package net.tirasa.connid.bundles.ad.crud;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import net.tirasa.adsddl.ntsd.SID;
import net.tirasa.adsddl.ntsd.utils.Hex;
import net.tirasa.adsddl.ntsd.utils.NumberFacility;
import net.tirasa.connid.bundles.ad.ADConfiguration;
import net.tirasa.connid.bundles.ad.ADConnection;
import net.tirasa.connid.bundles.ad.ADConnector;
import net.tirasa.connid.bundles.ad.util.ADGuardedPasswordAttribute;
import net.tirasa.connid.bundles.ad.util.ADUtilities;
import net.tirasa.connid.bundles.ldap.commons.GroupHelper;
import net.tirasa.connid.bundles.ldap.commons.LdapConstants;
import net.tirasa.connid.bundles.ldap.commons.LdapEntry;
import net.tirasa.connid.bundles.ldap.commons.LdapModifyOperation;
import net.tirasa.connid.bundles.ldap.commons.LdapUtil;
import org.identityconnectors.common.CollectionUtil;
import org.identityconnectors.common.Pair;
import org.identityconnectors.common.StringUtil;
import org.identityconnectors.common.logging.Log;
import org.identityconnectors.framework.common.exceptions.ConnectorException;
import org.identityconnectors.framework.common.objects.Attribute;
import org.identityconnectors.framework.common.objects.AttributeBuilder;
import org.identityconnectors.framework.common.objects.AttributeUtil;
import org.identityconnectors.framework.common.objects.ConnectorObject;
import org.identityconnectors.framework.common.objects.Name;
import org.identityconnectors.framework.common.objects.ObjectClass;
import org.identityconnectors.framework.common.objects.OperationalAttributes;
import org.identityconnectors.framework.common.objects.Uid;

/* loaded from: input_file:net/tirasa/connid/bundles/ad/crud/ADUpdate.class */
public class ADUpdate extends LdapModifyOperation {
    private static final Log LOG = Log.getLog(ADUpdate.class);
    private final ObjectClass oclass;
    private final Uid uid;
    private final ADUtilities utils;
    private final ADConnection conn;

    private Name getNewName(String str, Set<Attribute> set) {
        Attribute find = AttributeUtil.find(ADConfiguration.CN_NAME, set);
        if (find != null) {
            set.remove(find);
        }
        Name nameFromAttributes = AttributeUtil.getNameFromAttributes(set);
        Name name = null;
        if (nameFromAttributes != null) {
            set.remove(nameFromAttributes);
            if (ADUtilities.isDN(nameFromAttributes.getNameValue())) {
                name = new Name(this.conn.getSchemaMapping().getEntryDN(this.oclass, nameFromAttributes));
            }
        }
        if (name == null && !this.conn.getSchemaMapping().getLdapUidAttribute(this.oclass).equalsIgnoreCase(ADConfiguration.CN_NAME) && find != null) {
            String obj = (find.getValue() == null || find.getValue().isEmpty() || find.getValue().get(0) == null) ? null : find.getValue().get(0).toString();
            try {
                ArrayList arrayList = new ArrayList(new LdapName(str).getRdns());
                Rdn rdn = new Rdn(((Rdn) arrayList.get(arrayList.size() - 1)).getType(), obj);
                arrayList.remove(arrayList.size() - 1);
                arrayList.add(rdn);
                name = new Name(new LdapName(arrayList).toString());
            } catch (InvalidNameException e) {
                LOG.error("Error retrieving new DN. Ignore rename request.", new Object[]{e});
            }
        }
        return name;
    }

    public ADUpdate(ADConnection aDConnection, ObjectClass objectClass, Uid uid) {
        super(aDConnection);
        this.utils = new ADUtilities(aDConnection);
        this.oclass = objectClass;
        this.uid = uid;
        this.conn = aDConnection;
    }

    public Uid update(Set<Attribute> set) {
        ConnectorObject entryToBeUpdated = this.utils.getEntryToBeUpdated(this.uid, this.oclass);
        String nameValue = entryToBeUpdated.getName().getNameValue();
        Set<Attribute> newSet = CollectionUtil.newSet(set);
        Name newName = getNewName(nameValue, newSet);
        modifyAttributes(nameValue, getAttributesToModify(entryToBeUpdated, newSet), 2);
        if (newName != null && !newName.equals(entryToBeUpdated.getName())) {
            nameValue = this.conn.getSchemaMapping().rename(this.oclass, nameValue, newName);
        }
        modifyMemberships(nameValue, newSet);
        modifyPrimaryGroupID(nameValue, newSet);
        return this.conn.getSchemaMapping().createUid(this.oclass, nameValue);
    }

    public Uid addAttributeValues(Set<Attribute> set) {
        ConnectorObject entryToBeUpdated = this.utils.getEntryToBeUpdated(this.uid, this.oclass);
        String nameValue = entryToBeUpdated.getName().getNameValue();
        modifyAttributes(nameValue, getAttributesToModify(entryToBeUpdated, set), 1);
        modifyMemberships(nameValue, set);
        modifyPrimaryGroupID(nameValue, set);
        return this.uid;
    }

    public Uid removeAttributeValues(Set<Attribute> set) {
        ConnectorObject entryToBeUpdated = this.utils.getEntryToBeUpdated(this.uid, this.oclass);
        String nameValue = entryToBeUpdated.getName().getNameValue();
        modifyAttributes(nameValue, getAttributesToModify(entryToBeUpdated, set), 3);
        List<String> stringListValue = getStringListValue(set, LdapConstants.LDAP_GROUPS_NAME);
        if (!CollectionUtil.isEmpty(stringListValue)) {
            this.groupHelper.removeLdapGroupMemberships(nameValue, stringListValue);
        }
        return this.uid;
    }

    private Pair<Attributes, ADGuardedPasswordAttribute> getAttributesToModify(ConnectorObject connectorObject, Set<Attribute> set) {
        javax.naming.directory.Attribute userCannotChangePassword;
        BasicAttributes basicAttributes = new BasicAttributes();
        ADGuardedPasswordAttribute aDGuardedPasswordAttribute = null;
        int i = -1;
        for (Attribute attribute : set) {
            javax.naming.directory.Attribute attribute2 = null;
            if (attribute.is(Uid.NAME)) {
                throw new IllegalArgumentException("Unable to modify an object's uid");
            }
            if (attribute.is(Name.NAME)) {
                throw new IllegalArgumentException("Unable to modify an object's name");
            }
            if (attribute.is(ADConfiguration.UCCP_FLAG)) {
                List value = attribute.getValue();
                if (value != null && !value.isEmpty() && (userCannotChangePassword = this.utils.userCannotChangePassword(connectorObject, (Boolean) value.get(0))) != null) {
                    basicAttributes.put(userCannotChangePassword);
                }
            } else if (attribute.is(ADConfiguration.PROMPT_USER_FLAG)) {
                List value2 = attribute.getValue();
                if (value2 != null && !value2.isEmpty() && ((Boolean) value2.get(0)).booleanValue()) {
                    basicAttributes.put(new BasicAttribute(ADConfiguration.PROMPT_USER_FLAG, "0"));
                }
            } else if (attribute.is(ADConfiguration.LOCK_OUT_FLAG)) {
                List value3 = attribute.getValue();
                if (value3 != null && !value3.isEmpty() && ((Boolean) value3.get(0)).booleanValue()) {
                    basicAttributes.put(new BasicAttribute(ADConfiguration.LOCK_OUT_FLAG, "0"));
                }
            } else if (!LdapConstants.isLdapGroups(attribute.getName())) {
                if (attribute.is(OperationalAttributes.PASSWORD_NAME)) {
                    aDGuardedPasswordAttribute = ADGuardedPasswordAttribute.create(this.conn.getConfiguration().getPasswordAttribute(), attribute);
                } else if (attribute.is(ADConnector.UACCONTROL_ATTR) && this.oclass.is(ObjectClass.ACCOUNT_NAME)) {
                    i = (attribute.getValue() == null || attribute.getValue().isEmpty()) ? -1 : Integer.parseInt(attribute.getValue().get(0).toString());
                } else if (attribute.is(OperationalAttributes.ENABLE_NAME) && this.oclass.is(ObjectClass.ACCOUNT_NAME) && i == -1) {
                    Attribute attributeByName = connectorObject.getAttributeByName(ADConnector.UACCONTROL_ATTR);
                    i = (attributeByName == null || attributeByName.getValue() == null || attributeByName.getValue().isEmpty()) ? 0 : Integer.parseInt(attributeByName.getValue().get(0).toString());
                    if (attribute.getValue() == null || attribute.getValue().isEmpty() || Boolean.parseBoolean(attribute.getValue().get(0).toString())) {
                        if (i % 16 == 2) {
                            i -= 2;
                        }
                    } else if (i % 16 != 2) {
                        i += 2;
                    }
                } else if (!attribute.is(ADConnector.OBJECTGUID)) {
                    attribute2 = this.conn.getSchemaMapping().encodeAttribute(this.oclass, attribute);
                }
            }
            addAttribute(attribute2, basicAttributes);
        }
        if (i != -1) {
            addAttribute(this.conn.getSchemaMapping().encodeAttribute(this.oclass, AttributeBuilder.build(ADConnector.UACCONTROL_ATTR, new Object[]{Integer.toString(i)})), basicAttributes);
        }
        return new Pair<>(basicAttributes, aDGuardedPasswordAttribute);
    }

    private void addAttribute(javax.naming.directory.Attribute attribute, BasicAttributes basicAttributes) {
        if (attribute != null) {
            javax.naming.directory.Attribute attribute2 = basicAttributes.get(attribute.getID());
            if (attribute2 == null) {
                basicAttributes.put(attribute);
                return;
            }
            try {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMoreElements()) {
                    attribute2.add(all.nextElement());
                }
            } catch (NamingException e) {
                throw new ConnectorException(e);
            }
        }
    }

    private void modifyAttributes(final String str, Pair<Attributes, ADGuardedPasswordAttribute> pair, final int i) {
        final ArrayList arrayList = new ArrayList(((Attributes) pair.first).size());
        NamingEnumeration all = ((Attributes) pair.first).getAll();
        while (all.hasMoreElements()) {
            javax.naming.directory.Attribute attribute = (javax.naming.directory.Attribute) all.nextElement();
            if (!attribute.getID().equalsIgnoreCase(LdapConstants.LDAP_GROUPS_NAME) && !attribute.getID().equalsIgnoreCase(ADConfiguration.PRIMARY_GROUP_DN_NAME)) {
                arrayList.add(new ModificationItem(i, attribute));
            }
        }
        if (pair.second != null) {
            ((ADGuardedPasswordAttribute) pair.second).access(new ADGuardedPasswordAttribute.Accessor() { // from class: net.tirasa.connid.bundles.ad.crud.ADUpdate.1
                @Override // net.tirasa.connid.bundles.ad.util.ADGuardedPasswordAttribute.Accessor
                public void access(BasicAttribute basicAttribute) {
                    try {
                        if (basicAttribute.get() != null) {
                            arrayList.add(new ModificationItem(i, basicAttribute));
                            ADUpdate.this.modifyAttributes(str, arrayList);
                        }
                    } catch (NamingException e) {
                        ADUpdate.LOG.error(e, "Error retrieving password value", new Object[0]);
                    }
                }
            });
        }
        modifyAttributes(str, arrayList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void modifyAttributes(String str, List<ModificationItem> list) {
        try {
            this.conn.getInitialContext().modifyAttributes(str, (ModificationItem[]) list.toArray(new ModificationItem[list.size()]));
        } catch (NamingException e) {
            throw new ConnectorException(e);
        }
    }

    private List<String> getStringListValue(Set<Attribute> set, String str) {
        Attribute find = AttributeUtil.find(str, set);
        if (find == null || find.getValue() == null) {
            return null;
        }
        return LdapUtil.checkedListByFilter(CollectionUtil.nullAsEmpty(find.getValue()), String.class);
    }

    private void modifyPrimaryGroupID(String str, Set<Attribute> set) {
        List<String> stringListValue = getStringListValue(set, ADConfiguration.PRIMARY_GROUP_DN_NAME);
        if (stringListValue == null || stringListValue.isEmpty()) {
            return;
        }
        try {
            this.conn.getInitialContext().modifyAttributes(str, new ModificationItem[]{new ModificationItem(2, this.utils.getGroupID(stringListValue.get(0)))});
        } catch (NamingException e) {
            LOG.error(e, "Error setting primaryGroupID '{0}' for '{1}'", new Object[]{stringListValue, str});
        }
    }

    private void modifyMemberships(String str, Set<Attribute> set) {
        List<String> stringListValue = getStringListValue(set, LdapConstants.LDAP_GROUPS_NAME);
        if (stringListValue != null) {
            Set<String> groups = this.utils.getGroups(str, ((ADConfiguration) this.conn.getConfiguration()).getBaseContextsToSynchronize());
            Set<String> groups2 = this.utils.getGroups(str);
            String str2 = null;
            LdapEntry entryToBeUpdated = this.utils.getEntryToBeUpdated(str);
            try {
                javax.naming.directory.Attribute attribute = entryToBeUpdated.getAttributes().get(ADConnector.PRIMARYGROUPID);
                if (attribute != null && attribute.get() != null) {
                    Set<SearchResult> basicLdapSearch = this.utils.basicLdapSearch(String.format("(&(objectclass=group)(%s=%s))", ADConnector.OBJECTSID, Hex.getEscaped(ADUtilities.getPrimaryGroupSID(SID.parse((byte[]) entryToBeUpdated.getAttributes().get(ADConnector.OBJECTSID).get()), NumberFacility.getUIntBytes(Long.parseLong(attribute.get().toString()))).toByteArray())), ((ADConfiguration) this.conn.getConfiguration()).getBaseContextsToSynchronize());
                    if (basicLdapSearch == null || basicLdapSearch.isEmpty()) {
                        LOG.warn("Error retrieving primary group for {0}", new Object[]{str});
                    } else {
                        str2 = basicLdapSearch.iterator().next().getNameInNamespace();
                        LOG.info("Found primary group {0}", new Object[]{str2});
                    }
                }
                TreeSet treeSet = new TreeSet(String.CASE_INSENSITIVE_ORDER);
                for (String str3 : stringListValue) {
                    if (groups.contains(str3)) {
                        groups2.remove(str3);
                    } else {
                        treeSet.add(str3);
                    }
                }
                if (StringUtil.isNotBlank(str2)) {
                    treeSet.remove(str2);
                }
                GroupHelper.Modification<GroupHelper.GroupMembership> modification = new GroupHelper.Modification<>();
                if (!((ADConfiguration) ADConfiguration.class.cast(this.conn.getConfiguration())).isMembershipConservativePolicy()) {
                    Iterator<String> it = groups2.iterator();
                    while (it.hasNext()) {
                        modification.remove(new GroupHelper.GroupMembership(str, it.next()));
                    }
                }
                Iterator it2 = treeSet.iterator();
                while (it2.hasNext()) {
                    modification.add(new GroupHelper.GroupMembership(str, (String) it2.next()));
                }
                this.groupHelper.modifyLdapGroupMemberships(modification);
            } catch (NamingException e) {
                LOG.error(e, "Error retrieving primary group", new Object[0]);
                throw new ConnectorException(e);
            }
        }
    }
}
