParametersHandler.USER_PARAMETERS_LDAP_ATTR_NAME, userParameters));
        }
        return hashSet;
    }

    private Entry getExistingEntry(Uid uid) {
        if (uid.getNameHintValue() == null) {
            throw new ConnectorException("Can not search for existing entry with null name-hint-value");
        }
        try {
            Entry searchSingleEntry = searchSingleEntry(getConnectionManager(), new Dn(uid.getNameHintValue()), null, SearchScope.OBJECT, null, "pre-read of entry values for binary attributes", null);
            LOG.ok("Pre-read entry for binary attributes:\n{0}", searchSingleEntry);
            if (searchSingleEntry == null) {
                throw new UnknownUidException("Cannot pre-read of entry for attribute binary attributes: " + uid);
            }
            return searchSingleEntry;
        } catch (LdapInvalidDnException e) {
            throw new InvalidAttributeValueException("Cannot pre-read of entry for attribute binary attributes: " + uid);
        }
    }

    private Set<AttributeDelta> prepareUacDeltas(Uid uid, Set<AttributeDelta> set, Entry entry) {
        HashSet<AdConstants.UAC> hashSet = new HashSet();
        HashSet<AdConstants.UAC> hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        for (AttributeDelta attributeDelta : set) {
            String name = attributeDelta.getName();
            if (name.equals(OperationalAttributes.ENABLE_NAME) || AdConstants.UAC.forName(name) != null) {
                AdConstants.UAC uac = (AdConstants.UAC) Enum.valueOf(AdConstants.UAC.class, name.equals(OperationalAttributes.ENABLE_NAME) ? AdConstants.UAC.ADS_UF_ACCOUNTDISABLE.name() : name);
                List<Object> valuesToReplace = attributeDelta.getValuesToReplace();
                if (valuesToReplace != null && valuesToReplace.size() > 0) {
                    Object obj = valuesToReplace.get(0);
                    if (obj instanceof Boolean) {
                        if (name.equals(OperationalAttributes.ENABLE_NAME)) {
                            obj = ((Boolean) obj).booleanValue() ? new Boolean(false) : new Boolean(true);
                        }
                        if (((Boolean) obj).booleanValue()) {
                            hashSet.add(uac);
                        } else {
                            hashSet2.add(uac);
                        }
                    }
                }
            } else {
                hashSet3.add(attributeDelta);
            }
        }
        if (hashSet2.isEmpty() && hashSet.isEmpty()) {
            return set;
        }
        Integer integerAttribute = LdapUtil.getIntegerAttribute(entry, AdConstants.ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME, null);
        for (AdConstants.UAC uac2 : hashSet) {
            if ((integerAttribute.intValue() & uac2.getBit()) == 0) {
                integerAttribute = Integer.valueOf(integerAttribute.intValue() + uac2.getBit());
            }
        }
        for (AdConstants.UAC uac3 : hashSet2) {
            if ((integerAttribute.intValue() & uac3.getBit()) != 0) {
                integerAttribute = Integer.valueOf(integerAttribute.intValue() - uac3.getBit());
            }
        }
        hashSet3.add(AttributeDeltaBuilder.build(AdConstants.ATTRIBUTE_USER_ACCOUNT_CONTROL_NAME, integerAttribute));
        return hashSet3;
    }

    private Set<AttributeDelta> prepareFSPDeltas(Set<AttributeDelta> set) {
        HashSet hashSet = new HashSet();
        for (AttributeDelta attributeDelta : set) {
            if (!attributeDelta.is(getConfiguration().getGroupObjectMemberAttribute()) || attributeDelta.getValuesToAdd() == null) {
                hashSet.add(attributeDelta);
            } else {
                hashSet.add(new AttributeDeltaBuilder().setName(getConfiguration().getGroupObjectMemberAttribute()).addValueToAdd((List) attributeDelta.getValuesToAdd().stream().map(obj -> {
                    return getSchemaTranslator2().resolveMemberDn(obj.toString());
                }).collect(Collectors.toList())).build());
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public void addAttributeModification(Dn dn, List<Modification> list, ObjectClass objectClass, org.identityconnectors.framework.common.objects.ObjectClass objectClass2, AttributeDelta attributeDelta) {
        if (dn.getRdns().get(0).getAva().getType().equalsIgnoreCase(getSchemaTranslator2().toLdapAttribute(objectClass, attributeDelta.getName()).getName())) {
            return;
        }
        super.addAttributeModification(dn, list, objectClass, objectClass2, attributeDelta);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public SearchStrategy<AdLdapConfiguration> chooseSearchStrategy(org.identityconnectors.framework.common.objects.ObjectClass objectClass, ObjectClass objectClass2, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        SearchStrategy<AdLdapConfiguration> chooseSearchStrategy = super.chooseSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
        chooseSearchStrategy.setAttributeHandler(new AdAttributeHandler(chooseSearchStrategy));
        return chooseSearchStrategy;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public SearchStrategy<AdLdapConfiguration> getDefaultSearchStrategy(org.identityconnectors.framework.common.objects.ObjectClass objectClass, ObjectClass objectClass2, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        SearchStrategy<AdLdapConfiguration> defaultSearchStrategy = super.getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
        defaultSearchStrategy.setAttributeHandler(new AdAttributeHandler(defaultSearchStrategy));
        return defaultSearchStrategy;
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    /* JADX WARN: Type inference failed for: r0v22, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    /* JADX WARN: Type inference failed for: r0v49, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    /* JADX WARN: Type inference failed for: r0v65, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    /* JADX WARN: Type inference failed for: r0v78, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    /* JADX WARN: Type inference failed for: r0v96, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected SearchStrategy<AdLdapConfiguration> searchByUid(Uid uid, org.identityconnectors.framework.common.objects.ObjectClass objectClass, ObjectClass objectClass2, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        String singleStringNonBlankValue = SchemaUtil.getSingleStringNonBlankValue(uid);
        if (LdapUtil.isDnAttribute(getConfiguration().getUidAttribute()) || getSchemaTranslator2().isFSPDn(uid.getUidValue())) {
            return searchByDn(getSchemaTranslator2().toDn(singleStringNonBlankValue), objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (uid.getNameHint() != null) {
            Dn dn = getSchemaTranslator2().toDn(uid.getNameHint());
            SearchStrategy<AdLdapConfiguration> defaultSearchStrategy = getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
            defaultSearchStrategy.setExplicitConnection(getConnectionManager().getConnection(dn, operationOptions));
            Dn guidDn = getSchemaTranslator2().getGuidDn(singleStringNonBlankValue);
            try {
                defaultSearchStrategy.search(guidDn, applyAdditionalSearchFilterNode(null), SearchScope.OBJECT, determineAttributesToGet(objectClass2, operationOptions));
                if (defaultSearchStrategy.getNumberOfEntriesFound() > 0) {
                    return defaultSearchStrategy;
                }
            } catch (LdapException e) {
                throw processLdapException("Error searching for DN '" + guidDn + "'", e);
            }
        }
        if ("none".equals(getConfiguration().getGlobalCatalogStrategy())) {
            SearchStrategy<AdLdapConfiguration> defaultSearchStrategy2 = getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
            try {
                defaultSearchStrategy2.search(getSchemaTranslator2().getGuidDn(singleStringNonBlankValue), applyAdditionalSearchFilterNode(LdapUtil.createAllSearchFilter()), SearchScope.OBJECT, determineAttributesToGet(objectClass2, operationOptions));
                if (defaultSearchStrategy2.getNumberOfEntriesFound() > 0) {
                    return defaultSearchStrategy2;
                }
            } catch (LdapException e2) {
                throw processLdapException("Error searching for GUID '" + singleStringNonBlankValue + "'", e2);
            }
        } else if ("read".equals(getConfiguration().getGlobalCatalogStrategy())) {
            DefaultSearchStrategy defaultSearchStrategy3 = new DefaultSearchStrategy(this.globalCatalogConnectionManager, getConfiguration(), getSchemaTranslator2(), objectClass, objectClass2, resultsHandler, getErrorHandler(), getConnectionLog(), operationOptions);
            try {
                defaultSearchStrategy3.search(getSchemaTranslator2().getGuidDn(singleStringNonBlankValue), applyAdditionalSearchFilterNode(LdapUtil.createAllSearchFilter()), SearchScope.OBJECT, determineAttributesToGet(objectClass2, operationOptions));
                if (defaultSearchStrategy3.getNumberOfEntriesFound() > 0) {
                    return defaultSearchStrategy3;
                }
            } catch (LdapException e3) {
                throw processLdapException("Error searching for GUID '" + singleStringNonBlankValue + "'", e3);
            }
        } else {
            if (!AdLdapConfiguration.GLOBAL_CATALOG_STRATEGY_RESOLVE.equals(getConfiguration().getGlobalCatalogStrategy())) {
                throw new IllegalStateException("Unknown global catalog strategy '" + getConfiguration().getGlobalCatalogStrategy() + "'");
            }
            Dn guidDn2 = getSchemaTranslator2().getGuidDn(singleStringNonBlankValue);
            Entry searchSingleEntry = searchSingleEntry(this.globalCatalogConnectionManager, guidDn2, LdapUtil.createAllSearchFilter(), SearchScope.OBJECT, new String[]{AbstractLdapConfiguration.PSEUDO_ATTRIBUTE_DN_NAME}, "global catalog entry for GUID " + singleStringNonBlankValue, operationOptions);
            if (searchSingleEntry == null) {
                throw new UnknownUidException("Entry for GUID " + singleStringNonBlankValue + " was not found in global catalog");
            }
            LOG.ok("Resolved GUID {0} in glogbal catalog to DN {1}", singleStringNonBlankValue, searchSingleEntry.getDn());
            Dn dn2 = searchSingleEntry.getDn();
            SearchStrategy<AdLdapConfiguration> defaultSearchStrategy4 = getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
            defaultSearchStrategy4.setExplicitConnection(getConnectionManager().getConnection(dn2, operationOptions));
            try {
                defaultSearchStrategy4.search(guidDn2, applyAdditionalSearchFilterNode(null), SearchScope.OBJECT, determineAttributesToGet(objectClass2, operationOptions));
                if (defaultSearchStrategy4.getNumberOfEntriesFound() > 0) {
                    return defaultSearchStrategy4;
                }
            } catch (LdapException e4) {
                throw processLdapException("Error searching for DN '" + guidDn2 + "'", e4);
            }
        }
        if (!getConfiguration().isAllowBruteForceSearch()) {
            LOG.ok("Cannot find object with GUID {0} by using name hint or global catalog. Brute-force search is disabled. Found nothing.", singleStringNonBlankValue);
            return null;
        }
        LOG.ok("Cannot find object with GUID {0} by using name hint or global catalog. Resorting to brute-force search", singleStringNonBlankValue);
        Dn guidDn3 = getSchemaTranslator2().getGuidDn(singleStringNonBlankValue);
        String[] determineAttributesToGet = determineAttributesToGet(objectClass2, operationOptions);
        return (SearchStrategy) getConnectionManager().brutalSearch(ldapNetworkConnection -> {
            SearchStrategy<AdLdapConfiguration> defaultSearchStrategy5 = getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
            defaultSearchStrategy5.setExplicitConnection(ldapNetworkConnection);
            try {
                defaultSearchStrategy5.search(guidDn3, applyAdditionalSearchFilterNode(null), SearchScope.OBJECT, determineAttributesToGet);
                if (defaultSearchStrategy5.getNumberOfEntriesFound() > 0) {
                    return defaultSearchStrategy5;
                }
                return null;
            } catch (LdapException e5) {
                throw processLdapException("Error searching for DN '" + guidDn3 + "'", e5);
            }
        });
    }

    /* JADX WARN: Type inference failed for: r0v31, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    /* JADX WARN: Type inference failed for: r0v5, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected Dn resolveDn(org.identityconnectors.framework.common.objects.ObjectClass objectClass, Uid uid, OperationOptions operationOptions) {
        String uidValue = uid.getUidValue();
        if (uid.getNameHint() != null) {
            String nameHintValue = uid.getNameHintValue();
            Dn dn = getSchemaTranslator2().toDn(nameHintValue);
            LOG.ok("Resolvig DN by using name hint {0} and guid", dn, uidValue);
            Dn guidDn = getSchemaTranslator2().getGuidDn(uidValue);
            LOG.ok("Resolvig DN by search for {0} (no global catalog)", guidDn);
            Entry searchSingleEntry = searchSingleEntry(getConnectionManager(), null, guidDn, LdapUtil.createAllSearchFilter(), SearchScope.OBJECT, new String[]{AbstractLdapConfiguration.PSEUDO_ATTRIBUTE_DN_NAME}, "LDAP entry for GUID " + uidValue, dn, operationOptions);
            if (searchSingleEntry != null) {
                return searchSingleEntry.getDn();
            }
            LOG.ok("Resolvig DN for name hint {0} returned no object", nameHintValue);
        }
        Dn guidDn2 = getSchemaTranslator2().getGuidDn(uidValue);
        if ("none".equals(getConfiguration().getGlobalCatalogStrategy())) {
            LOG.ok("Resolvig DN by search for {0} (no global catalog)", guidDn2);
            Entry searchSingleEntry2 = searchSingleEntry(getConnectionManager(), guidDn2, LdapUtil.createAllSearchFilter(), SearchScope.OBJECT, new String[]{AbstractLdapConfiguration.PSEUDO_ATTRIBUTE_DN_NAME}, "LDAP entry for GUID " + uidValue, operationOptions);
            if (searchSingleEntry2 == null) {
                throw new UnknownUidException("Entry for GUID " + uidValue + " was not found");
            }
            return searchSingleEntry2.getDn();
        }
        LOG.ok("Resolvig DN by search for {0} (global catalog)", guidDn2);
        Entry searchSingleEntry3 = searchSingleEntry(this.globalCatalogConnectionManager, guidDn2, LdapUtil.createAllSearchFilter(), SearchScope.OBJECT, new String[]{AbstractLdapConfiguration.PSEUDO_ATTRIBUTE_DN_NAME}, "LDAP entry for GUID " + uidValue, operationOptions);
        if (searchSingleEntry3 == null) {
            throw new UnknownUidException("Entry for GUID " + uidValue + " was not found in global catalog");
        }
        LOG.ok("Resolved GUID {0} in glogbal catalog to DN {1}", uidValue, searchSingleEntry3.getDn());
        return searchSingleEntry3.getDn();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public void postUpdate(org.identityconnectors.framework.common.objects.ObjectClass objectClass, Uid uid, Set<AttributeDelta> set, OperationOptions operationOptions, Dn dn, ObjectClass objectClass2, List<Modification> list) {
        super.postUpdate(objectClass, uid, set, operationOptions, dn, objectClass2, list);
        AttributeDelta findDelta = SchemaUtil.findDelta(set, OperationalAttributes.FORCE_PASSWORD_CHANGE_NAME);
        if (findDelta == null) {
            if (getConfiguration().isForcePasswordChangeAtNextLogon() && isUserPasswordChanged(set, objectClass2)) {
                ArrayList arrayList = new ArrayList();
                addAttributeModification(dn, arrayList, objectClass2, objectClass, AttributeDeltaBuilder.build(AdConstants.ATTRIBUTE_PWD_LAST_SET_NAME, "0"));
                modify(dn, arrayList, operationOptions);
                return;
            }
            return;
        }
        Boolean bool = (Boolean) SchemaUtil.getSingleReplaceValue(findDelta, Boolean.class);
        if (bool == null || !bool.booleanValue()) {
            return;
        }
        ArrayList arrayList2 = new ArrayList();
        addAttributeModification(dn, arrayList2, objectClass2, objectClass, AttributeDeltaBuilder.build(AdConstants.ATTRIBUTE_PWD_LAST_SET_NAME, "0"));
        modify(dn, arrayList2, operationOptions);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [com.evolveum.polygon.connector.ldap.ad.AdSchemaTranslator] */
    private boolean isUserPasswordChanged(Set<AttributeDelta> set, ObjectClass objectClass) {
        if (!getSchemaTranslator2().isUserObjectClass(objectClass.getName())) {
            return false;
        }
        Iterator<AttributeDelta> it = set.iterator();
        while (it.hasNext()) {
            if (OperationalAttributeInfos.PASSWORD.is(it.next().getName())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public RuntimeException processModifyResult(Dn dn, List<Modification> list, ModifyResponse modifyResponse) {
        if (!ResultCodeEnum.CONSTRAINT_VIOLATION.equals(modifyResponse.getLdapResult().getResultCode()) || !modifyResponse.getLdapResult().getDiagnosticMessage().contains(getConfiguration().getPasswordAttribute())) {
            return super.processModifyResult(dn, list, modifyResponse);
        }
        InvalidAttributeValueException invalidAttributeValueException = new InvalidAttributeValueException("Error modifying LDAP entry " + dn + ": " + LdapUtil.formatLdapMessage(modifyResponse.getLdapResult()));
        invalidAttributeValueException.setAffectedAttributeNames(Collections.singleton(OperationalAttributes.PASSWORD_NAME));
        throw invalidAttributeValueException;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    public void patchSchemaManager(SchemaManager schemaManager) {
        super.patchSchemaManager(schemaManager);
        if (getConfiguration().isTweakSchema()) {
            MatchingRuleRegistry matchingRuleRegistry = schemaManager.getRegistries().getMatchingRuleRegistry();
            MatchingRule matchingRule = matchingRuleRegistry.get("2.5.13.2");
            if (matchingRule == null) {
                MatchingRule matchingRule2 = new MatchingRule("2.5.13.2");
                matchingRule2.setSyntaxOid(SchemaConstants.DIRECTORY_STRING_SYNTAX);
                DeepTrimToLowerNormalizer deepTrimToLowerNormalizer = new DeepTrimToLowerNormalizer("2.5.13.2");
                matchingRule2.setNormalizer(deepTrimToLowerNormalizer);
                matchingRule2.setLdapComparator(new NormalizingComparator(matchingRule2.getOid(), deepTrimToLowerNormalizer, new StringComparator(matchingRule2.getOid())));
                matchingRule = matchingRule2;
                register(matchingRuleRegistry, matchingRule2);
            }
            fixAttribute(schemaManager, "2.5.4.3", "cn", createStringSyntax(SchemaConstants.DIRECTORY_STRING_SYNTAX), matchingRule, false);
            fixAttribute(schemaManager, "0.9.2342.19200300.100.1.25", "dc", createStringSyntax(SchemaConstants.DIRECTORY_STRING_SYNTAX), matchingRule, false);
            fixAttribute(schemaManager, "2.5.4.11", "ou", createStringSyntax(SchemaConstants.DIRECTORY_STRING_SYNTAX), matchingRule, false);
            fixAttribute(schemaManager, AdConstants.ATTRIBUTE_UNICODE_PWD_OID, AdConstants.ATTRIBUTE_UNICODE_PWD_NAME, createBinarySyntax(SchemaConstants.OCTET_STRING_SYNTAX), null, true);
        }
    }

    private LdapSyntax createStringSyntax(String str) {
        LdapSyntax ldapSyntax = new LdapSyntax(str);
        ldapSyntax.setHumanReadable(true);
        ldapSyntax.setSyntaxChecker(DirectoryStringSyntaxChecker.INSTANCE);
        return ldapSyntax;
    }

    private LdapSyntax createBinarySyntax(String str) {
        LdapSyntax ldapSyntax = new LdapSyntax(str);
        ldapSyntax.setHumanReadable(false);
        ldapSyntax.setSyntaxChecker(OctetStringSyntaxChecker.INSTANCE);
        return ldapSyntax;
    }

    private void fixAttribute(SchemaManager schemaManager, String str, String str2, LdapSyntax ldapSyntax, MatchingRule matchingRule, boolean z) {
        AttributeType attributeType;
        Registries registries = schemaManager.getRegistries();
        AttributeTypeRegistry attributeTypeRegistry = registries.getAttributeTypeRegistry();
        ObjectClassRegistry objectClassRegistry = registries.getObjectClassRegistry();
        AttributeType attributeType2 = attributeTypeRegistry.get(str);
        if (z || attributeType2 == null || attributeType2.getEquality() == null) {
            if (attributeType2 != null) {
                try {
                    attributeTypeRegistry.unregister((AttributeTypeRegistry) attributeType2);
                    attributeType = new AttributeType(attributeType2.getOid());
                    attributeType.setNames(attributeType2.getNames());
                } catch (LdapException e) {
                    throw new IllegalStateException("Error unregistering " + attributeType2 + ": " + e.getMessage(), e);
                }
            } else {
                attributeType = new AttributeType(str);
                attributeType.setNames(str2);
            }
            attributeType.setSyntax(ldapSyntax);
            if (matchingRule != null) {
                attributeType.setEquality(matchingRule);
            }
            attributeType.setSingleValued(true);
            LOG.ok("Registering replacement attributeType: {0}", attributeType);
            register(attributeTypeRegistry, attributeType);
            fixObjectClasses(objectClassRegistry, attributeType2, attributeType);
        }
    }

    private void fixObjectClasses(ObjectClassRegistry objectClassRegistry, AttributeType attributeType, AttributeType attributeType2) {
        for (ObjectClass objectClass : objectClassRegistry) {
            fixOblectClassAttributes(objectClass.getMayAttributeTypes(), attributeType, attributeType2);
            fixOblectClassAttributes(objectClass.getMustAttributeTypes(), attributeType, attributeType2);
        }
    }

    private void fixOblectClassAttributes(List<AttributeType> list, AttributeType attributeType, AttributeType attributeType2) {
        for (int i = 0; i < list.size(); i++) {
            if (list.get(i).equals(attributeType)) {
                list.set(i, attributeType2);
                return;
            }
        }
    }

    private <T extends SchemaObject> void register(SchemaObjectRegistry<T> schemaObjectRegistry, T t) {
        try {
            schemaObjectRegistry.register(t);
        } catch (LdapException e) {
            throw new IllegalStateException("Error registering " + t + ": " + e.getMessage(), e);
        }
    }

    @Override // com.evolveum.polygon.connector.ldap.AbstractLdapConnector
    protected ModifyTimestampSyncStrategy<AdLdapConfiguration> createModifyTimestampSyncStrategy() {
        return new ModifyTimestampSyncStrategy<>(getConfiguration(), getConnectionManager(), getSchemaManager(), getSchemaTranslator2(), getErrorHandler(), true);
    }
}
