package com.evolveum.polygon.connector.ldap;

import com.evolveum.polygon.common.GuardedStringAccessor;
import com.evolveum.polygon.common.SchemaUtil;
import com.evolveum.polygon.connector.ldap.search.DefaultSearchStrategy;
import com.evolveum.polygon.connector.ldap.search.SearchStrategy;
import com.evolveum.polygon.connector.ldap.search.SimplePagedResultsSearchStrategy;
import com.evolveum.polygon.connector.ldap.search.VlvSearchStrategy;
import com.evolveum.polygon.connector.ldap.sync.SunChangelogSyncStrategy;
import com.evolveum.polygon.connector.ldap.sync.SyncStrategy;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang.ArrayUtils;
import org.apache.directory.api.ldap.model.cursor.CursorException;
import org.apache.directory.api.ldap.model.cursor.EntryCursor;
import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.DefaultModification;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.entry.ModificationOperation;
import org.apache.directory.api.ldap.model.entry.Value;
import org.apache.directory.api.ldap.model.exception.LdapAdminLimitExceededException;
import org.apache.directory.api.ldap.model.exception.LdapAffectMultipleDsaException;
import org.apache.directory.api.ldap.model.exception.LdapAliasDereferencingException;
import org.apache.directory.api.ldap.model.exception.LdapAliasException;
import org.apache.directory.api.ldap.model.exception.LdapAttributeInUseException;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationNotSupportedException;
import org.apache.directory.api.ldap.model.exception.LdapConfigurationException;
import org.apache.directory.api.ldap.model.exception.LdapContextNotEmptyException;
import org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeTypeException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidSearchFilterException;
import org.apache.directory.api.ldap.model.exception.LdapLoopDetectedException;
import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException;
import org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException;
import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
import org.apache.directory.api.ldap.model.exception.LdapSchemaException;
import org.apache.directory.api.ldap.model.exception.LdapSchemaViolationException;
import org.apache.directory.api.ldap.model.exception.LdapStrongAuthenticationRequiredException;
import org.apache.directory.api.ldap.model.exception.LdapUnwillingToPerformException;
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.message.BindRequestImpl;
import org.apache.directory.api.ldap.model.message.SearchScope;
import org.apache.directory.api.ldap.model.message.controls.PagedResults;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.schema.AttributeType;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.ldap.client.api.DefaultSchemaLoader;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.ldap.client.api.exception.InvalidConnectionException;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.AlreadyExistsException;
import org.identityconnectors.framework.common.exceptions.ConfigurationException;
import org.identityconnectors.framework.common.exceptions.ConnectionFailedException;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.exceptions.ConnectorIOException;
import org.identityconnectors.framework.common.exceptions.ConnectorSecurityException;
import org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException;
import org.identityconnectors.framework.common.exceptions.PermissionDeniedException;
import org.identityconnectors.framework.common.exceptions.UnknownUidException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.Schema;
import org.identityconnectors.framework.common.objects.SyncResultsHandler;
import org.identityconnectors.framework.common.objects.SyncToken;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.common.objects.filter.EqualsFilter;
import org.identityconnectors.framework.common.objects.filter.Filter;
import org.identityconnectors.framework.common.objects.filter.FilterTranslator;
import org.identityconnectors.framework.spi.Configuration;
import org.identityconnectors.framework.spi.ConnectorClass;
import org.identityconnectors.framework.spi.PoolableConnector;
import org.identityconnectors.framework.spi.operations.CreateOp;
import org.identityconnectors.framework.spi.operations.DeleteOp;
import org.identityconnectors.framework.spi.operations.SchemaOp;
import org.identityconnectors.framework.spi.operations.SearchOp;
import org.identityconnectors.framework.spi.operations.SyncOp;
import org.identityconnectors.framework.spi.operations.TestOp;
import org.identityconnectors.framework.spi.operations.UpdateAttributeValuesOp;

@ConnectorClass(displayNameKey = "ldap.connector.display", configurationClass = LdapConfiguration.class)
/* loaded from: input_file:com/evolveum/polygon/connector/ldap/LdapConnector.class */
public class LdapConnector implements PoolableConnector, TestOp, SchemaOp, SearchOp<Filter>, CreateOp, DeleteOp, UpdateAttributeValuesOp, SyncOp {
    private static final Log LOG = Log.getLog(LdapConnector.class);
    private LdapConfiguration configuration;
    private LdapNetworkConnection connection;
    private SchemaManager schemaManager = null;
    private SchemaTranslator schemaTranslator = null;

    public Configuration getConfiguration() {
        return this.configuration;
    }

    public void init(Configuration configuration) {
        this.configuration = (LdapConfiguration) configuration;
        LOG.info("Connector init", new Object[0]);
        connect();
    }

    public void test() {
        checkAlive();
        try {
            this.connection.unBind();
            bind();
            LOG.ok("Root DSE: {0}", new Object[]{getRootDse()});
        } catch (LdapException e) {
            throw processLdapException(null, e);
        }
    }

    private SchemaManager getSchemaManager() {
        if (this.schemaManager == null) {
            try {
                boolean isSchemaQuirksMode = this.configuration.isSchemaQuirksMode();
                LOG.ok("Loading schema (quirksMode={0})", new Object[]{Boolean.valueOf(isSchemaQuirksMode)});
                this.connection.loadSchema(new DefaultSchemaLoader(this.connection, isSchemaQuirksMode));
                this.schemaManager = this.connection.getSchemaManager();
                try {
                    LOG.ok("Schema loaded, {0} schemas, {1} object classes, loader {2}", new Object[]{this.schemaManager.getLoader().getAllSchemas(), Integer.valueOf(this.schemaManager.getObjectClassRegistry().size()), this.schemaManager.getLoader()});
                } catch (Exception e) {
                    throw new RuntimeException(e.getMessage(), e);
                }
            } catch (LdapException e2) {
                throw new ConnectorIOException(e2.getMessage(), e2);
            }
        }
        return this.schemaManager;
    }

    private SchemaTranslator getSchemaTranslator() {
        if (this.schemaTranslator == null) {
            this.schemaTranslator = new SchemaTranslator(getSchemaManager(), this.configuration);
        }
        return this.schemaTranslator;
    }

    public Schema schema() {
        if (!this.connection.isConnected()) {
            return null;
        }
        this.schemaManager = null;
        this.schemaTranslator = null;
        return getSchemaTranslator().translateSchema();
    }

    public FilterTranslator<Filter> createFilterTranslator(ObjectClass objectClass, OperationOptions operationOptions) {
        return new FilterTranslator<Filter>() { // from class: com.evolveum.polygon.connector.ldap.LdapConnector.1
            public List<Filter> translate(Filter filter) {
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(filter);
                return arrayList;
            }
        };
    }

    public void executeQuery(ObjectClass objectClass, Filter filter, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        getSchemaTranslator();
        org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass = this.schemaTranslator.toLdapObjectClass(objectClass);
        if (filter != null && (filter instanceof EqualsFilter) && Name.NAME.equals(((EqualsFilter) filter).getName())) {
            String singleStringNonBlankValue = SchemaUtil.getSingleStringNonBlankValue(((EqualsFilter) filter).getAttribute());
            try {
                getDefaultSearchStrategy(objectClass, ldapObjectClass, resultsHandler, operationOptions).search(singleStringNonBlankValue, null, SearchScope.OBJECT, getAttributesToGet(ldapObjectClass, operationOptions));
                return;
            } catch (LdapException e) {
                throw processLdapException("Error searching for " + singleStringNonBlankValue, e);
            }
        }
        String baseDn = getBaseDn(operationOptions);
        ScopedFilter translate = new LdapFilterTranslator(getSchemaTranslator(), ldapObjectClass).translate(filter, ldapObjectClass);
        ExprNode filter2 = translate.getFilter();
        String[] attributesToGet = getAttributesToGet(ldapObjectClass, operationOptions);
        if (translate.getBaseDn() == null) {
            try {
                chooseSearchStrategy(objectClass, ldapObjectClass, resultsHandler, operationOptions).search(baseDn, filter2, getScope(operationOptions), attributesToGet);
            } catch (LdapException e2) {
                throw processLdapException("Error searching in " + baseDn, e2);
            }
        } else {
            try {
                getDefaultSearchStrategy(objectClass, ldapObjectClass, resultsHandler, operationOptions).search(translate.getBaseDn(), filter2, SearchScope.OBJECT, attributesToGet);
            } catch (LdapException e3) {
                throw processLdapException("Error searching for " + translate.getBaseDn(), e3);
            }
        }
    }

    private String getBaseDn(OperationOptions operationOptions) {
        return (operationOptions == null || operationOptions.getContainer() == null) ? this.configuration.getBaseContext() : operationOptions.getContainer().getUid().getUidValue();
    }

    private SearchScope getScope(OperationOptions operationOptions) {
        if (operationOptions == null || operationOptions.getScope() == null) {
            return SearchScope.SUBTREE;
        }
        String scope = operationOptions.getScope();
        if (LdapConfiguration.SCOPE_SUB.equals(scope)) {
            return SearchScope.SUBTREE;
        }
        if (LdapConfiguration.SCOPE_ONE.equals(scope)) {
            return SearchScope.ONELEVEL;
        }
        if (LdapConfiguration.SCOPE_BASE.equals(scope)) {
            return SearchScope.OBJECT;
        }
        throw new IllegalArgumentException("Unknown scope " + scope);
    }

    private String[] getAttributesToGet(org.apache.directory.api.ldap.model.schema.ObjectClass objectClass, OperationOptions operationOptions) {
        if (operationOptions == null || operationOptions.getAttributesToGet() == null) {
            return new String[]{"*", this.configuration.getUidAttribute()};
        }
        String[] attributesToGet = operationOptions.getAttributesToGet();
        String[] strArr = new String[attributesToGet.length + 1];
        int i = 0;
        for (String str : attributesToGet) {
            strArr[i] = this.schemaTranslator.toLdapAttribute(objectClass, str).getName();
            i++;
        }
        strArr[i] = this.configuration.getUidAttribute();
        return strArr;
    }

    private SearchStrategy chooseSearchStrategy(ObjectClass objectClass, org.apache.directory.api.ldap.model.schema.ObjectClass objectClass2, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        String pagingStrategy = this.configuration.getPagingStrategy();
        if (pagingStrategy == null) {
            pagingStrategy = LdapConfiguration.PAGING_STRATEGY_AUTO;
        }
        if (operationOptions != null && operationOptions.getAllowPartialResults() != null && operationOptions.getAllowPartialResults().booleanValue() && operationOptions.getPagedResultsOffset() == null && operationOptions.getPagedResultsCookie() == null && operationOptions.getPageSize() == null) {
            return getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (LdapConfiguration.PAGING_STRATEGY_NONE.equals(pagingStrategy)) {
            LOG.ok("Selecting default search strategy because strategy setting is set to {0}", new Object[]{pagingStrategy});
            return getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (LdapConfiguration.PAGING_STRATEGY_SPR.equals(pagingStrategy)) {
            if (!supportsControl(PagedResults.OID)) {
                throw new ConfigurationException("Configured paging strategy " + pagingStrategy + ", but the server does not support PagedResultsControl.");
            }
            LOG.ok("Selecting SimplePaged search strategy because strategy setting is set to {0}", new Object[]{pagingStrategy});
            return new SimplePagedResultsSearchStrategy(this.connection, this.configuration, this.schemaTranslator, objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (LdapConfiguration.PAGING_STRATEGY_VLV.equals(pagingStrategy)) {
            if (!supportsControl("2.16.840.1.113730.3.4.9")) {
                throw new ConfigurationException("Configured paging strategy " + pagingStrategy + ", but the server does not support VLV.");
            }
            LOG.ok("Selecting VLV search strategy because strategy setting is set to {0}", new Object[]{pagingStrategy});
            return new VlvSearchStrategy(this.connection, this.configuration, getSchemaTranslator(), objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (!LdapConfiguration.PAGING_STRATEGY_AUTO.equals(pagingStrategy)) {
            return getDefaultSearchStrategy(objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (operationOptions.getPagedResultsOffset() != null && operationOptions.getPagedResultsOffset().intValue() > 1) {
            if (!supportsControl("2.16.840.1.113730.3.4.9")) {
                throw new UnsupportedOperationException("Requested search from offset (" + operationOptions.getPagedResultsOffset() + "), but the server does not support VLV. Unable to execute the search.");
            }
            LOG.ok("Selecting VLV search strategy because strategy setting is set to {0} and the request specifies an offset", new Object[]{pagingStrategy});
            return new VlvSearchStrategy(this.connection, this.configuration, getSchemaTranslator(), objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (supportsControl(PagedResults.OID)) {
            LOG.ok("Selecting SimplePaged search strategy because strategy setting is set to {0} and the request does not specify an offset", new Object[]{pagingStrategy});
            return new SimplePagedResultsSearchStrategy(this.connection, this.configuration, this.schemaTranslator, objectClass, objectClass2, resultsHandler, operationOptions);
        }
        if (supportsControl("2.16.840.1.113730.3.4.9")) {
            return new VlvSearchStrategy(this.connection, this.configuration, getSchemaTranslator(), objectClass, objectClass2, resultsHandler, operationOptions);
        }
        throw new UnsupportedOperationException("Requested paged search, but the server does not support VLV or PagedResultsControl. Unable to execute the search.");
    }

    private boolean supportsControl(String str) {
        try {
            return this.connection.getSupportedControls().contains(str);
        } catch (LdapException e) {
            throw new ConnectorIOException("Cannot fetch list of supported controls: " + e.getMessage(), e);
        }
    }

    private SearchStrategy getDefaultSearchStrategy(ObjectClass objectClass, org.apache.directory.api.ldap.model.schema.ObjectClass objectClass2, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        return new DefaultSearchStrategy(this.connection, this.configuration, getSchemaTranslator(), objectClass, objectClass2, resultsHandler, operationOptions);
    }

    public Uid create(ObjectClass objectClass, Set<Attribute> set, OperationOptions operationOptions) {
        String str = null;
        for (Attribute attribute : set) {
            if (attribute.is(Name.NAME)) {
                str = SchemaUtil.getSingleStringNonBlankValue(attribute);
            }
        }
        if (str == null) {
            throw new InvalidAttributeValueException("Missing NAME attribute");
        }
        SchemaTranslator schemaTranslator = getSchemaTranslator();
        org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass = schemaTranslator.toLdapObjectClass(objectClass);
        try {
            DefaultEntry defaultEntry = new DefaultEntry(getSchemaManager(), str);
            defaultEntry.put("objectClass", ldapObjectClass.getName());
            for (Attribute attribute2 : set) {
                if (!attribute2.is(Name.NAME)) {
                    AttributeType ldapAttribute = schemaTranslator.toLdapAttribute(ldapObjectClass, attribute2.getName());
                    List<Value<Object>> ldapValues = schemaTranslator.toLdapValues(ldapAttribute, attribute2.getValue());
                    try {
                        defaultEntry.put(ldapAttribute, (Value<?>[]) ldapValues.toArray(new Value[ldapValues.size()]));
                    } catch (LdapException e) {
                        throw new InvalidAttributeValueException("Wrong value for LDAP attribute " + ldapAttribute.getName() + ": " + e.getMessage(), e);
                    }
                }
            }
            try {
                this.connection.add(defaultEntry);
                Uid uid = null;
                String uidAttribute = this.configuration.getUidAttribute();
                for (Attribute attribute3 : set) {
                    if (attribute3.is(uidAttribute)) {
                        uid = new Uid(SchemaUtil.getSingleStringNonBlankValue(attribute3));
                    }
                }
                if (uid != null) {
                    return uid;
                }
                try {
                    EntryCursor search = this.connection.search(str, "(objectClass=*)", SearchScope.OBJECT, uidAttribute);
                    if (!search.next()) {
                        throw new UnknownUidException("Entry with dn " + str + " was not found (right after it was created)");
                    }
                    org.apache.directory.api.ldap.model.entry.Attribute attribute4 = search.get().get(uidAttribute);
                    if (attribute4 == null) {
                        throw new InvalidAttributeValueException("No value for UID attribute " + uidAttribute + " in object " + str);
                    }
                    if (attribute4.size() == 0) {
                        throw new InvalidAttributeValueException("No value for UID attribute " + uidAttribute + " in object " + str);
                    }
                    if (attribute4.size() > 1) {
                        throw new InvalidAttributeValueException("More than one value (" + attribute4.size() + ") for UID attribute " + uidAttribute + " in object " + str);
                    }
                    return new Uid(attribute4.get().getString());
                } catch (CursorException e2) {
                    throw new ConnectorIOException("Error reading LDAP entry " + str + ": " + e2.getMessage(), e2);
                } catch (LdapException e3) {
                    throw processLdapException("Error reading LDAP entry " + str, e3);
                }
            } catch (LdapException e4) {
                throw processLdapException("Error adding LDAP entry " + str, e4);
            }
        } catch (LdapInvalidDnException e5) {
            throw new InvalidAttributeValueException("Wrong DN '" + str + "': " + e5.getMessage(), e5);
        }
    }

    public Uid update(ObjectClass objectClass, Uid uid, Set<Attribute> set, OperationOptions operationOptions) {
        for (Attribute attribute : set) {
            if (attribute.is(Name.NAME)) {
                String resolveDn = resolveDn(objectClass, uid, operationOptions);
                String singleStringNonBlankValue = SchemaUtil.getSingleStringNonBlankValue(attribute);
                if (resolveDn.equals(singleStringNonBlankValue)) {
                    continue;
                } else {
                    try {
                        LOG.ok("MoveAndRename REQ {0} -> {1}", new Object[]{resolveDn, singleStringNonBlankValue});
                        this.connection.moveAndRename(resolveDn, singleStringNonBlankValue);
                        LOG.ok("MoveAndRename RES OK {0} -> {1}", new Object[]{resolveDn, singleStringNonBlankValue});
                    } catch (LdapException e) {
                        LOG.error("MoveAndRename ERROR {0} -> {1}: {2}", new Object[]{resolveDn, singleStringNonBlankValue, e.getMessage(), e});
                        throw processLdapException("Rename/move of LDAP entry from " + resolveDn + " to " + singleStringNonBlankValue + " failed", e);
                    }
                }
            }
        }
        ldapUpdate(objectClass, uid, set, operationOptions, ModificationOperation.REPLACE_ATTRIBUTE);
        return uid;
    }

    public Uid addAttributeValues(ObjectClass objectClass, Uid uid, Set<Attribute> set, OperationOptions operationOptions) {
        Iterator<Attribute> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().is(Name.NAME)) {
                throw new InvalidAttributeValueException("Cannot add value of attribute " + Name.NAME);
            }
        }
        ldapUpdate(objectClass, uid, set, operationOptions, ModificationOperation.ADD_ATTRIBUTE);
        return uid;
    }

    public Uid removeAttributeValues(ObjectClass objectClass, Uid uid, Set<Attribute> set, OperationOptions operationOptions) {
        Iterator<Attribute> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().is(Name.NAME)) {
                throw new InvalidAttributeValueException("Cannot remove value of attribute " + Name.NAME);
            }
        }
        ldapUpdate(objectClass, uid, set, operationOptions, ModificationOperation.REMOVE_ATTRIBUTE);
        return uid;
    }

    private Uid ldapUpdate(ObjectClass objectClass, Uid uid, Set<Attribute> set, OperationOptions operationOptions, ModificationOperation modificationOperation) {
        String resolveDn = resolveDn(objectClass, uid, operationOptions);
        org.apache.directory.api.ldap.model.schema.ObjectClass ldapObjectClass = this.schemaTranslator.toLdapObjectClass(objectClass);
        ArrayList arrayList = new ArrayList(set.size());
        for (Attribute attribute : set) {
            if (!attribute.is(Name.NAME)) {
                AttributeType ldapAttribute = this.schemaTranslator.toLdapAttribute(ldapObjectClass, attribute.getName());
                if (ldapAttribute == null && !ArrayUtils.contains(this.configuration.getOperationalAttributes(), attribute.getName())) {
                    throw new InvalidAttributeValueException("Unknown attribute " + attribute.getName() + " in object class " + objectClass);
                }
                List<Value<Object>> ldapValues = this.schemaTranslator.toLdapValues(ldapAttribute, attribute.getValue());
                try {
                    arrayList.add(new DefaultModification(modificationOperation, ldapAttribute, (Value<?>[]) ldapValues.toArray(new Value[ldapValues.size()])));
                } catch (LdapInvalidAttributeValueException e) {
                    throw new InvalidAttributeValueException("Invalid modification value for LDAP attribute " + ldapAttribute.getName() + ": " + e.getMessage(), e);
                }
            }
        }
        if (arrayList.isEmpty()) {
            LOG.ok("Skipping modify({0}) operation as there are no modifications to execute", new Object[]{modificationOperation});
            return uid;
        }
        try {
            if (LOG.isOk()) {
                LOG.ok("Modify REQ {0}: {1}", new Object[]{resolveDn, dumpModifications(arrayList)});
            }
            this.connection.modify(resolveDn, (Modification[]) arrayList.toArray(new Modification[arrayList.size()]));
            if (LOG.isOk()) {
                LOG.ok("Modify RES {0}: {1}", new Object[]{resolveDn, dumpModifications(arrayList)});
            }
            return uid;
        } catch (LdapException e2) {
            LOG.error("Modify ERROR {0}: {1}: {2}", new Object[]{resolveDn, dumpModifications(arrayList), e2.getMessage(), e2});
            throw processLdapException("Error modifying entry " + resolveDn, e2);
        }
    }

    private String dumpModifications(List<Modification> list) {
        if (list == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder("[");
        Iterator<Modification> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next());
            sb.append(",");
        }
        sb.append("]");
        return sb.toString();
    }

    public void sync(ObjectClass objectClass, SyncToken syncToken, SyncResultsHandler syncResultsHandler, OperationOptions operationOptions) {
        chooseSyncStrategy(objectClass).sync(objectClass, syncToken, syncResultsHandler, operationOptions);
    }

    public SyncToken getLatestSyncToken(ObjectClass objectClass) {
        return chooseSyncStrategy(objectClass).getLatestSyncToken(objectClass);
    }

    private SyncStrategy chooseSyncStrategy(ObjectClass objectClass) {
        return new SunChangelogSyncStrategy(this.configuration, this.connection);
    }

    public void delete(ObjectClass objectClass, Uid uid, OperationOptions operationOptions) {
        String resolveDn = resolveDn(objectClass, uid, operationOptions);
        try {
            this.connection.delete(resolveDn);
        } catch (LdapException e) {
            throw processLdapException("Failed to delete entry with DN " + resolveDn + " (UID=" + uid + ")", e);
        }
    }

    private String resolveDn(ObjectClass objectClass, Uid uid, OperationOptions operationOptions) {
        String dn;
        String uidAttribute = this.configuration.getUidAttribute();
        if (LdapConfiguration.PSEUDO_ATTRIBUTE_DN_NAME.equals(uidAttribute)) {
            dn = uid.getUidValue();
        } else {
            this.schemaTranslator.toLdapObjectClass(objectClass);
            String baseDn = getBaseDn(operationOptions);
            SearchScope scope = getScope(operationOptions);
            try {
                AttributeType lookup = this.schemaManager.getAttributeTypeRegistry().lookup(this.schemaManager.getAttributeTypeRegistry().getOidByName(uidAttribute));
                try {
                    EntryCursor search = this.connection.search(baseDn, new EqualityNode(lookup, this.schemaTranslator.toLdapValue(lookup, uid.getUidValue())).toString(), scope, uidAttribute);
                    if (!search.next()) {
                        throw new UnknownUidException("Entry for UID " + uid + " was not found (therefore it cannot be deleted)");
                    }
                    dn = search.get().getDn().toString();
                } catch (CursorException e) {
                    throw new ConnectorIOException("Error reading LDAP entry for UID " + uid + ": " + e.getMessage(), e);
                } catch (LdapException e2) {
                    throw processLdapException("Error reading LDAP entry for UID " + uid, e2);
                }
            } catch (LdapException e3) {
                throw new InvalidAttributeValueException("Cannot find schema for UID attribute " + uidAttribute);
            }
        }
        return dn;
    }

    public void checkAlive() {
        if (this.connection.isConnected()) {
            LOG.ok("check alive: OK", new Object[0]);
        } else {
            LOG.ok("check alive: FAILED", new Object[0]);
            throw new ConnectorException("Connection check failed");
        }
    }

    public void dispose() {
        this.configuration = null;
        if (this.connection != null) {
            try {
                this.connection.close();
                this.connection = null;
            } catch (IOException e) {
                throw new ConnectorIOException(e.getMessage(), e);
            }
        }
    }

    private void connect() {
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost(this.configuration.getHost());
        ldapConnectionConfig.setLdapPort(this.configuration.getPort());
        ldapConnectionConfig.setTimeout(this.configuration.getConnectTimeout());
        LOG.ok("Creating connection object", new Object[0]);
        this.connection = new LdapNetworkConnection(ldapConnectionConfig);
        try {
            LOG.info("Connecting to {0}:{1} as {2}", new Object[]{this.configuration.getHost(), Integer.valueOf(this.configuration.getPort()), this.configuration.getBindDn()});
            boolean connect = this.connection.connect();
            LOG.ok("Connected ({0})", new Object[]{Boolean.valueOf(connect)});
            if (!connect) {
                throw new ConnectionFailedException("Unable to connect to LDAP server " + this.configuration.getHost() + ":" + this.configuration.getPort() + " due to unknown reasons");
            }
            bind();
        } catch (LdapException e) {
            throw processLdapException("Unable to connect to LDAP server " + this.configuration.getHost() + ":" + this.configuration.getPort(), e);
        }
    }

    private void bind() {
        final BindRequestImpl bindRequestImpl = new BindRequestImpl();
        String bindDn = this.configuration.getBindDn();
        try {
            bindRequestImpl.setDn(new Dn(bindDn));
            GuardedString bindPassword = this.configuration.getBindPassword();
            if (bindPassword != null) {
                bindPassword.access(new GuardedStringAccessor() { // from class: com.evolveum.polygon.connector.ldap.LdapConnector.2
                    @Override // com.evolveum.polygon.common.GuardedStringAccessor
                    public void access(char[] cArr) {
                        bindRequestImpl.setCredentials(new String(cArr));
                    }
                });
            }
            try {
                this.connection.bind(bindRequestImpl);
                LOG.info("Bound to {0}", new Object[]{bindDn});
            } catch (LdapException e) {
                throw processLdapException("Unable to bind to LDAP server " + this.configuration.getHost() + ":" + this.configuration.getPort() + " as " + bindDn, e);
            }
        } catch (LdapInvalidDnException e2) {
            throw new ConfigurationException("bindDn is not in DN format: " + e2.getMessage(), e2);
        }
    }

    private Entry getRootDse() throws LdapException {
        LOG.ok("Fetching root DSE", new Object[0]);
        return this.connection.getRootDse();
    }

    private RuntimeException processLdapException(String str, LdapException ldapException) {
        String str2 = str == null ? "" : str + ": ";
        if (ldapException instanceof LdapEntryAlreadyExistsException) {
            throw new AlreadyExistsException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapSchemaViolationException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapStrongAuthenticationRequiredException) {
            throw new ConnectorSecurityException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAdminLimitExceededException) {
            throw new ConnectorSecurityException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAffectMultipleDsaException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAffectMultipleDsaException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAliasDereferencingException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAliasException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAttributeInUseException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAuthenticationException) {
            throw new ConnectorSecurityException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapAuthenticationNotSupportedException) {
            throw new ConnectorSecurityException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapConfigurationException) {
            throw new ConfigurationException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof InvalidConnectionException) {
            throw new ConnectionFailedException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapContextNotEmptyException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapInvalidAttributeTypeException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapInvalidAttributeValueException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapInvalidDnException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapInvalidSearchFilterException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapInvalidSearchFilterException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapLoopDetectedException) {
            throw new ConfigurationException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapNoPermissionException) {
            throw new PermissionDeniedException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapNoSuchAttributeException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapNoSuchObjectException) {
            throw new UnknownUidException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapSchemaException) {
            throw new ConfigurationException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapSchemaViolationException) {
            throw new InvalidAttributeValueException(str2 + ldapException.getMessage(), ldapException);
        }
        if (ldapException instanceof LdapUnwillingToPerformException) {
            throw new PermissionDeniedException(str2 + ldapException.getMessage(), ldapException);
        }
        return new ConnectorIOException(str2 + ldapException.getMessage(), ldapException);
    }
}
