package org.apache.syncope.core.sync.impl;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.syncope.common.mod.AbstractAttributableMod;
import org.apache.syncope.common.mod.MembershipMod;
import org.apache.syncope.common.mod.UserMod;
import org.apache.syncope.common.to.AbstractAttributableTO;
import org.apache.syncope.common.to.RoleTO;
import org.apache.syncope.common.types.ConnConfProperty;
import org.apache.syncope.core.notification.NotificationManager;
import org.apache.syncope.core.persistence.beans.ExternalResource;
import org.apache.syncope.core.persistence.beans.membership.Membership;
import org.apache.syncope.core.persistence.beans.role.SyncopeRole;
import org.apache.syncope.core.persistence.dao.RoleDAO;
import org.apache.syncope.core.propagation.Connector;
import org.apache.syncope.core.propagation.PropagationException;
import org.apache.syncope.core.propagation.PropagationTaskExecutor;
import org.apache.syncope.core.propagation.impl.PropagationManager;
import org.apache.syncope.core.sync.DefaultSyncActions;
import org.apache.syncope.core.sync.SyncResult;
import org.apache.syncope.core.workflow.WorkflowResult;
import org.apache.syncope.core.workflow.user.UserWorkflowAdapter;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationOptionsBuilder;
import org.identityconnectors.framework.common.objects.SyncDelta;
import org.identityconnectors.framework.common.objects.SyncResultsHandler;
import org.quartz.JobExecutionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:WEB-INF/classes/org/apache/syncope/core/sync/impl/LDAPMembershipSyncActions.class */
public class LDAPMembershipSyncActions extends DefaultSyncActions {
    protected static final Logger LOG = LoggerFactory.getLogger(LDAPMembershipSyncActions.class);

    @Autowired
    protected RoleDAO roleDAO;

    @Autowired
    protected UserWorkflowAdapter uwfAdapter;

    @Autowired
    protected PropagationManager propagationManager;

    @Autowired
    private PropagationTaskExecutor taskExecutor;

    @Autowired
    private NotificationManager notificationManager;
    protected Map<Long, Long> membersBeforeRoleUpdate = Collections.emptyMap();

    protected String getGroupMembershipAttrName(Connector connector) {
        Iterator<ConnConfProperty> it = connector.getActiveConnInstance().getConfiguration().iterator();
        String str = "uniquemember";
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ConnConfProperty next = it.next();
            if ("groupMemberAttribute".equals(next.getSchema().getName()) && next.getValues() != null && !next.getValues().isEmpty()) {
                str = (String) next.getValues().get(0);
                break;
            }
        }
        return str;
    }

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    @Transactional(readOnly = true)
    public <T extends AbstractAttributableTO, K extends AbstractAttributableMod> SyncDelta beforeUpdate(SyncResultsHandler syncResultsHandler, SyncDelta syncDelta, T t, K k) throws JobExecutionException {
        SyncopeRole find;
        if ((t instanceof RoleTO) && (find = this.roleDAO.find(Long.valueOf(t.getId()))) != null) {
            List<Membership> findMemberships = this.roleDAO.findMemberships(find);
            this.membersBeforeRoleUpdate = new HashMap(findMemberships.size());
            for (Membership membership : findMemberships) {
                this.membersBeforeRoleUpdate.put(membership.getSyncopeUser().getId(), membership.getId());
            }
        }
        return super.beforeUpdate(syncResultsHandler, syncDelta, t, k);
    }

    protected UserMod getUserMod(Long l, RoleTO roleTO) {
        UserMod userMod = new UserMod();
        if (this.membersBeforeRoleUpdate.containsKey(l)) {
            this.membersBeforeRoleUpdate.remove(l);
        } else {
            userMod.setId(l.longValue());
            MembershipMod membershipMod = new MembershipMod();
            membershipMod.setRole(roleTO.getId());
            userMod.addMembershipToBeAdded(membershipMod);
        }
        return userMod;
    }

    protected List<Object> getMembAttrValues(SyncDelta syncDelta, Connector connector) {
        List<Object> emptyList = Collections.emptyList();
        String groupMembershipAttrName = getGroupMembershipAttrName(connector);
        Attribute attributeByName = syncDelta.getObject().getAttributeByName(groupMembershipAttrName);
        if (attributeByName == null) {
            OperationOptionsBuilder operationOptionsBuilder = new OperationOptionsBuilder();
            operationOptionsBuilder.setAttributesToGet(groupMembershipAttrName);
            attributeByName = connector.getObjectAttribute(ObjectClass.GROUP, syncDelta.getUid(), operationOptionsBuilder.build(), groupMembershipAttrName);
        }
        if (attributeByName != null && attributeByName.getValue() != null) {
            emptyList = attributeByName.getValue();
        }
        return emptyList;
    }

    protected void userUpdate(UserMod userMod, String str) {
        if (userMod.getId() == 0) {
            return;
        }
        try {
            WorkflowResult<Map.Entry<Long, Boolean>> update = this.uwfAdapter.update(userMod);
            this.taskExecutor.execute(this.propagationManager.getUserUpdateTaskIds(update, userMod.getPassword(), userMod.getVirtualAttributesToBeRemoved(), userMod.getVirtualAttributesToBeUpdated(), Collections.singleton(str)));
            this.notificationManager.createTasks(update.getResult().getKey(), update.getPerformedTasks());
        } catch (PropagationException e) {
            LOG.error("Could not propagate {}", userMod, e);
        } catch (Exception e2) {
            LOG.error("Could not perform update {}", userMod, e2);
        }
    }

    protected void synchronizeMemberships(SyncopeSyncResultHandler syncopeSyncResultHandler, SyncDelta syncDelta, RoleTO roleTO) throws JobExecutionException {
        ExternalResource resource = syncopeSyncResultHandler.getSyncTask().getResource();
        Iterator<Object> it = getMembAttrValues(syncDelta, syncopeSyncResultHandler.getConnector()).iterator();
        while (it.hasNext()) {
            Long findMatchingAttributableId = syncopeSyncResultHandler.findMatchingAttributableId(ObjectClass.ACCOUNT, it.next().toString());
            if (findMatchingAttributableId != null) {
                userUpdate(getUserMod(findMatchingAttributableId, roleTO), resource.getName());
            }
        }
        for (Map.Entry<Long, Long> entry : this.membersBeforeRoleUpdate.entrySet()) {
            UserMod userMod = new UserMod();
            userMod.setId(entry.getKey().longValue());
            userMod.addMembershipToBeRemoved(entry.getValue());
            userUpdate(userMod, resource.getName());
        }
    }

    @Override // org.apache.syncope.core.sync.DefaultSyncActions, org.apache.syncope.core.sync.SyncActions
    public <T extends AbstractAttributableTO> void after(SyncResultsHandler syncResultsHandler, SyncDelta syncDelta, T t, SyncResult syncResult) throws JobExecutionException {
        if (syncResultsHandler instanceof SyncopeSyncResultHandler) {
            SyncopeSyncResultHandler syncopeSyncResultHandler = (SyncopeSyncResultHandler) syncResultsHandler;
            if (!(t instanceof RoleTO) || syncopeSyncResultHandler.getSyncTask().getResource().getUmapping() == null) {
                super.after(syncResultsHandler, syncDelta, t, syncResult);
            } else {
                synchronizeMemberships(syncopeSyncResultHandler, syncDelta, (RoleTO) t);
            }
        }
    }
}
