package net.tirasa.connid.bundles.okta;

import com.okta.sdk.authc.credentials.TokenClientCredentials;
import com.okta.sdk.client.AuthorizationMode;
import com.okta.sdk.client.ClientBuilder;
import com.okta.sdk.error.ResourceException;
import com.okta.sdk.resource.common.PagedList;
import com.okta.sdk.resource.group.GroupBuilder;
import com.okta.sdk.resource.user.UserBuilder;
import java.time.OffsetDateTime;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import net.tirasa.connid.bundles.googleapps.GoogleAppsUtil;
import net.tirasa.connid.bundles.okta.schema.OktaSchema;
import net.tirasa.connid.bundles.okta.utils.CipherAlgorithm;
import net.tirasa.connid.bundles.okta.utils.OktaAttribute;
import net.tirasa.connid.bundles.okta.utils.OktaEventType;
import net.tirasa.connid.bundles.okta.utils.OktaFilter;
import net.tirasa.connid.bundles.okta.utils.OktaFilterOp;
import net.tirasa.connid.bundles.okta.utils.OktaUtils;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.common.security.GuardedString;
import org.identityconnectors.common.security.SecurityUtil;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.AttributesAccessor;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.ConnectorObjectBuilder;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.ObjectClassInfo;
import org.identityconnectors.framework.common.objects.ObjectClassUtil;
import org.identityconnectors.framework.common.objects.OperationOptions;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.ResultsHandler;
import org.identityconnectors.framework.common.objects.Schema;
import org.identityconnectors.framework.common.objects.SearchResult;
import org.identityconnectors.framework.common.objects.SyncDeltaBuilder;
import org.identityconnectors.framework.common.objects.SyncDeltaType;
import org.identityconnectors.framework.common.objects.SyncResultsHandler;
import org.identityconnectors.framework.common.objects.SyncToken;
import org.identityconnectors.framework.common.objects.Uid;
import org.identityconnectors.framework.common.objects.filter.FilterTranslator;
import org.identityconnectors.framework.spi.Configuration;
import org.identityconnectors.framework.spi.Connector;
import org.identityconnectors.framework.spi.ConnectorClass;
import org.identityconnectors.framework.spi.PoolableConnector;
import org.identityconnectors.framework.spi.SearchResultsHandler;
import org.identityconnectors.framework.spi.operations.CreateOp;
import org.identityconnectors.framework.spi.operations.DeleteOp;
import org.identityconnectors.framework.spi.operations.SchemaOp;
import org.identityconnectors.framework.spi.operations.SearchOp;
import org.identityconnectors.framework.spi.operations.SyncOp;
import org.identityconnectors.framework.spi.operations.TestOp;
import org.identityconnectors.framework.spi.operations.UpdateOp;
import org.openapitools.client.ApiClient;
import org.openapitools.client.api.ApplicationApi;
import org.openapitools.client.api.GroupApi;
import org.openapitools.client.api.SchemaApi;
import org.openapitools.client.api.SystemLogApi;
import org.openapitools.client.api.UserApi;
import org.openapitools.client.model.Application;
import org.openapitools.client.model.ChangePasswordRequest;
import org.openapitools.client.model.Group;
import org.openapitools.client.model.LogEvent;
import org.openapitools.client.model.PasswordCredential;
import org.openapitools.client.model.UpdateUserRequest;
import org.openapitools.client.model.User;
import org.openapitools.client.model.UserStatus;

@ConnectorClass(configurationClass = OktaConfiguration.class, displayNameKey = "okta.connector.display")
/* loaded from: input_file:WEB-INF/classes/bundles/net.tirasa.connid.bundles.okta-3.0.0-bundle.jar:net/tirasa/connid/bundles/okta/OktaConnector.class */
public class OktaConnector implements Connector, PoolableConnector, CreateOp, UpdateOp, DeleteOp, SchemaOp, SyncOp, TestOp, SearchOp<OktaFilter> {
    public static final String LIMIT = "50";
    public static final String USER = "USER";
    public static final String FILTER = "filter";
    public static final String CIPHER_ALGORITHM = "cipherAlgorithm";
    public static final String SALT = "salt";
    public static final String SALT_ORDER = "saltOrder";
    public static final String WORK_FACTOR = "workFactor";
    private OktaConfiguration configuration;
    private UserApi userApi;
    private GroupApi groupApi;
    private ApplicationApi appApi;
    private SystemLogApi systemLogApi;
    private OktaSchema schema;
    private static final Log LOG = Log.getLog(OktaConnector.class);
    public static final String APPLICATION_NAME = ObjectClassUtil.createSpecialName("APPLICATION");
    public static final ObjectClass APPLICATION = new ObjectClass(APPLICATION_NAME);
    private static final Set<String> NOT_FOR_PROFILE = CollectionUtil.newReadOnlySet(Name.NAME, OperationalAttributes.ENABLE_NAME, OperationalAttributes.PASSWORD_NAME, "id", "status", OktaAttribute.OKTA_SECURITY_QUESTION, OktaAttribute.OKTA_SECURITY_ANSWER, OktaAttribute.OKTA_GROUPS);

    @Override // org.identityconnectors.framework.spi.Connector
    public OktaConfiguration getConfiguration() {
        return this.configuration;
    }

    @Override // org.identityconnectors.framework.spi.Connector
    public void init(Configuration configuration) {
        this.configuration = (OktaConfiguration) configuration;
        try {
            if (this.userApi == null || this.groupApi == null || this.appApi == null || this.systemLogApi == null || this.schema == null) {
                ClientBuilder connectionTimeout = new ConnIdClientBuilder().setOrgUrl(this.configuration.getDomain()).setRetryMaxAttempts(this.configuration.getRateLimitMaxRetries()).setRetryMaxElapsed(this.configuration.getRetryMaxElapsed()).setConnectionTimeout(this.configuration.getRequestTimeout());
                if (this.configuration.getClientId() == null || this.configuration.getPrivateKeyPEM() == null) {
                    connectionTimeout.setClientCredentials(new TokenClientCredentials(this.configuration.getOktaApiToken()));
                } else {
                    connectionTimeout.setAuthorizationMode(AuthorizationMode.PRIVATE_KEY).setClientId(this.configuration.getClientId()).setScopes(new HashSet(Arrays.asList("okta.schemas.read", "okta.users.manage", "okta.groups.manage", "okta.apps.manage", "okta.logs.read"))).setPrivateKey(this.configuration.getPrivateKeyPEM());
                }
                ApiClient build = connectionTimeout.build();
                this.userApi = new UserApi(build);
                this.groupApi = new GroupApi(build);
                this.appApi = new ApplicationApi(build);
                this.systemLogApi = new SystemLogApi(build);
                this.schema = new OktaSchema(new SchemaApi(build));
            }
        } catch (Exception e) {
            OktaUtils.wrapGeneralError("Could not create Okta client", e);
        }
        LOG.ok("Connector {0} successfully inited", getClass().getName());
    }

    public UserApi getUserApi() {
        return this.userApi;
    }

    public GroupApi getGroupApi() {
        return this.groupApi;
    }

    public ApplicationApi getApplicationApi() {
        return this.appApi;
    }

    public SystemLogApi getSystemLogApi() {
        return this.systemLogApi;
    }

    @Override // org.identityconnectors.framework.spi.PoolableConnector
    public void checkAlive() {
        LOG.ok("Check Alive", new Object[0]);
    }

    @Override // org.identityconnectors.framework.spi.operations.CreateOp
    public Uid create(ObjectClass objectClass, Set<Attribute> set, OperationOptions operationOptions) {
        LOG.ok("Connector CREATE", new Object[0]);
        if (set == null || set.isEmpty()) {
            OktaUtils.handleGeneralError("Set of Attributes value is null or empty");
        }
        AttributesAccessor attributesAccessor = new AttributesAccessor(set);
        if (!ObjectClass.ACCOUNT.equals(objectClass)) {
            if (!ObjectClass.GROUP.equals(objectClass)) {
                LOG.warn("Create of type {0} is not supported", objectClass.getObjectClassValue());
                throw new UnsupportedOperationException("Create of type" + objectClass.getObjectClassValue() + " is not supported");
            }
            Group group = null;
            try {
                group = GroupBuilder.instance().setName(attributesAccessor.findString("name")).setDescription(attributesAccessor.findString("description")).buildAndCreate(this.groupApi);
            } catch (Exception e) {
                OktaUtils.wrapGeneralError("Could not create Group : " + attributesAccessor.findString("name"), e);
            }
            return new Uid(group.getId());
        }
        User user = null;
        Attribute find = attributesAccessor.find(OperationalAttributes.ENABLE_NAME);
        Attribute find2 = attributesAccessor.find("email");
        try {
            UserBuilder instance = UserBuilder.instance();
            if (find == null || CollectionUtil.isEmpty(find.getValue())) {
                LOG.warn("{0} attribute value not correct or not found, won't handle User status", OperationalAttributes.ENABLE_NAME);
            } else {
                instance.setActive(AttributeUtil.getBooleanValue(find));
            }
            GuardedString password = attributesAccessor.getPassword();
            if (password != null) {
                String decrypt = SecurityUtil.decrypt(password);
                String findString = attributesAccessor.findString(CIPHER_ALGORITHM);
                if (StringUtil.isNotBlank(findString)) {
                    String findString2 = attributesAccessor.findString("salt");
                    String findString3 = attributesAccessor.findString("saltOrder");
                    switch (CipherAlgorithm.valueOfLabel(findString)) {
                        case SHA:
                        case SHA1:
                        case SSHA:
                        case SSHA1:
                            instance.setSha1PasswordHash(decrypt, findString2, findString3);
                            break;
                        case SHA256:
                        case SSHA256:
                            instance.setSha256PasswordHash(decrypt, findString2, findString3);
                            break;
                        case SHA512:
                        case SSHA512:
                            instance.setSha512PasswordHash(decrypt, findString2, findString3);
                            break;
                        case BCRYPT:
                            instance.setBcryptPasswordHash(decrypt, findString2, attributesAccessor.findInteger("workFactor").intValue());
                            break;
                        default:
                            OktaUtils.handleGeneralError("Hash Algorithm not supported : " + findString);
                            break;
                    }
                } else {
                    instance.setPassword(decrypt.toCharArray());
                }
                String findString4 = attributesAccessor.findString(OktaAttribute.OKTA_SECURITY_QUESTION);
                if (StringUtil.isNotBlank(findString4)) {
                    instance.setSecurityQuestion(findString4);
                }
                String findString5 = attributesAccessor.findString(OktaAttribute.OKTA_SECURITY_ANSWER);
                if (StringUtil.isNotBlank(findString5)) {
                    instance.setSecurityQuestionAnswer(findString5);
                }
            }
            buildProfile(instance, attributesAccessor, objectClass);
            Stream map = ((Stream) Optional.ofNullable(attributesAccessor.findList(OktaAttribute.OKTA_GROUPS)).map((v0) -> {
                return v0.stream();
            }).orElseGet(Stream::empty)).map((v0) -> {
                return v0.toString();
            });
            instance.getClass();
            map.forEach(instance::addGroup);
            user = instance.buildAndCreate(this.userApi);
        } catch (Exception e2) {
            OktaUtils.wrapGeneralError("Could not create User : " + AttributeUtil.getAsStringValue(find2), e2);
        }
        if (user == null || user.getId() == null) {
            OktaUtils.handleGeneralError("Something wrong happened during user create, check logs");
        }
        return new Uid(user.getId());
    }

    @Override // org.identityconnectors.framework.spi.operations.UpdateOp
    public Uid update(ObjectClass objectClass, Uid uid, Set<Attribute> set, OperationOptions operationOptions) {
        LOG.ok("Connector UPDATE", new Object[0]);
        if (set == null || set.isEmpty()) {
            OktaUtils.handleGeneralError("Set of Attributes value is null or empty");
        }
        AttributesAccessor attributesAccessor = new AttributesAccessor(set);
        if (!ObjectClass.ACCOUNT.equals(objectClass)) {
            if (!ObjectClass.GROUP.equals(objectClass)) {
                LOG.warn("Update of type {0} is not supported", objectClass.getObjectClassValue());
                throw new UnsupportedOperationException("Update of type" + objectClass.getObjectClassValue() + " is not supported");
            }
            Group group = this.groupApi.getGroup(uid.getUidValue());
            Optional.ofNullable(attributesAccessor.getName()).ifPresent(name -> {
                group.getProfile().setName(name.getNameValue());
            });
            Optional.ofNullable(attributesAccessor.find("description")).ifPresent(attribute -> {
                group.getProfile().setDescription(AttributeUtil.getStringValue(attribute));
            });
            Group group2 = null;
            try {
                group2 = this.groupApi.replaceGroup(group.getId(), group);
            } catch (Exception e) {
                OktaUtils.wrapGeneralError("Could not update Group " + uid.getUidValue() + " from attributes ", e);
            }
            return new Uid(group2.getId());
        }
        Uid uid2 = uid;
        User user = this.userApi.getUser(uid.getUidValue());
        Optional.ofNullable(attributesAccessor.getPassword()).map(SecurityUtil::decrypt).filter(StringUtil::isNotBlank).ifPresent(str -> {
            Optional.ofNullable(attributesAccessor.find(OperationalAttributes.CURRENT_PASSWORD_NAME)).map(AttributeUtil::getGuardedStringValue).map(SecurityUtil::decrypt).filter(StringUtil::isNotBlank).ifPresent(str -> {
                selfPasswordUpdate(user.getId(), str, str);
            });
        });
        try {
            updateUserAttributes(user, set);
            UpdateUserRequest updateUserRequest = new UpdateUserRequest();
            updateUserRequest.setProfile(user.getProfile());
            User updateUser = this.userApi.updateUser(user.getId(), updateUserRequest, Boolean.FALSE);
            updateUserStatus(updateUser, attributesAccessor.find(OperationalAttributes.ENABLE_NAME));
            uid2 = new Uid(updateUser.getId());
        } catch (Exception e2) {
            OktaUtils.wrapGeneralError("Could not update User " + uid.getUidValue() + " from attributes ", e2);
        }
        if (attributesAccessor.hasAttribute(OktaAttribute.OKTA_GROUPS)) {
            try {
                List nullAsEmpty = CollectionUtil.nullAsEmpty((List) attributesAccessor.findList(OktaAttribute.OKTA_GROUPS));
                Set set2 = (Set) this.userApi.listUserGroups(user.getId()).stream().filter(group3 -> {
                    return !OktaAttribute.isDefaultEveryoneGroup(group3);
                }).map((v0) -> {
                    return v0.getId();
                }).collect(Collectors.toSet());
                nullAsEmpty.stream().filter(obj -> {
                    return !set2.contains(obj.toString());
                }).forEach(obj2 -> {
                    try {
                        this.groupApi.assignUserToGroup(obj2.toString(), user.getId());
                        LOG.ok("User {0} added to Group {1} after update", uid.getUidValue(), obj2);
                    } catch (Exception e3) {
                        OktaUtils.handleGeneralError("Could not add User " + uid.getUidValue() + " to Group " + obj2, e3);
                    }
                });
                set2.stream().filter(str2 -> {
                    return !nullAsEmpty.contains(str2);
                }).forEach(str3 -> {
                    try {
                        this.groupApi.unassignUserFromGroup(str3, user.getId());
                        LOG.ok("User {0} removed from Group {1} after update", uid.getUidValue(), str3);
                    } catch (Exception e3) {
                        OktaUtils.handleGeneralError("Could not remove User " + uid.getUidValue() + " from Group " + str3, e3);
                    }
                });
            } catch (ConnectorException e3) {
            } catch (Exception e4) {
                OktaUtils.handleGeneralError("Errors while working with groups for User " + uid.getUidValue(), e4);
            }
        }
        return uid2;
    }

    @Override // org.identityconnectors.framework.spi.operations.DeleteOp
    public void delete(ObjectClass objectClass, Uid uid, OperationOptions operationOptions) {
        LOG.ok("Connector DELETE", new Object[0]);
        if (StringUtil.isBlank(uid.getUidValue())) {
            LOG.error("Uid not provided or empty ", new Object[0]);
            throw new InvalidAttributeValueException("Uid value not provided or empty");
        }
        if (objectClass == null) {
            LOG.error("Object value not provided {0} ", objectClass);
            throw new InvalidAttributeValueException("Object value not provided");
        }
        if (ObjectClass.ACCOUNT.equals(objectClass)) {
            try {
                this.userApi.deleteUser(uid.getUidValue(), Boolean.FALSE);
                this.userApi.deleteUser(uid.getUidValue(), Boolean.FALSE);
                return;
            } catch (Exception e) {
                OktaUtils.wrapGeneralError("Could not delete User " + uid.getUidValue(), e);
                return;
            }
        }
        if (APPLICATION.equals(objectClass)) {
            try {
                this.appApi.deactivateApplication(uid.getUidValue());
                this.appApi.deleteApplication(uid.getUidValue());
                return;
            } catch (Exception e2) {
                OktaUtils.wrapGeneralError("Could not delete Application " + uid.getUidValue(), e2);
                return;
            }
        }
        if (!ObjectClass.GROUP.equals(objectClass)) {
            LOG.warn("Delete of type {0} is not supported", objectClass.getObjectClassValue());
            throw new UnsupportedOperationException("Delete of type" + objectClass.getObjectClassValue() + " is not supported");
        }
        try {
            this.groupApi.deleteGroup(uid.getUidValue());
        } catch (Exception e3) {
            OktaUtils.wrapGeneralError("Could not delete Group " + uid.getUidValue(), e3);
        }
    }

    @Override // org.identityconnectors.framework.spi.operations.SchemaOp
    public Schema schema() {
        LOG.ok("Building SCHEMA definition", new Object[0]);
        return this.schema.getSchema();
    }

    @Override // org.identityconnectors.framework.spi.operations.SyncOp
    public SyncToken getLatestSyncToken(ObjectClass objectClass) {
        LOG.ok("check the ObjectClass", new Object[0]);
        long j = 0;
        try {
            j = getLastLogEvent(objectClass);
            LOG.ok("getLatestSyncToken on {0} - {1}", objectClass, Long.valueOf(j));
        } catch (Exception e) {
            OktaUtils.handleGeneralError("Error during retrieve SyncToken", e);
        }
        return new SyncToken(Long.valueOf(j));
    }

    @Override // org.identityconnectors.framework.spi.operations.SyncOp
    public void sync(ObjectClass objectClass, SyncToken syncToken, SyncResultsHandler syncResultsHandler, OperationOptions operationOptions) {
        if (syncResultsHandler == null) {
            OktaUtils.handleGeneralError("Result handler is null");
        }
        HashSet hashSet = new HashSet();
        if (operationOptions.getAttributesToGet() != null) {
            hashSet.addAll(Arrays.asList(operationOptions.getAttributesToGet()));
            hashSet.add("lastUpdated");
        }
        Long l = null;
        if (syncToken == null || syncToken.getValue() == null) {
            LOG.info("Synchronization with empty token.", new Object[0]);
        } else {
            LOG.info("Synchronization with token.", new Object[0]);
            l = Long.valueOf(syncToken.getValue().toString());
        }
        LOG.info("Execute sync query {0} on {1}", l, objectClass);
        List<LogEvent> events = getEvents(objectClass, l == null ? null : OktaUtils.convertToDate(l.longValue()));
        if (events != null) {
            events.stream().forEach(logEvent -> {
                ConnectorObject connectorObject = null;
                try {
                    if (isDeleteEvent(logEvent.getEventType())) {
                        connectorObject = fromLogEvent(logEvent.getTarget().get(0).getId(), logEvent.getPublished().toInstant().toEpochMilli(), objectClass);
                    } else {
                        try {
                            connectorObject = ObjectClass.ACCOUNT.equals(objectClass) ? fromUser(this.userApi.getUser(logEvent.getTarget().get(0).getId()), hashSet) : ObjectClass.GROUP.equals(objectClass) ? fromGroup(this.groupApi.getGroup(logEvent.getTarget().get(0).getId()), hashSet) : fromApplication(this.appApi.getApplication(logEvent.getTarget().get(0).getId(), null), hashSet);
                        } catch (Exception e) {
                            LOG.info("{0} not found", logEvent.getTarget().get(0).getId());
                        }
                    }
                    if (connectorObject != null && !syncResultsHandler.handle(buildSyncDelta(connectorObject, logEvent).build())) {
                        LOG.ok("Stop processing of the sync result set", new Object[0]);
                        OktaUtils.handleGeneralError("Stop processing of the sync result set");
                    }
                } catch (Exception e2) {
                    OktaUtils.handleGeneralError("Sync on " + objectClass + " error", e2);
                }
            });
        }
    }

    @Override // org.identityconnectors.framework.spi.operations.TestOp
    public void test() {
        if (this.configuration == null || this.schema == null) {
            LOG.error("Test error. No instance of the configuration class", new Object[0]);
            return;
        }
        try {
            this.schema.getSchema();
        } catch (Exception e) {
            OktaUtils.handleGeneralError("Test error. Problems with client service", e);
        }
        LOG.ok("Test was successfull", new Object[0]);
    }

    @Override // org.identityconnectors.framework.spi.operations.SearchOp
    public FilterTranslator<OktaFilter> createFilterTranslator(ObjectClass objectClass, OperationOptions operationOptions) {
        LOG.info("check the ObjectClass", new Object[0]);
        if (objectClass == null) {
            throw new IllegalArgumentException("Object class not supported");
        }
        LOG.ok("The ObjectClass is ok", new Object[0]);
        return new OktaFilterTranslator(objectClass);
    }

    private <T> void doExecuteQuery(ObjectClass objectClass, OktaFilter oktaFilter, Integer num, String str, ResultsHandler resultsHandler, Function<String, T> function, Function<String, PagedList<T>> function2, Function<String, List<T>> function3, Function<T, ConnectorObject> function4) {
        String nextPage;
        int indexOf;
        if (oktaFilter != null && oktaFilter.getFilters() == null && "id".equals(oktaFilter.getAttribute()) && OktaFilterOp.EQUALS.equals(oktaFilter.getFilterOp())) {
            try {
                resultsHandler.handle(function4.apply(function.apply(oktaFilter.getValue())));
                return;
            } catch (Exception e) {
                OktaUtils.wrapGeneralError("While getting " + objectClass.getObjectClassValue() + " with filter: " + oktaFilter, e);
                return;
            }
        }
        String str2 = (String) Optional.ofNullable(oktaFilter).map((v0) -> {
            return v0.toString();
        }).orElse(null);
        String str3 = str;
        List<T> list = null;
        try {
            if (num != null) {
                PagedList<T> apply = function2.apply(str2);
                list = apply.getItems();
                if (apply.getItems().size() >= num.intValue() && (indexOf = (nextPage = apply.getNextPage()).indexOf("after=")) != -1) {
                    int indexOf2 = nextPage.indexOf(38, indexOf);
                    str3 = indexOf2 == -1 ? nextPage.substring(indexOf + 6) : nextPage.substring(indexOf + 6, indexOf2);
                }
            } else {
                list = function3.apply(str2);
            }
        } catch (Exception e2) {
            OktaUtils.wrapGeneralError("While getting " + objectClass.getObjectClassValue() + " with filter: " + oktaFilter, e2);
        }
        if (list != null) {
            Iterator<T> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (!resultsHandler.handle(function4.apply(it.next()))) {
                    LOG.ok("Stop processing of the result set", new Object[0]);
                    break;
                }
            }
        }
        if (resultsHandler instanceof SearchResultsHandler) {
            ((SearchResultsHandler) resultsHandler).handleResult(new SearchResult(str3, -1));
        }
    }

    @Override // org.identityconnectors.framework.spi.operations.SearchOp
    public void executeQuery(ObjectClass objectClass, OktaFilter oktaFilter, ResultsHandler resultsHandler, OperationOptions operationOptions) {
        LOG.ok("Connector READ", new Object[0]);
        if (oktaFilter == null || oktaFilter.getAttribute() == null || oktaFilter.getValue() != null) {
            HashSet hashSet = new HashSet();
            if (operationOptions.getAttributesToGet() != null) {
                hashSet.addAll(Arrays.asList(operationOptions.getAttributesToGet()));
            }
            if (ObjectClass.ACCOUNT.equals(objectClass)) {
                Integer pageSize = operationOptions.getPageSize();
                String pagedResultsCookie = operationOptions.getPagedResultsCookie();
                UserApi userApi = this.userApi;
                userApi.getClass();
                doExecuteQuery(objectClass, oktaFilter, pageSize, pagedResultsCookie, resultsHandler, userApi::getUser, str -> {
                    return OktaPaginationApis.listUsers(this.userApi, null, operationOptions.getPagedResultsCookie(), operationOptions.getPageSize(), str, null, null, null);
                }, str2 -> {
                    return this.userApi.listUsers(null, null, null, str2, null, null, null);
                }, user -> {
                    return fromUser(user, hashSet);
                });
                return;
            }
            if (APPLICATION.equals(objectClass)) {
                doExecuteQuery(objectClass, oktaFilter, operationOptions.getPageSize(), operationOptions.getPagedResultsCookie(), resultsHandler, str3 -> {
                    return this.appApi.getApplication(str3, null);
                }, str4 -> {
                    return OktaPaginationApis.listApplications(this.appApi, null, operationOptions.getPagedResultsCookie(), operationOptions.getPageSize(), str4, null, null);
                }, str5 -> {
                    return this.appApi.listApplications(null, null, null, str5, null, null);
                }, application -> {
                    return fromApplication(application, hashSet);
                });
                return;
            }
            if (!ObjectClass.GROUP.equals(objectClass)) {
                throw new UnsupportedOperationException("Search of type" + objectClass.getObjectClassValue() + " is not supported");
            }
            Integer pageSize2 = operationOptions.getPageSize();
            String pagedResultsCookie2 = operationOptions.getPagedResultsCookie();
            GroupApi groupApi = this.groupApi;
            groupApi.getClass();
            doExecuteQuery(objectClass, oktaFilter, pageSize2, pagedResultsCookie2, resultsHandler, groupApi::getGroup, str6 -> {
                return OktaPaginationApis.listGroups(this.groupApi, null, str6, operationOptions.getPagedResultsCookie(), operationOptions.getPageSize(), null, null);
            }, str7 -> {
                return this.groupApi.listGroups(null, str7, null, null, null, null);
            }, group -> {
                return fromGroup(group, hashSet);
            });
        }
    }

    private long getLastLogEvent(ObjectClass objectClass) {
        String buildFilterByObjectClass = buildFilterByObjectClass(objectClass);
        if (StringUtil.isBlank(buildFilterByObjectClass)) {
            OktaUtils.handleGeneralError("Provide envenType for Sync");
        }
        List<LogEvent> listLogEvents = this.systemLogApi.listLogEvents(null, null, buildFilterByObjectClass, null, 1, GoogleAppsUtil.DESCENDING_ORDER, null);
        if (CollectionUtil.isEmpty(listLogEvents)) {
            return 0L;
        }
        return listLogEvents.get(0).getPublished().toInstant().toEpochMilli();
    }

    private List<LogEvent> getEvents(ObjectClass objectClass, OffsetDateTime offsetDateTime) {
        String buildFilterByObjectClass = buildFilterByObjectClass(objectClass);
        if (!StringUtil.isBlank(buildFilterByObjectClass)) {
            return this.systemLogApi.listLogEvents(offsetDateTime, null, buildFilterByObjectClass, null, null, GoogleAppsUtil.ASCENDING_ORDER, null);
        }
        LOG.info("Provide envenType for Sync {0}", objectClass);
        return null;
    }

    private String buildFilterByObjectClass(ObjectClass objectClass) {
        if (ObjectClass.ACCOUNT.equals(objectClass)) {
            return buildLogEventFilter(this.configuration.getUserEvents());
        }
        if (ObjectClass.GROUP.equals(objectClass)) {
            return buildLogEventFilter(this.configuration.getGroupEvents());
        }
        if (APPLICATION.equals(objectClass)) {
            return buildLogEventFilter(this.configuration.getApplicationEvents());
        }
        return null;
    }

    private String buildLogEventFilter(String[] strArr) {
        boolean z = true;
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            if (!z) {
                sb.append(" or ");
            }
            sb.append("eventType eq ");
            sb.append("\"");
            sb.append(str);
            sb.append("\"");
            z = false;
        }
        return sb.toString();
    }

    private ConnectorObject fromLogEvent(String str, long j, ObjectClass objectClass) {
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(objectClass);
        connectorObjectBuilder.setUid(str);
        connectorObjectBuilder.setName(str);
        connectorObjectBuilder.addAttribute(OktaAttribute.buildAttribute(Long.valueOf(j), "lastUpdated", Long.class).build());
        return connectorObjectBuilder.build();
    }

    private ConnectorObject fromUser(User user, Set<String> set) {
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(ObjectClass.ACCOUNT);
        connectorObjectBuilder.setUid(user.getId());
        connectorObjectBuilder.setName(user.getProfile().getLogin());
        connectorObjectBuilder.addAttributes(OktaAttribute.buildUserAttributes(this.userApi, user, this.schema.getSchema(), set));
        return connectorObjectBuilder.build();
    }

    private ConnectorObject fromApplication(Application application, Set<String> set) {
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(APPLICATION);
        connectorObjectBuilder.setUid(application.getId());
        connectorObjectBuilder.setName(application.getId());
        connectorObjectBuilder.addAttributes(OktaAttribute.buildApplicationAttributes(this.appApi, application, this.schema.getSchema(), set));
        return connectorObjectBuilder.build();
    }

    private ConnectorObject fromGroup(Group group, Set<String> set) {
        ConnectorObjectBuilder connectorObjectBuilder = new ConnectorObjectBuilder();
        connectorObjectBuilder.setObjectClass(ObjectClass.GROUP);
        connectorObjectBuilder.setUid(group.getId());
        connectorObjectBuilder.setName(group.getProfile().getName());
        connectorObjectBuilder.addAttributes(OktaAttribute.buildGroupAttributes(this.groupApi, group, this.schema.getSchema(), set));
        return connectorObjectBuilder.build();
    }

    private SyncDeltaBuilder buildSyncDelta(ConnectorObject connectorObject, LogEvent logEvent) {
        LOG.info("Build SyncDelta", new Object[0]);
        SyncDeltaBuilder syncDeltaBuilder = new SyncDeltaBuilder();
        syncDeltaBuilder.setToken(new SyncToken(Long.valueOf(isMembershipOperationEvent(logEvent.getEventType()) ? logEvent.getPublished().toInstant().toEpochMilli() : Long.parseLong(AttributeUtil.getSingleValue(connectorObject.getAttributeByName("lastUpdated")).toString()))));
        syncDeltaBuilder.setObject(connectorObject);
        syncDeltaBuilder.setDeltaType(getSyncDeltaTypeByEvent(logEvent.getEventType()));
        LOG.ok("SyncDeltaBuilder is ok", new Object[0]);
        return syncDeltaBuilder;
    }

    private SyncDeltaType getSyncDeltaTypeByEvent(String str) {
        if (OktaEventType.getValueByName(str) == null) {
            LOG.error("Okta event not found: {0}", str);
            OktaUtils.handleGeneralError("Okta event not defined");
        }
        return OktaEventType.getValueByName(str).getSyncDeltaType();
    }

    private boolean isDeleteEvent(String str) {
        return OktaEventType.getDeleteEventType().contains(str);
    }

    private boolean isMembershipOperationEvent(String str) {
        return OktaEventType.getMembershipOperationEventType().contains(str);
    }

    private void buildProfile(UserBuilder userBuilder, AttributesAccessor attributesAccessor, ObjectClass objectClass) {
        ObjectClassInfo findObjectClassInfo = this.schema.getSchema().findObjectClassInfo(objectClass.getObjectClassValue());
        attributesAccessor.listAttributeNames().stream().filter(str -> {
            return !NOT_FOR_PROFILE.contains(str);
        }).forEach(str2 -> {
            findObjectClassInfo.getAttributeInfo().stream().filter(attributeInfo -> {
                return attributeInfo.getName().equals(str2);
            }).findFirst().ifPresent(attributeInfo2 -> {
                if (!OktaAttribute.BASIC_PROFILE_ATTRIBUTES.contains(attributeInfo2.getName())) {
                    if (Boolean.class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getBooleanValue(attributesAccessor.find(str2)));
                        return;
                    }
                    if (Integer.class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getIntegerValue(attributesAccessor.find(str2)));
                        return;
                    }
                    if (Long.class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getLongValue(attributesAccessor.find(str2)));
                        return;
                    }
                    if (Float.class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getFloatValue(attributesAccessor.find(str2)));
                        return;
                    }
                    if (Double.class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getDoubleValue(attributesAccessor.find(str2)));
                        return;
                    }
                    if (Date.class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getDateValue(attributesAccessor.find(str2)));
                        return;
                    }
                    if (Byte[].class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getByteArrayValue(attributesAccessor.find(str2)));
                        return;
                    } else if (String.class.isInstance(attributeInfo2.getType())) {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getStringValue(attributesAccessor.find(str2)));
                        return;
                    } else {
                        userBuilder.setCustomProfileProperty(str2, AttributeUtil.getSingleValue(attributesAccessor.find(str2)));
                        return;
                    }
                }
                String name = attributeInfo2.getName();
                boolean z = -1;
                switch (name.hashCode()) {
                    case -1459599807:
                        if (name.equals("lastName")) {
                            z = true;
                            break;
                        }
                        break;
                    case -1327967764:
                        if (name.equals("mobilePhone")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 96619420:
                        if (name.equals("email")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 103149417:
                        if (name.equals("login")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 132835675:
                        if (name.equals("firstName")) {
                            z = false;
                            break;
                        }
                        break;
                    case 241221512:
                        if (name.equals("secondEmail")) {
                            z = 5;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        userBuilder.setFirstName(AttributeUtil.getStringValue(attributesAccessor.find(str2)));
                        return;
                    case true:
                        userBuilder.setLastName(AttributeUtil.getStringValue(attributesAccessor.find(str2)));
                        return;
                    case true:
                        userBuilder.setEmail(AttributeUtil.getStringValue(attributesAccessor.find(str2)));
                        return;
                    case true:
                        userBuilder.setLogin(AttributeUtil.getStringValue(attributesAccessor.find(str2)));
                        return;
                    case true:
                        userBuilder.setMobilePhone(AttributeUtil.getStringValue(attributesAccessor.find(str2)));
                        return;
                    case true:
                        userBuilder.setSecondEmail(AttributeUtil.getStringValue(attributesAccessor.find(str2)));
                        return;
                    default:
                        return;
                }
            });
        });
    }

    private void updateUserAttributes(User user, Set<Attribute> set) {
        ObjectClassInfo findObjectClassInfo = this.schema.getSchema().findObjectClassInfo(ObjectClass.ACCOUNT_NAME);
        set.stream().filter(attribute -> {
            return !NOT_FOR_PROFILE.contains(attribute.getName());
        }).forEach(attribute2 -> {
            findObjectClassInfo.getAttributeInfo().stream().filter(attributeInfo -> {
                return attributeInfo.getName().equals(attribute2.getName());
            }).findFirst().ifPresent(attributeInfo2 -> {
                if (CollectionUtil.isEmpty(attribute2.getValue())) {
                    return;
                }
                if (!OktaAttribute.BASIC_PROFILE_ATTRIBUTES.contains(attribute2.getName())) {
                    if (Boolean.class.isInstance(attributeInfo2.getType())) {
                        user.getProfile().getAdditionalProperties().put(attribute2.getName(), AttributeUtil.getBooleanValue(attribute2));
                        return;
                    }
                    if (Integer.class.isInstance(attributeInfo2.getType())) {
                        user.getProfile().getAdditionalProperties().put(attribute2.getName(), AttributeUtil.getIntegerValue(attribute2));
                        return;
                    } else if (String.class.isInstance(attributeInfo2.getType())) {
                        user.getProfile().getAdditionalProperties().put(attribute2.getName(), AttributeUtil.getStringValue(attribute2));
                        return;
                    } else {
                        user.getProfile().getAdditionalProperties().put(attribute2.getName(), AttributeUtil.getSingleValue(attribute2));
                        return;
                    }
                }
                String name = attributeInfo2.getName();
                boolean z = -1;
                switch (name.hashCode()) {
                    case -1459599807:
                        if (name.equals("lastName")) {
                            z = true;
                            break;
                        }
                        break;
                    case -1327967764:
                        if (name.equals("mobilePhone")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 96619420:
                        if (name.equals("email")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 103149417:
                        if (name.equals("login")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 132835675:
                        if (name.equals("firstName")) {
                            z = false;
                            break;
                        }
                        break;
                    case 241221512:
                        if (name.equals("secondEmail")) {
                            z = 5;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        user.getProfile().setFirstName(AttributeUtil.getStringValue(attribute2));
                        return;
                    case true:
                        user.getProfile().setLastName(AttributeUtil.getStringValue(attribute2));
                        return;
                    case true:
                        user.getProfile().setEmail(AttributeUtil.getStringValue(attribute2));
                        return;
                    case true:
                        user.getProfile().setLogin(AttributeUtil.getStringValue(attribute2));
                        return;
                    case true:
                        user.getProfile().setMobilePhone(AttributeUtil.getStringValue(attribute2));
                        return;
                    case true:
                        user.getProfile().setSecondEmail(AttributeUtil.getStringValue(attribute2));
                        return;
                    default:
                        return;
                }
            });
        });
    }

    private void updateUserStatus(User user, Attribute attribute) {
        if (attribute == null || CollectionUtil.isEmpty(attribute.getValue())) {
            LOG.warn("{0} attribute value not correct, can't handle User status update", OperationalAttributes.ENABLE_NAME);
            return;
        }
        boolean booleanValue = ((Boolean) attribute.getValue().get(0)).booleanValue();
        if (user.getStatus() == UserStatus.ACTIVE && !booleanValue) {
            this.userApi.suspendUser(user.getId());
            return;
        }
        if (user.getStatus() == UserStatus.SUSPENDED && booleanValue) {
            this.userApi.unsuspendUser(user.getId());
            return;
        }
        if (user.getStatus() == UserStatus.STAGED) {
            if (booleanValue) {
                this.userApi.activateUser(user.getId(), Boolean.FALSE);
                return;
            } else {
                LOG.ok("not suspending user {0} as in STAGED status", user.getId());
                return;
            }
        }
        if (user.getStatus() == UserStatus.DEPROVISIONED || booleanValue) {
            return;
        }
        this.userApi.deactivateUser(user.getId(), Boolean.FALSE);
    }

    private void selfPasswordUpdate(String str, String str2, String str3) {
        try {
            PasswordCredential passwordCredential = new PasswordCredential();
            passwordCredential.setValue(str2);
            PasswordCredential passwordCredential2 = new PasswordCredential();
            passwordCredential2.setValue(str3);
            ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest();
            changePasswordRequest.setOldPassword(passwordCredential);
            changePasswordRequest.setNewPassword(passwordCredential2);
            this.userApi.changePassword(str, changePasswordRequest, Boolean.FALSE);
            LOG.ok("Self change passsword user {0}" + str, new Object[0]);
        } catch (ResourceException e) {
            LOG.error(e, e.getMessage(), new Object[0]);
            if (CollectionUtil.isEmpty(e.getCauses())) {
                OktaUtils.handleGeneralError(e.getMessage(), e);
            } else {
                OktaUtils.handleGeneralError(e.getError().getCauses().get(0).getSummary());
            }
        } catch (Exception e2) {
            LOG.error(e2, e2.getMessage(), new Object[0]);
            OktaUtils.handleGeneralError(e2.getMessage(), e2);
        }
    }

    @Override // org.identityconnectors.framework.spi.Connector
    public void dispose() {
    }
}
