package org.nuxeo.ecm.directory.ldap;

import com.sun.jndi.ldap.LdapURL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import javax.naming.CompositeName;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.SchemaViolationException;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.common.utils.StringUtils;
import org.nuxeo.common.xmap.annotation.XNode;
import org.nuxeo.common.xmap.annotation.XNodeList;
import org.nuxeo.common.xmap.annotation.XObject;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.directory.AbstractReference;
import org.nuxeo.ecm.directory.BaseSession;
import org.nuxeo.ecm.directory.Directory;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.DirectoryFieldMapper;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.ldap.filter.FilterExpressionCorrector;

@XObject("ldapReference")
/* loaded from: input_file:org/nuxeo/ecm/directory/ldap/LDAPReference.class */
public class LDAPReference extends AbstractReference {

    @XNodeList(value = "dynamicReference", type = LDAPDynamicReferenceDescriptor[].class, componentType = LDAPDynamicReferenceDescriptor.class)
    private LDAPDynamicReferenceDescriptor[] dynamicReferences;

    @XNode("@forceDnConsistencyCheck")
    public boolean forceDnConsistencyCheck;
    protected LDAPDirectoryDescriptor targetDirectoryDescriptor;

    @XNode("@staticAttributeId")
    protected String staticAttributeId;

    @XNode("@dynamicAttributeId")
    protected String dynamicAttributeId;
    private static final Log log = LogFactory.getLog(LDAPReference.class);
    public static final List<String> EMPTY_STRING_LIST = Collections.emptyList();

    @XNode("@field")
    public void setFieldName(String str) {
        this.fieldName = str;
    }

    private LDAPFilterMatcher getFilterMatcher() {
        return new LDAPFilterMatcher();
    }

    public boolean isStatic() throws DirectoryException {
        return getStaticAttributeId() != null;
    }

    public String getStaticAttributeId() throws DirectoryException {
        return getStaticAttributeId(null);
    }

    public String getStaticAttributeId(DirectoryFieldMapper directoryFieldMapper) throws DirectoryException {
        if (this.staticAttributeId != null) {
            return this.staticAttributeId;
        }
        if (directoryFieldMapper == null) {
            directoryFieldMapper = getSourceDirectory().getFieldMapper();
        }
        String backendField = directoryFieldMapper.getBackendField(this.fieldName);
        if (this.fieldName.equals(backendField)) {
            return null;
        }
        log.warn(String.format("implicit static attribute definition through fieldMapping is deprecated, please update your setup with <ldapReference field=\"%s\" directory=\"%s\" staticAttributeId=\"%s\">", this.fieldName, this.sourceDirectoryName, backendField));
        return backendField;
    }

    public List<LDAPDynamicReferenceDescriptor> getDynamicAttributes() {
        return Arrays.asList(this.dynamicReferences);
    }

    public String getDynamicAttributeId() {
        return this.dynamicAttributeId;
    }

    public boolean isDynamic() {
        return this.dynamicAttributeId != null;
    }

    @XNode("@directory")
    public void setTargetDirectoryName(String str) {
        this.targetDirectoryName = str;
    }

    public Directory getSourceDirectory() throws DirectoryException {
        Directory sourceDirectory = super.getSourceDirectory();
        if (sourceDirectory instanceof LDAPDirectoryProxy) {
            return ((LDAPDirectoryProxy) sourceDirectory).getDirectory();
        }
        throw new DirectoryException(this.sourceDirectoryName + " is not a LDAPDirectory and thus cannot be used in a reference for " + this.fieldName);
    }

    public Directory getTargetDirectory() throws DirectoryException {
        Directory targetDirectory = super.getTargetDirectory();
        if (targetDirectory instanceof LDAPDirectoryProxy) {
            return ((LDAPDirectoryProxy) targetDirectory).getDirectory();
        }
        throw new DirectoryException(this.targetDirectoryName + " is not a LDAPDirectory and thus cannot be referenced as target by " + this.fieldName);
    }

    protected LDAPDirectory getTargetLDAPDirectory() throws DirectoryException {
        return getTargetDirectory();
    }

    protected LDAPDirectory getSourceLDAPDirectory() throws DirectoryException {
        return getSourceDirectory();
    }

    protected LDAPDirectoryDescriptor getTargetDirectoryDescriptor() throws DirectoryException {
        if (this.targetDirectoryDescriptor == null) {
            this.targetDirectoryDescriptor = getTargetLDAPDirectory().getConfig();
        }
        return this.targetDirectoryDescriptor;
    }

    public void addLinks(String str, List<String> list) throws DirectoryException {
        if (list.isEmpty()) {
            return;
        }
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        String staticAttributeId = getStaticAttributeId();
        if (staticAttributeId == null) {
            if (log.isTraceEnabled()) {
                log.trace(String.format("trying to edit a non-static reference from %s in directory %s: ignoring", str, sourceDirectory.getName()));
                return;
            }
            return;
        }
        LDAPSession session = targetDirectory.getSession();
        LDAPSession session2 = sourceDirectory.getSession();
        try {
            try {
                DocumentModel entry = session2.getEntry(str, false);
                if (entry == null) {
                    throw new DirectoryException(String.format("could not add links from unexisting %s in directory %s", str, sourceDirectory.getName()));
                }
                if (!BaseSession.isReadOnlyEntry(entry)) {
                    SearchResult ldapEntry = session2.getLdapEntry(str);
                    String nameInNamespace = ldapEntry.getNameInNamespace();
                    Attribute attribute = ldapEntry.getAttributes().get(staticAttributeId);
                    String emptyRefMarker = sourceDirectory.getConfig().getEmptyRefMarker();
                    BasicAttribute basicAttribute = new BasicAttribute(staticAttributeId);
                    for (String str2 : list) {
                        SearchResult ldapEntry2 = session.getLdapEntry(str2);
                        if (ldapEntry2 == null) {
                            log.warn(String.format("entry '%s' in directory '%s' not found: could not add link from '%s' in directory '%s' for '%s'", str2, targetDirectory.getName(), str, sourceDirectory.getName(), this));
                        } else {
                            String nameInNamespace2 = ldapEntry2.getNameInNamespace();
                            if (attribute == null || !attribute.contains(nameInNamespace2)) {
                                basicAttribute.add(nameInNamespace2);
                            }
                        }
                    }
                    if (basicAttribute.size() > 0) {
                        try {
                            BasicAttributes basicAttributes = new BasicAttributes();
                            basicAttributes.put(basicAttribute);
                            if (log.isDebugEnabled()) {
                                log.debug(String.format("LDAPReference.addLinks(%s, [%s]): LDAP modifyAttributes dn='%s' mod_op='ADD_ATTRIBUTE' attrs='%s' [%s]", str, StringUtils.join(list, ", "), nameInNamespace, basicAttributes, this));
                            }
                            session2.dirContext.modifyAttributes(nameInNamespace, 1, basicAttributes);
                            if (attribute.contains(emptyRefMarker)) {
                                BasicAttributes basicAttributes2 = new BasicAttributes(staticAttributeId, emptyRefMarker);
                                if (log.isDebugEnabled()) {
                                    log.debug(String.format("LDAPReference.addLinks(%s, [%s]): LDAP modifyAttributes dn='%s' mod_op='REMOVE_ATTRIBUTE' attrs='%s' [%s]", str, StringUtils.join(list, ", "), nameInNamespace, basicAttributes2, this));
                                }
                                session2.dirContext.modifyAttributes(nameInNamespace, 3, basicAttributes2);
                            }
                        } catch (SchemaViolationException e) {
                            if (!isDynamic()) {
                                throw new DirectoryException(e);
                            }
                            log.warn(String.format("cannot update dynamic reference in field %s for source %s", getFieldName(), str));
                        }
                    }
                }
            } catch (NamingException e2) {
                throw new DirectoryException("addLinks failed: " + e2.getMessage(), e2);
            }
        } finally {
            session2.close();
            session.close();
        }
    }

    public void addLinks(List<String> list, String str) throws DirectoryException {
        String staticAttributeId = getStaticAttributeId();
        if (staticAttributeId == null && !list.isEmpty()) {
            log.warn("trying to edit a non-static reference: ignoring");
            return;
        }
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPSession session = targetDirectory.getSession();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        LDAPSession session2 = sourceDirectory.getSession();
        String emptyRefMarker = sourceDirectory.getConfig().getEmptyRefMarker();
        try {
            try {
                if (!session2.isReadOnly()) {
                    SearchResult ldapEntry = session.getLdapEntry(str);
                    if (ldapEntry == null) {
                        throw new DirectoryException(String.format("could not add links to unexisting %s in directory %s", str, targetDirectory.getName()));
                    }
                    String nameInNamespace = ldapEntry.getNameInNamespace();
                    for (String str2 : list) {
                        DocumentModel entry = session2.getEntry(str2, false);
                        if (entry == null) {
                            log.warn(String.format("entry %s in directory %s not found: could not add link to %s in directory %s", str2, sourceDirectory.getName(), str, targetDirectory.getName()));
                        } else if (BaseSession.isReadOnlyEntry(entry)) {
                            log.warn(String.format("entry %s in directory %s is readonly: could not add link to %s in directory %s", str2, sourceDirectory.getName(), str, targetDirectory.getName()));
                        } else {
                            SearchResult ldapEntry2 = session2.getLdapEntry(str2);
                            String nameInNamespace2 = ldapEntry2.getNameInNamespace();
                            Attribute attribute = ldapEntry2.getAttributes().get(staticAttributeId);
                            try {
                                BasicAttributes basicAttributes = new BasicAttributes(staticAttributeId, nameInNamespace);
                                if (log.isDebugEnabled()) {
                                    log.debug(String.format("LDAPReference.addLinks([%s], %s): LDAP modifyAttributes dn='%s' mod_op='ADD_ATTRIBUTE' attrs='%s' [%s]", StringUtils.join(list, ", "), str, nameInNamespace2, basicAttributes, this));
                                }
                                session2.dirContext.modifyAttributes(nameInNamespace2, 1, basicAttributes);
                                if (attribute.contains(emptyRefMarker)) {
                                    BasicAttributes basicAttributes2 = new BasicAttributes(staticAttributeId, emptyRefMarker);
                                    if (log.isDebugEnabled()) {
                                        log.debug(String.format("LDAPReference.addLinks(%s, %s): LDAP modifyAttributes dn='%s' mod_op='REMOVE_ATTRIBUTE' attrs='%s' [%s]", StringUtils.join(list, ", "), str, nameInNamespace2, basicAttributes2.toString(), this));
                                    }
                                    session2.dirContext.modifyAttributes(nameInNamespace2, 3, basicAttributes2);
                                }
                            } catch (SchemaViolationException e) {
                                if (!isDynamic()) {
                                    throw new DirectoryException(e);
                                }
                                log.warn(String.format("cannot add dynamic reference in field %s for target %s", getFieldName(), str));
                            }
                        }
                    }
                }
            } catch (NamingException e2) {
                throw new DirectoryException("addLinks failed: " + e2.getMessage(), e2);
            }
        } finally {
            session2.close();
            session.close();
        }
    }

    public List<String> getSourceIdsForTarget(String str) throws DirectoryException {
        Object obj;
        TreeSet treeSet = new TreeSet();
        SearchResult searchResult = null;
        String staticAttributeId = getStaticAttributeId();
        if (staticAttributeId != null) {
            LDAPSession session = getTargetLDAPDirectory().getSession();
            try {
                try {
                    searchResult = session.getLdapEntry(str, true);
                    if (searchResult == null) {
                        throw new DirectoryException(String.format("Failed to perform inverse lookup on LDAPReference resolving field '%s' of '%s' to entries of '%s' using the static content of attribute '%s': entry '%s' cannot be found in '%s'", this.fieldName, this.sourceDirectory, this.targetDirectoryName, staticAttributeId, str, this.targetDirectoryName));
                    }
                    String pseudoNormalizeDn = pseudoNormalizeDn(searchResult.getNameInNamespace());
                    session.close();
                    LDAPDirectory sourceLDAPDirectory = getSourceLDAPDirectory();
                    String format = String.format("(&(%s={0})%s)", staticAttributeId, sourceLDAPDirectory.getBaseFilter());
                    String[] strArr = {pseudoNormalizeDn};
                    String searchBaseDn = sourceLDAPDirectory.getConfig().getSearchBaseDn();
                    session = sourceLDAPDirectory.getSession();
                    SearchControls searchControls = sourceLDAPDirectory.getSearchControls();
                    try {
                        try {
                            if (log.isDebugEnabled()) {
                                log.debug(String.format("LDAPReference.getSourceIdsForTarget(%s): LDAP search search base='%s' filter='%s' args='%s' scope='%s' [%s]", str, searchBaseDn, format, StringUtils.join(strArr, ", "), Integer.valueOf(searchControls.getSearchScope()), this));
                            }
                            NamingEnumeration search = session.dirContext.search(searchBaseDn, format, strArr, searchControls);
                            while (search.hasMore()) {
                                Attribute attribute = ((SearchResult) search.next()).getAttributes().get(session.idAttribute);
                                if (attribute != null && (obj = attribute.get()) != null) {
                                    treeSet.add(obj.toString());
                                }
                            }
                            session.close();
                        } catch (NamingException e) {
                            throw new DirectoryException("error during reference search for " + pseudoNormalizeDn, e);
                        }
                    } finally {
                    }
                } catch (NamingException e2) {
                    throw new DirectoryException("error fetching " + str + " from " + this.targetDirectoryName + ": " + e2.getMessage(), e2);
                }
            } finally {
            }
        }
        String str2 = this.dynamicAttributeId;
        if (str2 != null) {
            LDAPDirectory sourceLDAPDirectory2 = getSourceLDAPDirectory();
            LDAPDirectory targetLDAPDirectory = getTargetLDAPDirectory();
            String searchBaseDn2 = sourceLDAPDirectory2.getConfig().getSearchBaseDn();
            LDAPSession session2 = sourceLDAPDirectory2.getSession();
            LDAPSession session3 = targetLDAPDirectory.getSession();
            try {
                if (searchResult == null) {
                    try {
                        searchResult = session3.getLdapEntry(str, true);
                    } catch (Exception e3) {
                        throw new DirectoryException("error during reference search for " + str, e3);
                    }
                }
                if (searchResult == null) {
                    throw new DirectoryException(String.format("Failed to perform inverse lookup on LDAPReference resolving field '%s' of '%s' to entries of '%s' using the dynamic content of attribute '%s': entry '%s' cannot be found in '%s'", this.fieldName, sourceLDAPDirectory2, this.targetDirectoryName, str2, str, this.targetDirectoryName));
                }
                String pseudoNormalizeDn2 = pseudoNormalizeDn(searchResult.getNameInNamespace());
                Attributes attributes = searchResult.getAttributes();
                SearchControls searchControls2 = sourceLDAPDirectory2.getSearchControls();
                String format2 = String.format("%s=*", str2);
                if (log.isDebugEnabled()) {
                    log.debug(String.format("LDAPReference.getSourceIdsForTarget(%s): LDAP search search base='%s' filter='%s' scope='%s' [%s]", str, searchBaseDn2, format2, Integer.valueOf(searchControls2.getSearchScope()), this));
                }
                NamingEnumeration search2 = session2.dirContext.search(searchBaseDn2, format2, searchControls2);
                while (search2.hasMore()) {
                    Attributes attributes2 = ((SearchResult) search2.next()).getAttributes();
                    NamingEnumeration all = attributes2.get(str2).getAll();
                    while (all.hasMore()) {
                        LdapURL ldapURL = new LdapURL(all.next().toString());
                        String pseudoNormalizeDn3 = pseudoNormalizeDn(ldapURL.getDN());
                        if (pseudoNormalizeDn2.endsWith(pseudoNormalizeDn3) && (!"onelevel".equals(ldapURL.getScope()) || pseudoNormalizeDn2.split(",").length - pseudoNormalizeDn3.split(",").length <= 1)) {
                            if (getFilterMatcher().match(attributes, ldapURL.getFilter())) {
                                treeSet.add(attributes2.get(session2.idAttribute).get().toString());
                            }
                        }
                    }
                }
            } finally {
                session2.close();
                session3.close();
            }
        }
        if (this.dynamicReferences != null && this.dynamicReferences.length > 0) {
            log.error("This kind of reference is not supported.");
        }
        return new ArrayList(treeSet);
    }

    public List<String> getTargetIdsForSource(String str) throws DirectoryException {
        Session session = getSourceDirectory().getSession();
        try {
            try {
                List<String> list = (List) session.getEntry(str).getProperty(getSourceDirectory().getSchema(), this.fieldName);
                session.close();
                return list;
            } catch (ClientException e) {
                throw new DirectoryException(e);
            }
        } catch (Throwable th) {
            session.close();
            throw th;
        }
    }

    protected static String pseudoNormalizeDn(String str) {
        return str.replaceAll(", ", ",").toLowerCase();
    }

    public List<String> getLdapTargetIds(Attributes attributes) throws DirectoryException {
        String trim;
        TreeSet treeSet = new TreeSet();
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPDirectoryDescriptor targetDirectoryDescriptor = getTargetDirectoryDescriptor();
        LDAPSession lDAPSession = (LDAPSession) targetDirectory.getSession();
        try {
            try {
                String pseudoNormalizeDn = pseudoNormalizeDn(targetDirectoryDescriptor.getSearchBaseDn());
                String staticAttributeId = getStaticAttributeId();
                Attribute attribute = null;
                if (staticAttributeId != null) {
                    attribute = attributes.get(staticAttributeId);
                }
                if (attribute != null) {
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMore()) {
                        String obj = all.next().toString();
                        if (pseudoNormalizeDn(obj).endsWith(pseudoNormalizeDn)) {
                            if (lDAPSession.rdnMatchesIdField()) {
                                trim = obj.substring(obj.indexOf(61) + 1, obj.indexOf(44)).trim();
                            } else {
                                trim = getIdForDn(lDAPSession, obj);
                                if (trim == null) {
                                    log.warn(String.format("ignoring target '%s' (missing attribute '%s') while resolving reference '%s'", obj, lDAPSession.idAttribute, this));
                                }
                            }
                            if (!this.forceDnConsistencyCheck || lDAPSession.hasEntry(trim)) {
                                if (trim != null) {
                                    treeSet.add(trim);
                                }
                            } else if (log.isTraceEnabled()) {
                                log.trace(String.format("ignoring target '%s' when resolving '%s' (not part of target directory by forced DN consistency check)", obj, this));
                            }
                        } else if (log.isTraceEnabled()) {
                            log.trace(String.format("ignoring: dn='%s' (does not match '%s') for '%s'", obj, pseudoNormalizeDn, this));
                        }
                    }
                }
                String str = this.dynamicAttributeId;
                Attribute attribute2 = null;
                if (str != null) {
                    attribute2 = attributes.get(str);
                }
                if (attribute2 != null) {
                    NamingEnumeration all2 = attribute2.getAll();
                    while (all2.hasMore()) {
                        LdapURL ldapURL = new LdapURL(all2.next().toString());
                        String pseudoNormalizeDn2 = pseudoNormalizeDn(ldapURL.getDN());
                        String pseudoNormalizeDn3 = pseudoNormalizeDn(targetDirectoryDescriptor.getSearchBaseDn());
                        int i = 1;
                        String scope = ldapURL.getScope();
                        if (scope != null && scope.toLowerCase().startsWith("sub")) {
                            i = 2;
                        }
                        if (pseudoNormalizeDn2.endsWith(pseudoNormalizeDn3) || pseudoNormalizeDn3.endsWith(pseudoNormalizeDn2)) {
                            if (!pseudoNormalizeDn3.endsWith(pseudoNormalizeDn2) || pseudoNormalizeDn2.length() >= pseudoNormalizeDn3.length() || i != 1) {
                                treeSet.addAll(getReferencedElements(attributes, pseudoNormalizeDn3, pseudoNormalizeDn2, ldapURL.getFilter(), i));
                            }
                        }
                    }
                }
                if (this.dynamicReferences != null && this.dynamicReferences.length > 0) {
                    LDAPDynamicReferenceDescriptor lDAPDynamicReferenceDescriptor = this.dynamicReferences[0];
                    Attribute attribute3 = attributes.get(lDAPDynamicReferenceDescriptor.baseDN);
                    Attribute attribute4 = attributes.get(lDAPDynamicReferenceDescriptor.filter);
                    if (attribute3 != null && attribute4 != null) {
                        String pseudoNormalizeDn4 = pseudoNormalizeDn(attribute3.getAll().next().toString());
                        String obj2 = attribute4.getAll().next().toString();
                        int i2 = "subtree".equalsIgnoreCase(lDAPDynamicReferenceDescriptor.type) ? 2 : 1;
                        String pseudoNormalizeDn5 = pseudoNormalizeDn(targetDirectoryDescriptor.getSearchBaseDn());
                        if ((pseudoNormalizeDn4.endsWith(pseudoNormalizeDn5) || pseudoNormalizeDn5.endsWith(pseudoNormalizeDn4)) && (!pseudoNormalizeDn5.endsWith(pseudoNormalizeDn4) || pseudoNormalizeDn4.length() >= pseudoNormalizeDn5.length() || i2 != 1)) {
                            treeSet.addAll(getReferencedElements(attributes, pseudoNormalizeDn5, pseudoNormalizeDn4, FilterExpressionCorrector.correctFilter(obj2, FilterExpressionCorrector.FilterJobs.CORRECT_NOT), i2));
                        }
                    }
                }
                ArrayList arrayList = new ArrayList(treeSet);
                lDAPSession.close();
                return arrayList;
            } catch (NamingException e) {
                throw new DirectoryException("error computing LDAP references", e);
            }
        } catch (Throwable th) {
            lDAPSession.close();
            throw th;
        }
    }

    protected String getIdForDn(LDAPSession lDAPSession, String str) {
        String[] strArr = {lDAPSession.idAttribute};
        try {
            if (log.isDebugEnabled()) {
                log.debug(String.format("LDAPReference.getIdForDn(session, %s): LDAP get dn='%s' attribute ids to collect='%s' [%s]", str, str, StringUtils.join(strArr, ", "), this));
            }
            Attribute attribute = lDAPSession.dirContext.getAttributes(new CompositeName().add(str), strArr).get(lDAPSession.idAttribute);
            if (attribute == null) {
                return null;
            }
            try {
                return attribute.get().toString();
            } catch (NamingException e) {
                return null;
            }
        } catch (NamingException e2) {
            return null;
        }
    }

    private Set<String> getReferencedElements(Attributes attributes, String str, String str2, String str3, int i) throws DirectoryException, NamingException {
        String obj;
        TreeSet treeSet = new TreeSet();
        LDAPDirectoryDescriptor targetDirectoryDescriptor = getTargetDirectoryDescriptor();
        LDAPSession session = getTargetDirectory().getSession();
        String str4 = (!str.endsWith(str2) || str.length() <= str2.length()) ? str2 : str;
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(Math.min(i, targetDirectoryDescriptor.getSearchScope()));
        searchControls.setReturningAttributes(new String[]{session.idAttribute});
        String searchFilter = targetDirectoryDescriptor.getSearchFilter();
        if (str3 == null || str3.length() == 0) {
            str3 = searchFilter;
        } else if (searchFilter != null && searchFilter.length() > 0) {
            str3 = String.format("(&(%s)(%s))", searchFilter, str3);
        }
        if (log.isDebugEnabled()) {
            log.debug(String.format("LDAPReference.getLdapTargetIds(%s): LDAP search dn='%s'  filter='%s' scope='%s' [%s]", attributes, str4, str4, Integer.valueOf(searchControls.getSearchScope()), this));
        }
        NamingEnumeration search = session.dirContext.search(new CompositeName().add(str4), str3, searchControls);
        while (search.hasMore()) {
            Attribute attribute = ((SearchResult) search.next()).getAttributes().get(session.idAttribute);
            if (attribute != null && (obj = attribute.get().toString()) != null) {
                treeSet.add(obj);
            }
        }
        return treeSet;
    }

    public void removeLinksForSource(String str) throws DirectoryException {
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        LDAPSession session = sourceDirectory.getSession();
        LDAPSession lDAPSession = (LDAPSession) targetDirectory.getSession();
        String staticAttributeId = getStaticAttributeId();
        try {
            try {
                if (session.isReadOnly() || staticAttributeId == null) {
                    return;
                }
                SearchResult ldapEntry = session.getLdapEntry(str);
                if (ldapEntry == null) {
                    throw new DirectoryException(String.format("cannot edit the links hold by missing entry '%s' in directory '%s'", str, sourceDirectory.getName()));
                }
                String pseudoNormalizeDn = pseudoNormalizeDn(ldapEntry.getNameInNamespace());
                BasicAttribute basicAttribute = ldapEntry.getAttributes().get(staticAttributeId);
                if (basicAttribute == null) {
                    basicAttribute = new BasicAttribute(staticAttributeId);
                }
                BasicAttribute basicAttribute2 = new BasicAttribute(staticAttributeId);
                NamingEnumeration all = basicAttribute.getAll();
                String pseudoNormalizeDn2 = pseudoNormalizeDn(targetDirectory.getConfig().getSearchBaseDn());
                while (all.hasMore()) {
                    String pseudoNormalizeDn3 = pseudoNormalizeDn(all.next().toString());
                    if (this.forceDnConsistencyCheck) {
                        String idForDn = getIdForDn(lDAPSession, pseudoNormalizeDn3);
                        if (idForDn != null && lDAPSession.hasEntry(idForDn)) {
                            basicAttribute2.add(pseudoNormalizeDn3);
                        }
                    } else if (pseudoNormalizeDn3.endsWith(pseudoNormalizeDn2)) {
                        basicAttribute2.add(pseudoNormalizeDn3);
                    }
                }
                try {
                    if (basicAttribute2.size() == basicAttribute.size()) {
                        BasicAttributes basicAttributes = new BasicAttributes(staticAttributeId, sourceDirectory.getConfig().getEmptyRefMarker());
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("LDAPReference.removeLinksForSource(%s): LDAP modifyAttributes dn='%s'  mod_op='REPLACE_ATTRIBUTE' attrs='%s' [%s]", str, pseudoNormalizeDn, basicAttributes, this));
                        }
                        session.dirContext.modifyAttributes(pseudoNormalizeDn, 2, basicAttributes);
                    } else if (basicAttribute2.size() > 0) {
                        BasicAttributes basicAttributes2 = new BasicAttributes();
                        basicAttributes2.put(basicAttribute2);
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("LDAPReference.removeLinksForSource(%s): LDAP modifyAttributes dn='%s'  mod_op='REMOVE_ATTRIBUTE' attrs='%s' [%s]", str, pseudoNormalizeDn, basicAttributes2, this));
                        }
                        session.dirContext.modifyAttributes(pseudoNormalizeDn, 3, basicAttributes2);
                    }
                } catch (SchemaViolationException e) {
                    if (!isDynamic()) {
                        throw new DirectoryException(e);
                    }
                    log.warn(String.format("cannot remove dynamic reference in field %s for source %s", getFieldName(), str));
                }
                session.close();
                lDAPSession.close();
            } catch (NamingException e2) {
                throw new DirectoryException("removeLinksForSource failed: " + e2.getMessage(), e2);
            }
        } finally {
            session.close();
            lDAPSession.close();
        }
    }

    public void removeLinksForTarget(String str) throws DirectoryException {
        String pseudoNormalizeDn;
        LDAPDirectory targetDirectory = getTargetDirectory();
        LDAPSession session = targetDirectory.getSession();
        LDAPDirectory sourceDirectory = getSourceDirectory();
        LDAPSession session2 = sourceDirectory.getSession();
        String staticAttributeId = getStaticAttributeId();
        try {
            try {
                if (!session2.isReadOnly()) {
                    SearchResult ldapEntry = session.getLdapEntry(str);
                    if (ldapEntry == null) {
                        String rdnAttribute = targetDirectory.getConfig().getRdnAttribute();
                        if (!rdnAttribute.equals(session.idAttribute)) {
                            log.warn(String.format("cannot remove links to missing entry %s in directory %s for reference %s", str, targetDirectory.getName(), this));
                            session2.close();
                            session.close();
                            return;
                        }
                        pseudoNormalizeDn = String.format("%s=%s,%s", rdnAttribute, str, targetDirectory.getConfig().getSearchBaseDn());
                    } else {
                        pseudoNormalizeDn = pseudoNormalizeDn(ldapEntry.getNameInNamespace());
                    }
                    String format = String.format("(%s=%s)", staticAttributeId, pseudoNormalizeDn);
                    String baseFilter = sourceDirectory.getBaseFilter();
                    if (baseFilter != null && !"".equals(baseFilter)) {
                        format = String.format("(&(%s)(%s))", format, baseFilter);
                    }
                    SearchControls searchControls = new SearchControls();
                    searchControls.setSearchScope(sourceDirectory.getConfig().getSearchScope());
                    searchControls.setReturningAttributes(new String[]{staticAttributeId});
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("LDAPReference.removeLinksForTarget(%s): LDAP search dn='%s'  filter='%s' scope='%s' [%s]", str, session2.searchBaseDn, format, Integer.valueOf(searchControls.getSearchScope()), this));
                    }
                    NamingEnumeration search = session2.dirContext.search(session2.searchBaseDn, format, searchControls);
                    BasicAttributes basicAttributes = new BasicAttributes(staticAttributeId, sourceDirectory.getConfig().getEmptyRefMarker());
                    while (search.hasMore()) {
                        SearchResult searchResult = (SearchResult) search.next();
                        Attributes attributes = searchResult.getAttributes();
                        try {
                            if (attributes.get(staticAttributeId).size() == 1) {
                                if (log.isDebugEnabled()) {
                                    log.debug(String.format("LDAPReference.removeLinksForTarget(%s): LDAP modifyAttributes dn='%s' mod_op='ADD_ATTRIBUTE' attrs='%s' [%s]", str, searchResult.getNameInNamespace(), attributes, this));
                                }
                                session2.dirContext.modifyAttributes(searchResult.getNameInNamespace(), 1, basicAttributes);
                            }
                            BasicAttributes basicAttributes2 = new BasicAttributes();
                            BasicAttribute basicAttribute = new BasicAttribute(staticAttributeId);
                            basicAttribute.add(pseudoNormalizeDn);
                            basicAttributes2.put(basicAttribute);
                            if (log.isDebugEnabled()) {
                                log.debug(String.format("LDAPReference.removeLinksForTarget(%s): LDAP modifyAttributes dn='%s' mod_op='REMOVE_ATTRIBUTE' attrs='%s' [%s]", str, searchResult.getNameInNamespace(), basicAttributes2, this));
                            }
                            session2.dirContext.modifyAttributes(searchResult.getNameInNamespace(), 3, basicAttributes2);
                        } catch (SchemaViolationException e) {
                            if (!isDynamic()) {
                                throw new DirectoryException(e);
                            }
                            log.warn(String.format("cannot remove dynamic reference in field %s for target %s", getFieldName(), str));
                        }
                    }
                }
            } catch (NamingException e2) {
                throw new DirectoryException("removeLinksForTarget failed: " + e2.getMessage(), e2);
            }
        } finally {
            session2.close();
            session.close();
        }
    }

    public void setSourceIdsForTarget(String str, List<String> list) throws DirectoryException {
        removeLinksForTarget(str);
        addLinks(list, str);
    }

    public void setTargetIdsForSource(String str, List<String> list) throws DirectoryException {
        removeLinksForSource(str);
        addLinks(str, list);
    }

    public String toString() {
        return String.format("LDAPReference to resolve field='%s' of sourceDirectory='%s' with targetDirectory='%s' and staticAttributeId='%s', dynamicAttributeId='%s'", this.fieldName, this.sourceDirectoryName, this.targetDirectoryName, this.staticAttributeId, this.dynamicAttributeId);
    }
}
