package net.tirasa.connid.bundles.ad.util;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import net.tirasa.adsddl.ntsd.SDDL;
import net.tirasa.adsddl.ntsd.SID;
import net.tirasa.adsddl.ntsd.utils.GUID;
import net.tirasa.adsddl.ntsd.utils.Hex;
import net.tirasa.adsddl.ntsd.utils.NumberFacility;
import net.tirasa.adsddl.ntsd.utils.SDDLHelper;
import net.tirasa.connid.bundles.ad.ADConfiguration;
import net.tirasa.connid.bundles.ad.ADConnection;
import net.tirasa.connid.bundles.ad.ADConnector;
import net.tirasa.connid.bundles.ldap.LdapConnection;
import net.tirasa.connid.bundles.ldap.commons.GroupHelper;
import net.tirasa.connid.bundles.ldap.commons.LdapConstants;
import net.tirasa.connid.bundles.ldap.commons.LdapEntry;
import net.tirasa.connid.bundles.ldap.commons.LdapUtil;
import net.tirasa.connid.bundles.ldap.schema.LdapSchemaMapping;
import net.tirasa.connid.bundles.ldap.search.LdapFilter;
import net.tirasa.connid.bundles.ldap.search.LdapInternalSearch;
import net.tirasa.connid.bundles.ldap.search.LdapSearches;
import org.hsqldb.Tokens;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeInfo;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassInfo;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.Uid;

/* loaded from: input_file:WEB-INF/bundles/net.tirasa.connid.bundles.ad-1.3.6.jar:net/tirasa/connid/bundles/ad/util/ADUtilities.class */
public class ADUtilities {
    private static final Log LOG = Log.getLog(ADUtilities.class);
    private final ADConnection connection;
    private final GroupHelper groupHelper;

    public ADUtilities(ADConnection aDConnection) {
        this.connection = aDConnection;
        this.groupHelper = new GroupHelper(aDConnection);
    }

    public static SID getPrimaryGroupSID(SID sid, byte[] bArr) {
        SID newInstance = SID.newInstance(sid.getIdentifierAuthority());
        newInstance.setRevision(sid.getRevision());
        List<byte[]> subAuthorities = sid.getSubAuthorities();
        if (subAuthorities != null && !subAuthorities.isEmpty()) {
            for (int i = 0; i < subAuthorities.size() - 1; i++) {
                newInstance.addSubAuthority(subAuthorities.get(i));
            }
        }
        newInstance.addSubAuthority(bArr);
        return newInstance;
    }

    public Attribute getGroupID(String str) throws InvalidNameException {
        try {
            SID parse = SID.parse((byte[]) this.connection.getInitialContext().getAttributes(new LdapName(str), new String[]{ADConnector.OBJECTSID}).get(ADConnector.OBJECTSID).get());
            return new BasicAttribute(ADConnector.PRIMARYGROUPID, String.valueOf(NumberFacility.getUInt(parse.getSubAuthorities().get(parse.getSubAuthorityCount() - 1))));
        } catch (Exception e) {
            LOG.error(e, "Invalid group DN '{0}'", str);
            throw new ConnectorException(e);
        }
    }

    public String getPrimaryGroupDN(LdapEntry ldapEntry, Attributes attributes) throws NamingException {
        String str;
        Attribute attribute = attributes.get(ADConnector.PRIMARYGROUPID);
        Attribute attribute2 = attributes.get(ADConnector.OBJECTSID);
        if (attribute == null || attribute.get() == null || attribute2 == null || attribute2.get() == null) {
            str = null;
        } else {
            Set<SearchResult> basicLdapSearch = basicLdapSearch(String.format("(&(objectclass=group)(%s=%s))", ADConnector.OBJECTSID, Hex.getEscaped(getPrimaryGroupSID(SID.parse((byte[]) attribute2.get()), NumberFacility.getUIntBytes(Long.parseLong(attribute.get().toString()))).toByteArray())), ((ADConfiguration) this.connection.getConfiguration()).getGroupBaseContexts());
            if (basicLdapSearch == null || basicLdapSearch.isEmpty()) {
                LOG.warn("Error retrieving primary group for {0}", ldapEntry.getDN());
                str = null;
            } else {
                str = basicLdapSearch.iterator().next().getNameInNamespace();
                LOG.info("Found primary group {0}", str);
            }
        }
        return str;
    }

    public Set<String> getAttributesToGet(String[] strArr, ObjectClass objectClass) {
        Set<String> attributesReturnedByDefault;
        if (strArr != null) {
            attributesReturnedByDefault = CollectionUtil.newCaseInsensitiveSet();
            attributesReturnedByDefault.addAll(Arrays.asList(strArr));
            removeNonReadableAttributes(attributesReturnedByDefault, objectClass);
            attributesReturnedByDefault.add(Name.NAME);
        } else {
            attributesReturnedByDefault = getAttributesReturnedByDefault(this.connection, objectClass);
        }
        attributesReturnedByDefault.add(Uid.NAME);
        if (objectClass.is(ObjectClass.ACCOUNT_NAME)) {
            attributesReturnedByDefault.add(ADConnector.UACCONTROL_ATTR);
        }
        String groupMemberReferenceAttribute = ((ADConfiguration) ADConfiguration.class.cast(this.connection.getConfiguration())).getGroupMemberReferenceAttribute();
        if (objectClass.is(ObjectClass.GROUP_NAME) && attributesReturnedByDefault.contains(groupMemberReferenceAttribute)) {
            attributesReturnedByDefault.remove(groupMemberReferenceAttribute);
            attributesReturnedByDefault.add(String.format("%s;range=%d-%d", groupMemberReferenceAttribute, 0, 999));
        }
        if (attributesReturnedByDefault.contains(OperationalAttributes.PASSWORD_NAME)) {
            LOG.warn("Reading passwords not supported", new Object[0]);
        }
        if (attributesReturnedByDefault.contains(ADConfiguration.UCCP_FLAG)) {
            attributesReturnedByDefault.remove(ADConfiguration.UCCP_FLAG);
            attributesReturnedByDefault.add(ADConnector.SDDL_ATTR);
        }
        if (attributesReturnedByDefault.contains(LdapConstants.LDAP_GROUPS_NAME)) {
            attributesReturnedByDefault.add(ADConnector.OBJECTSID);
            attributesReturnedByDefault.add(ADConnector.PRIMARYGROUPID);
        }
        return attributesReturnedByDefault;
    }

    private void removeNonReadableAttributes(Set<String> set, ObjectClass objectClass) {
        boolean remove = set.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove2 = set.remove(LdapConstants.POSIX_GROUPS_NAME);
        this.connection.getSchemaMapping().removeNonReadableAttributes(objectClass, set);
        if (remove) {
            set.add(LdapConstants.LDAP_GROUPS_NAME);
        }
        if (remove2) {
            set.add(LdapConstants.POSIX_GROUPS_NAME);
        }
    }

    public static Set<String> getAttributesReturnedByDefault(LdapConnection ldapConnection, ObjectClass objectClass) {
        if (objectClass.equals(LdapSchemaMapping.ANY_OBJECT_CLASS)) {
            return CollectionUtil.newSet(Name.NAME);
        }
        SortedSet<String> newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        ObjectClassInfo findObjectClassInfo = ldapConnection.getSchemaMapping().schema().findObjectClassInfo(objectClass.getObjectClassValue());
        if (findObjectClassInfo != null) {
            for (AttributeInfo attributeInfo : findObjectClassInfo.getAttributeInfo()) {
                if (attributeInfo.isReturnedByDefault() && !ADConnector.ADDS2012_ATTRIBUTES_TO_BE_REMOVED.contains(attributeInfo.getName())) {
                    newCaseInsensitiveSet.add(attributeInfo.getName());
                }
            }
        }
        return newCaseInsensitiveSet;
    }

    public Set<String> getLdapAttributesToGet(Set<String> set, ObjectClass objectClass) {
        SortedSet<String> newCaseInsensitiveSet = CollectionUtil.newCaseInsensitiveSet();
        newCaseInsensitiveSet.addAll(set);
        newCaseInsensitiveSet.remove(LdapConstants.LDAP_GROUPS_NAME);
        boolean remove = newCaseInsensitiveSet.remove(LdapConstants.POSIX_GROUPS_NAME);
        Set<String> ldapAttributes = this.connection.getSchemaMapping().getLdapAttributes(objectClass, newCaseInsensitiveSet, true);
        if (remove) {
            ldapAttributes.add(GroupHelper.getPosixRefAttribute());
        }
        return ldapAttributes;
    }

    public ConnectorObject createConnectorObject(String str, SearchResult searchResult, Collection<String> collection, ObjectClass objectClass) throws NamingException {
        return createConnectorObject(str, searchResult.getAttributes(), collection, objectClass);
    }

    public ConnectorObject createConnectorObject(String str, Attributes attributes, Collection<String> collection, ObjectClass objectClass) throws NamingException {
        LdapEntry create = LdapEntry.create(str, attributes);
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(objectClass);
        if (ADConnector.OBJECTGUID.equals(this.connection.getSchemaMapping().getLdapUidAttribute(objectClass))) {
            connectorObjectBuilder.setUid(GUID.getGuidAsString((byte[]) create.getAttributes().get(ADConnector.OBJECTGUID).get()));
        } else {
            connectorObjectBuilder.setUid(this.connection.getSchemaMapping().createUid(objectClass, create));
        }
        connectorObjectBuilder.setName(this.connection.getSchemaMapping().createName(objectClass, create));
        String str2 = null;
        for (String str3 : collection) {
            org.identityconnectors.framework.common.objects.Attribute attribute = null;
            if (LdapConstants.isLdapGroups(str3) || str3.equals(ADConnector.MEMBEROF)) {
                Set<String> groups = getGroups(create.getDN().toString());
                if (StringUtil.isBlank(str2)) {
                    str2 = getPrimaryGroupDN(create, attributes);
                }
                if (StringUtil.isNotBlank(str2)) {
                    groups.add(str2);
                }
                attribute = AttributeBuilder.build(str3, groups);
            } else if (LdapConstants.isPosixGroups(str3)) {
                attribute = AttributeBuilder.build(LdapConstants.POSIX_GROUPS_NAME, this.groupHelper.getPosixGroups(LdapUtil.getStringAttrValues(create.getAttributes(), GroupHelper.getPosixRefAttribute())));
            } else if (LdapConstants.PASSWORD.is(str3) && objectClass.is(ObjectClass.ACCOUNT_NAME)) {
                attribute = AttributeBuilder.build(str3, new GuardedString());
            } else if (ADConfiguration.PNE_FLAG.equalsIgnoreCase(str3) && objectClass.is(ObjectClass.ACCOUNT_NAME)) {
                try {
                    String obj = (attributes.get(ADConnector.UACCONTROL_ATTR) == null || attributes.get(ADConnector.UACCONTROL_ATTR).get() == null) ? null : attributes.get(ADConnector.UACCONTROL_ATTR).get().toString();
                    if (LOG.isOk()) {
                        LOG.ok("User Account Control: {0}", obj);
                    }
                    attribute = (obj == null || (Integer.parseInt(obj) & 65536) != 65536) ? AttributeBuilder.build(ADConfiguration.PNE_FLAG, false) : AttributeBuilder.build(ADConfiguration.PNE_FLAG, true);
                } catch (NamingException e) {
                    LOG.error(e, "While fetching userAccountControl", new Object[0]);
                }
            } else if (ADConnector.UACCONTROL_ATTR.equalsIgnoreCase(str3) && objectClass.is(ObjectClass.ACCOUNT_NAME)) {
                try {
                    String obj2 = (attributes.get(ADConnector.UACCONTROL_ATTR) == null || attributes.get(ADConnector.UACCONTROL_ATTR).get() == null) ? null : attributes.get(ADConnector.UACCONTROL_ATTR).get().toString();
                    if (LOG.isOk()) {
                        LOG.ok("User Account Control: {0}", obj2);
                    }
                    org.identityconnectors.framework.common.objects.Attribute[] attributeArr = new org.identityconnectors.framework.common.objects.Attribute[1];
                    attributeArr[0] = (obj2 == null || Integer.parseInt(attributes.get(ADConnector.UACCONTROL_ATTR).get().toString()) % 16 != 2) ? AttributeBuilder.buildEnabled(true) : AttributeBuilder.buildEnabled(false);
                    connectorObjectBuilder.addAttribute(attributeArr);
                    attribute = this.connection.getSchemaMapping().createAttribute(objectClass, str3, create, false);
                } catch (NamingException e2) {
                    LOG.error(e2, "While fetching userAccountControl", new Object[0]);
                }
            } else if (ADConnector.OBJECTGUID.equalsIgnoreCase(str3)) {
                attribute = AttributeBuilder.build(str3, GUID.getGuidAsString((byte[]) attributes.get(ADConnector.OBJECTGUID).get()));
            } else if (ADConnector.SDDL_ATTR.equalsIgnoreCase(str3)) {
                Attribute attribute2 = attributes.get(ADConnector.SDDL_ATTR);
                if (attribute2 != null) {
                    attribute = AttributeBuilder.build(ADConfiguration.UCCP_FLAG, Boolean.valueOf(SDDLHelper.isUserCannotChangePassword(new SDDL((byte[]) attribute2.get()))));
                }
            } else if (ADConfiguration.PRIMARY_GROUP_DN_NAME.equalsIgnoreCase(str3)) {
                if (StringUtil.isBlank(str2)) {
                    str2 = getPrimaryGroupDN(create, attributes);
                }
                attribute = AttributeBuilder.build(ADConfiguration.PRIMARY_GROUP_DN_NAME, str2);
            } else if (objectClass.is(ObjectClass.GROUP_NAME) && String.format("%s;range=%d-%d", ((ADConfiguration) ADConfiguration.class.cast(this.connection.getConfiguration())).getGroupMemberReferenceAttribute(), 0, 999).equalsIgnoreCase(str3)) {
                String groupMemberReferenceAttribute = ((ADConfiguration) ADConfiguration.class.cast(this.connection.getConfiguration())).getGroupMemberReferenceAttribute();
                ArrayList arrayList = new ArrayList(this.connection.getSchemaMapping().createAttribute(objectClass, String.format("%s;range=0-*", groupMemberReferenceAttribute), create, true).getValue());
                if (arrayList.isEmpty()) {
                    int i = 0;
                    int i2 = 999;
                    org.identityconnectors.framework.common.objects.Attribute createAttribute = this.connection.getSchemaMapping().createAttribute(objectClass, String.format("%s;range=%d-%d", groupMemberReferenceAttribute, 0, 999), create, true);
                    arrayList.addAll(createAttribute.getValue());
                    boolean isEmpty = CollectionUtil.isEmpty(createAttribute.getValue());
                    while (!isEmpty) {
                        i += 1000;
                        i2 += 1000;
                        Attributes attributes2 = getAttributes(create.getDN().toString(), String.format("%s;range=%d-%d", groupMemberReferenceAttribute, Integer.valueOf(i), Integer.valueOf(i2)));
                        if (attributes2 == null || attributes2.size() <= 0) {
                            isEmpty = true;
                        } else {
                            Attribute attribute3 = (Attribute) attributes2.getAll().next();
                            isEmpty = attribute3.getID().equalsIgnoreCase(String.format("%s;range=%d-*", groupMemberReferenceAttribute, Integer.valueOf(i)));
                            NamingEnumeration all = attribute3.getAll();
                            while (all.hasMore()) {
                                arrayList.add(all.next());
                            }
                        }
                    }
                }
                attribute = AttributeBuilder.build(groupMemberReferenceAttribute, arrayList);
            } else if (attributes.get(str3) != null) {
                attribute = this.connection.getSchemaMapping().createAttribute(objectClass, str3, create, false);
            }
            if (attribute != null) {
                connectorObjectBuilder.addAttribute(attribute);
            }
        }
        return connectorObjectBuilder.build();
    }

    public final String getDN(ObjectClass objectClass, Name name, org.identityconnectors.framework.common.objects.Attribute attribute) {
        return "cn=" + ((attribute == null || attribute.getValue() == null || attribute.getValue().isEmpty() || attribute.getValue().get(0) == null || StringUtil.isBlank(attribute.getValue().get(0).toString())) ? name.getNameValue() : attribute.getValue().get(0).toString()) + "," + (objectClass.is(ObjectClass.ACCOUNT_NAME) ? ((ADConfiguration) this.connection.getConfiguration()).getDefaultPeopleContainer() : ((ADConfiguration) this.connection.getConfiguration()).getDefaultGroupContainer());
    }

    public static boolean isDN(String str) {
        try {
            if (StringUtil.isNotBlank(str)) {
                if (new LdapName(str) != null) {
                    return true;
                }
            }
            return false;
        } catch (InvalidNameException e) {
            if (!LOG.isOk()) {
                return false;
            }
            LOG.ok(e, "Invalid DN {0}", str);
            return false;
        }
    }

    public String getMembershipSearchFilter(ADConfiguration aDConfiguration) {
        StringBuilder sb = new StringBuilder();
        String[] memberships = aDConfiguration.getMemberships();
        if (memberships != null && memberships.length > 0) {
            sb.append(aDConfiguration.isMembershipsInOr() ? "(|" : "(&");
            for (String str : memberships) {
                sb.append(Tokens.T_OPENBRACKET).append(ADConnector.MEMBEROF).append("=").append(str).append(Tokens.T_CLOSEBRACKET);
            }
            sb.append(Tokens.T_CLOSEBRACKET);
        }
        return sb.toString();
    }

    public LdapEntry getEntryToBeUpdated(String str) {
        LdapEntry ldapEntry = null;
        try {
            ldapEntry = LdapSearches.getEntry(this.connection, new LdapName(str), ADConnector.UACCONTROL_ATTR, ADConnector.SDDL_ATTR, ADConnector.OBJECTSID, ADConnector.PRIMARYGROUPID);
        } catch (Exception e) {
            LOG.warn(e, "Invalid entry DN", new Object[0]);
        }
        if (ldapEntry == null) {
            throw new ConnectorException("Entry not found");
        }
        return ldapEntry;
    }

    public ConnectorObject getEntryToBeUpdated(Uid uid, ObjectClass objectClass) {
        ConnectorObject findObject = LdapSearches.findObject(this.connection, objectClass, LdapFilter.forNativeFilter(this.connection.getSchemaMapping().getLdapUidAttribute(objectClass) + "=" + uid.getUidValue()), ADConnector.UACCONTROL_ATTR, ADConnector.SDDL_ATTR, ADConnector.OBJECTSID, ADConnector.PRIMARYGROUPID);
        if (findObject == null) {
            throw new ConnectorException("Entry not found");
        }
        return findObject;
    }

    public Attributes getAttributes(String str, String... strArr) {
        try {
            return this.connection.getInitialContext().getAttributes(str, strArr);
        } catch (NamingException e) {
            throw new ConnectorException((Throwable) e);
        }
    }

    public Attribute userCannotChangePassword(String str, Boolean bool) {
        Attribute attribute = getAttributes(str, ADConnector.SDDL_ATTR).get(ADConnector.SDDL_ATTR);
        if (attribute == null) {
            return null;
        }
        try {
            return userCannotChangePassword((byte[]) attribute.get(), bool);
        } catch (NamingException e) {
            LOG.error(e, "Error retrieving sddl", new Object[0]);
            return null;
        }
    }

    public Attribute userCannotChangePassword(ConnectorObject connectorObject, Boolean bool) {
        org.identityconnectors.framework.common.objects.Attribute attributeByName = connectorObject.getAttributeByName(ADConnector.SDDL_ATTR);
        if (attributeByName == null || attributeByName.getValue() == null || attributeByName.getValue().isEmpty()) {
            return null;
        }
        return userCannotChangePassword((byte[]) attributeByName.getValue().get(0), bool);
    }

    public Attribute userCannotChangePassword(byte[] bArr, Boolean bool) {
        if (bArr == null) {
            return null;
        }
        return new BasicAttribute(ADConnector.SDDL_ATTR, SDDLHelper.userCannotChangePassword(new SDDL(bArr), bool).toByteArray());
    }

    public Set<SearchResult> basicLdapSearch(String str, String... strArr) {
        LdapContext initialContext = this.connection.getInitialContext();
        SearchControls createDefaultSearchControls = LdapInternalSearch.createDefaultSearchControls();
        createDefaultSearchControls.setSearchScope(2);
        createDefaultSearchControls.setReturningAttributes(new String[0]);
        HashSet hashSet = new HashSet();
        for (String str2 : strArr) {
            if (LOG.isOk()) {
                LOG.ok("Searching from " + str2, new Object[0]);
            }
            try {
                NamingEnumeration search = initialContext.search(str2, str, createDefaultSearchControls);
                while (search.hasMoreElements()) {
                    hashSet.add(search.nextElement());
                }
            } catch (NamingException e) {
                LOG.error(e, "While searching base context {0} with filter {1} and search controls {2}", str2, str, createDefaultSearchControls);
            }
        }
        return hashSet;
    }

    public Set<String> getGroups(String str) {
        return getGroups(str, ((ADConfiguration) this.connection.getConfiguration()).getGroupBaseContexts());
    }

    public Set<String> getGroups(String str, String... strArr) {
        String groupMemberReferenceAttribute = ((ADConfiguration) this.connection.getConfiguration()).getGroupMemberReferenceAttribute();
        TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
        Iterator<SearchResult> it = basicLdapSearch(filterInOr(groupMemberReferenceAttribute, str), strArr).iterator();
        while (it.hasNext()) {
            treeSet.add(it.next().getNameInNamespace());
        }
        return treeSet;
    }

    private String filterInOr(String str, String... strArr) {
        StringBuilder sb = new StringBuilder();
        boolean z = strArr != null && strArr.length > 1;
        if (z) {
            sb.append("(|");
        }
        for (String str2 : strArr) {
            sb.append('(');
            sb.append(str);
            sb.append('=');
            LdapUtil.escapeAttrValue(str2, sb);
            sb.append(')');
        }
        if (z) {
            sb.append(Tokens.T_CLOSEBRACKET);
        }
        return sb.toString();
    }
}
