package com.atlassian.crowd.directory;

import com.atlassian.crowd.common.properties.SystemProperties;
import com.atlassian.crowd.directory.ldap.mapper.ContextMapperWithRequiredAttributes;
import com.atlassian.crowd.directory.ldap.mapper.NameAttributesPair;
import com.atlassian.crowd.directory.ldap.mapper.UserContextMapperConfig;
import com.atlassian.crowd.directory.ldap.mapper.attribute.AttributeMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.group.RFC4519MemberDnMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.user.MemberOfOverlayMapper;
import com.atlassian.crowd.directory.ldap.name.CrowdLdapName;
import com.atlassian.crowd.directory.ldap.name.CrowdLdapNameFactory;
import com.atlassian.crowd.directory.ldap.name.LdapNameFormatException;
import com.atlassian.crowd.directory.rfc4519.RFC4519DirectoryMembershipsIterableBuilder;
import com.atlassian.crowd.directory.synchronisation.cache.GroupUserCache;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InvalidMembershipException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.LDAPDirectoryEntity;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.group.Membership;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import com.atlassian.crowd.search.Entity;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.ldap.LDAPQueryTranslater;
import com.atlassian.crowd.search.ldap.NullResultException;
import com.atlassian.crowd.search.query.entity.EntityQuery;
import com.atlassian.crowd.search.query.entity.restriction.constants.GroupTermKeys;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.search.util.SearchResultsUtil;
import com.atlassian.crowd.util.InstanceFactory;
import com.atlassian.event.api.EventPublisher;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Suppliers;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.AttributeInUseException;
import org.springframework.ldap.NameAlreadyBoundException;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.OperationNotSupportedException;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.Filter;
import org.springframework.ldap.filter.HardcodedFilter;
import org.springframework.ldap.filter.OrFilter;

/* loaded from: input_file:com/atlassian/crowd/directory/RFC4519Directory.class */
public abstract class RFC4519Directory extends SpringLDAPConnector {
    private final CrowdLdapNameFactory ldapNameFactory;
    private final LookupByDn<LDAPGroupWithAttributes> lookupGroupByDn;

    @VisibleForTesting
    final LookupByDn<String> lookupGroupNameByDn;
    private static final Logger logger = LoggerFactory.getLogger(RFC4519Directory.class);
    private static final Function<String, ? extends CrowdLdapName> TO_LDAP_NAME = new Function<String, CrowdLdapName>() { // from class: com.atlassian.crowd.directory.RFC4519Directory.3
        private final CrowdLdapNameFactory ldapNameFactory = CrowdLdapNameFactory.getInstance();

        @Override // java.util.function.Function
        public CrowdLdapName apply(String str) {
            return this.ldapNameFactory.get(str);
        }
    };
    public static final ContextMapperWithRequiredAttributes<CrowdLdapName> DN_MAPPER = new DnMapper();

    /* loaded from: input_file:com/atlassian/crowd/directory/RFC4519Directory$DnMapper.class */
    private static class DnMapper implements ContextMapperWithRequiredAttributes<CrowdLdapName> {
        private DnMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.atlassian.crowd.directory.ldap.mapper.ContextMapperWithRequiredAttributes
        public CrowdLdapName mapFromContext(Object obj) {
            return ((NameAttributesPair) obj).getName();
        }

        @Override // com.atlassian.crowd.directory.ldap.mapper.ContextMapperWithRequiredAttributes
        public Set<String> getRequiredLdapAttributes() {
            return ImmutableSet.of();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/atlassian/crowd/directory/RFC4519Directory$LookupByDn.class */
    public interface LookupByDn<T> {
        T lookup(CrowdLdapName crowdLdapName) throws OperationFailedException, UserNotFoundException, GroupNotFoundException;
    }

    public RFC4519Directory(LDAPQueryTranslater lDAPQueryTranslater, EventPublisher eventPublisher, InstanceFactory instanceFactory, LdapContextSourceProvider ldapContextSourceProvider) {
        super(lDAPQueryTranslater, eventPublisher, instanceFactory, ldapContextSourceProvider);
        this.ldapNameFactory = CrowdLdapNameFactory.getInstance();
        this.lookupGroupByDn = new LookupByDn<LDAPGroupWithAttributes>() { // from class: com.atlassian.crowd.directory.RFC4519Directory.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.crowd.directory.RFC4519Directory.LookupByDn
            public LDAPGroupWithAttributes lookup(CrowdLdapName crowdLdapName) throws OperationFailedException, UserNotFoundException, GroupNotFoundException {
                return (LDAPGroupWithAttributes) RFC4519Directory.this.findEntityByDN(crowdLdapName, LDAPGroupWithAttributes.class);
            }
        };
        this.lookupGroupNameByDn = new LookupByDn<String>() { // from class: com.atlassian.crowd.directory.RFC4519Directory.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.atlassian.crowd.directory.RFC4519Directory.LookupByDn
            public String lookup(CrowdLdapName crowdLdapName) throws GroupNotFoundException {
                NamedLdapEntity namedLdapEntity = (NamedLdapEntity) RFC4519Directory.this.ldapTemplate.get().lookup(crowdLdapName, NamedLdapEntity.mapperFromAttribute(RFC4519Directory.this.ldapPropertiesMapper.getGroupNameAttribute()));
                if (namedLdapEntity.getName() != null) {
                    return namedLdapEntity.getName();
                }
                RFC4519Directory.logger.debug("LDAP user does not have sufficient access to read the group {}", crowdLdapName);
                throw new GroupNotFoundException(crowdLdapName.toString());
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomGroupAttributeMappers() {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(super.getCustomGroupAttributeMappers());
        builder.addAll(getMemberDnMappers());
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getMemberOnlyGroupAttributeMappers() {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(super.getMemberOnlyGroupAttributeMappers());
        builder.addAll(getMemberDnMappers());
        return builder.build();
    }

    protected List<AttributeMapper> getMemberDnMappers() {
        return Collections.singletonList(new RFC4519MemberDnMapper(this.ldapPropertiesMapper.getGroupMemberAttribute(), this.ldapPropertiesMapper.isRelaxedDnStandardisation()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomUserAttributeMappers(UserContextMapperConfig userContextMapperConfig) {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(super.getCustomUserAttributeMappers(userContextMapperConfig));
        if (isUsingUserMembershipAttribute(userContextMapperConfig)) {
            builder.add(new MemberOfOverlayMapper(this.ldapPropertiesMapper.getUserGroupMembershipsAttribute(), this.ldapPropertiesMapper.isRelaxedDnStandardisation()));
        }
        return builder.build();
    }

    private boolean isUsingUserMembershipAttribute(UserContextMapperConfig userContextMapperConfig) {
        if (userContextMapperConfig.includeMemberOf()) {
            return true;
        }
        if (userContextMapperConfig.includeAll()) {
            return (!((Boolean) SystemProperties.USE_LEGACY_MEMBERSHIP_MAPPER_CHECK.getValue()).booleanValue()) || this.ldapPropertiesMapper.isUsingUserMembershipAttributeForGroupMembership();
        }
        return false;
    }

    public Collection<LDAPGroupWithAttributes> searchGroupsByDns(Set<String> set) throws OperationFailedException {
        return searchGroupsByAttribute(set, list -> {
            return prepareOrFilterForGroupProperty("distinguishedName", list);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<LDAPGroupWithAttributes> searchGroupsByAttribute(Set<String> set, Function<List<String>, Filter> function) throws OperationFailedException {
        HashSet hashSet = new HashSet(set.size());
        Iterator it = Iterables.partition(set, 1000).iterator();
        while (it.hasNext()) {
            hashSet.addAll(searchEntities(this.searchDN.getGroup(), function.apply((List) it.next()).encode(), getGroupContextMapper(GroupType.GROUP, true), 0, -1));
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AndFilter prepareOrFilterForGroupProperty(String str, List<String> list) {
        AndFilter andFilter = new AndFilter();
        OrFilter orFilter = new OrFilter();
        andFilter.and(new HardcodedFilter(this.ldapPropertiesMapper.getGroupFilter()));
        Stream<R> map = list.stream().map(str2 -> {
            return new EqualsFilter(str, str2);
        });
        Objects.requireNonNull(orFilter);
        map.forEach((v1) -> {
            r1.or(v1);
        });
        andFilter.and(orFilter);
        return andFilter;
    }

    private static Set<String> getMemberDNs(LDAPGroupWithAttributes lDAPGroupWithAttributes) {
        return (Set) ObjectUtils.defaultIfNull(lDAPGroupWithAttributes.getValues("memberDNs"), Collections.emptySet());
    }

    private static Set<String> getMemberOfs(LDAPUserWithAttributes lDAPUserWithAttributes) {
        return (Set) ObjectUtils.defaultIfNull(lDAPUserWithAttributes.getValues(MemberOfOverlayMapper.ATTRIBUTE_KEY), Collections.emptySet());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isDnDirectGroupMember(String str, LDAPGroupWithAttributes lDAPGroupWithAttributes) {
        CrowdLdapName apply = TO_LDAP_NAME.apply(str);
        Set<String> memberDNs = getMemberDNs(lDAPGroupWithAttributes);
        Function<String, ? extends CrowdLdapName> function = TO_LDAP_NAME;
        Objects.requireNonNull(function);
        return Iterables.contains(Iterables.transform(memberDNs, (v1) -> {
            return r1.apply(v1);
        }), apply);
    }

    protected boolean isDirectGroupMemberOf(LDAPUserWithAttributes lDAPUserWithAttributes, String str) {
        return Iterables.contains(Iterables.transform(getMemberOfs(lDAPUserWithAttributes), str2 -> {
            return standardiseDN(str2);
        }), standardiseDN(str));
    }

    /* JADX WARN: Code restructure failed: missing block: B:8:0x0048, code lost:
    
        if (isDirectGroupMemberOf(r0, r0.getDn()) != false) goto L9;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean isUserDirectGroupMember(java.lang.String r5, java.lang.String r6) throws com.atlassian.crowd.exception.OperationFailedException {
        /*
            r4 = this;
            r0 = r5
            java.lang.String r1 = "username argument cannot be null or empty"
            r2 = 0
            java.lang.Object[] r2 = new java.lang.Object[r2]
            java.lang.CharSequence r0 = org.apache.commons.lang3.Validate.notEmpty(r0, r1, r2)
            r0 = r6
            java.lang.String r1 = "groupName argument cannot be null or empty"
            r2 = 0
            java.lang.Object[] r2 = new java.lang.Object[r2]
            java.lang.CharSequence r0 = org.apache.commons.lang3.Validate.notEmpty(r0, r1, r2)
            r0 = r4
            r1 = r6
            com.atlassian.crowd.model.group.LDAPGroupWithAttributes r0 = r0.m11findGroupByName(r1)     // Catch: java.lang.Throwable -> L51
            r7 = r0
            r0 = r4
            r1 = r5
            com.atlassian.crowd.model.user.LDAPUserWithAttributes r0 = r0.m14findUserByName(r1)     // Catch: java.lang.Throwable -> L51
            r8 = r0
            r0 = r4
            r1 = r8
            java.lang.String r1 = r1.getDn()     // Catch: java.lang.Throwable -> L51
            r2 = r7
            boolean r0 = r0.isDnDirectGroupMember(r1, r2)     // Catch: java.lang.Throwable -> L51
            if (r0 != 0) goto L4b
            r0 = r7
            java.util.Set r0 = getMemberDNs(r0)     // Catch: java.lang.Throwable -> L51
            boolean r0 = r0.isEmpty()     // Catch: java.lang.Throwable -> L51
            if (r0 == 0) goto L4f
            r0 = r4
            r1 = r8
            r2 = r7
            java.lang.String r2 = r2.getDn()     // Catch: java.lang.Throwable -> L51
            boolean r0 = r0.isDirectGroupMemberOf(r1, r2)     // Catch: java.lang.Throwable -> L51
            if (r0 == 0) goto L4f
        L4b:
            r0 = 1
            goto L50
        L4f:
            r0 = 0
        L50:
            return r0
        L51:
            r7 = move-exception
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.atlassian.crowd.directory.RFC4519Directory.isUserDirectGroupMember(java.lang.String, java.lang.String):boolean");
    }

    public boolean isGroupDirectGroupMember(String str, String str2) throws OperationFailedException {
        Validate.notEmpty(str, "childGroup argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "parentGroup argument cannot be null or empty", new Object[0]);
        try {
            return isDnDirectGroupMember(m11findGroupByName(str).getDn(), m11findGroupByName(str2));
        } catch (GroupNotFoundException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDnToGroup(String str, LDAPGroupWithAttributes lDAPGroupWithAttributes) throws OperationFailedException {
        try {
            this.ldapTemplate.get().modifyAttributes(lDAPGroupWithAttributes.getLdapName(), new ModificationItem[]{new ModificationItem(1, new BasicAttribute(this.ldapPropertiesMapper.getGroupMemberAttribute(), str))});
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        } catch (NameAlreadyBoundException e2) {
        } catch (AttributeInUseException e3) {
        }
    }

    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, OperationFailedException, UserNotFoundException, MembershipAlreadyExistsException {
        Validate.notEmpty(str, "username argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName argument cannot be null or empty", new Object[0]);
        LDAPGroupWithAttributes findGroupByName = m11findGroupByName(str2);
        LDAPUserWithAttributes findUserByName = m14findUserByName(str);
        if (isDnDirectGroupMember(findUserByName.getDn(), findGroupByName)) {
            throw new MembershipAlreadyExistsException(getDirectoryId(), str, str2);
        }
        addDnToGroup(findUserByName.getDn(), findGroupByName);
    }

    public void addGroupToGroup(String str, String str2) throws GroupNotFoundException, InvalidMembershipException, OperationFailedException, MembershipAlreadyExistsException {
        Validate.notEmpty(str, "childGroup argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "parentGroup argument cannot be null or empty", new Object[0]);
        LDAPGroupWithAttributes findGroupByName = m11findGroupByName(str2);
        LDAPGroupWithAttributes findGroupByName2 = m11findGroupByName(str);
        if (findGroupByName.getType() != findGroupByName2.getType()) {
            throw new InvalidMembershipException("Cannot add group of type " + findGroupByName2.getType().name() + " to group of type " + findGroupByName.getType().name());
        }
        if (isDnDirectGroupMember(findGroupByName2.getDn(), findGroupByName)) {
            throw new MembershipAlreadyExistsException(getDirectoryId(), str, str2);
        }
        addDnToGroup(findGroupByName2.getDn(), findGroupByName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeDnFromGroup(String str, LDAPGroupWithAttributes lDAPGroupWithAttributes) throws OperationFailedException {
        try {
            this.ldapTemplate.get().modifyAttributes(lDAPGroupWithAttributes.getLdapName(), new ModificationItem[]{new ModificationItem(3, new BasicAttribute(this.ldapPropertiesMapper.getGroupMemberAttribute(), str))});
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        } catch (OperationNotSupportedException e2) {
        }
    }

    public void removeUserFromGroup(String str, String str2) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, OperationFailedException {
        Validate.notEmpty(str, "username argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName argument cannot be null or empty", new Object[0]);
        LDAPGroupWithAttributes findGroupByName = m11findGroupByName(str2);
        LDAPUserWithAttributes findUserByName = m14findUserByName(str);
        if (!isDnDirectGroupMember(findUserByName.getDn(), findGroupByName)) {
            throw new MembershipNotFoundException(str, str2);
        }
        removeDnFromGroup(findUserByName.getDn(), findGroupByName);
    }

    public void removeGroupFromGroup(String str, String str2) throws GroupNotFoundException, MembershipNotFoundException, InvalidMembershipException, OperationFailedException {
        Validate.notEmpty(str, "childGroup argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "parentGroup argument cannot be null or empty", new Object[0]);
        LDAPGroupWithAttributes findGroupByName = m11findGroupByName(str2);
        LDAPGroupWithAttributes findGroupByName2 = m11findGroupByName(str);
        if (!isDnDirectGroupMember(findGroupByName2.getDn(), findGroupByName)) {
            throw new MembershipNotFoundException(str, str2);
        }
        if (findGroupByName.getType() != findGroupByName2.getType()) {
            throw new InvalidMembershipException("Cannot remove group of type " + findGroupByName2.getType().name() + " from group of type " + findGroupByName.getType().name());
        }
        removeDnFromGroup(findGroupByName2.getDn(), findGroupByName);
    }

    public Iterable<Membership> getMemberships() throws OperationFailedException {
        return new RFC4519DirectoryMembershipsIterableBuilder().forConnector(this).withFullCache(getEntityNamesAsMap(this.searchDN.getUser(), EntityDescriptor.user(), this.ldapPropertiesMapper.getUserNameAttribute()), getEntityNamesAsMap(this.searchDN.getGroup(), EntityDescriptor.group(GroupType.GROUP), this.ldapPropertiesMapper.getGroupNameAttribute())).build();
    }

    private Map<CrowdLdapName, String> getEntityNamesAsMap(CrowdLdapName crowdLdapName, EntityDescriptor entityDescriptor, String str) throws OperationFailedException {
        EntityQuery returningAtMost = QueryBuilder.queryFor(String.class, entityDescriptor).returningAtMost(-1);
        try {
            String encode = this.ldapQueryTranslater.asLDAPFilter(returningAtMost, this.ldapPropertiesMapper).encode();
            logger.debug("Performing {} search: baseDN = {} - filter = {}", new Object[]{entityDescriptor.getEntityType(), crowdLdapName, encode});
            return asMap(searchEntities(crowdLdapName, encode, NamedLdapEntity.mapperFromAttribute(str), returningAtMost.getStartIndex(), returningAtMost.getMaxResults()));
        } catch (NullResultException e) {
            return Collections.emptyMap();
        }
    }

    static Map<CrowdLdapName, String> asMap(Iterable<NamedLdapEntity> iterable) {
        HashMap hashMap = new HashMap();
        for (NamedLdapEntity namedLdapEntity : iterable) {
            hashMap.put(namedLdapEntity.getDn(), namedLdapEntity.getName());
        }
        return hashMap;
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected <T> Iterable<T> searchGroupRelationshipsWithGroupTypeSpecified(MembershipQuery<T> membershipQuery) throws OperationFailedException {
        Iterable<LDAPUserWithAttributes> findGroupMemberships;
        if (membershipQuery.isFindChildren()) {
            if (membershipQuery.getEntityToMatch().getEntityType() != Entity.GROUP) {
                throw new IllegalArgumentException("You can only find the GROUP or USER members of a GROUP");
            }
            if (membershipQuery.getEntityToReturn().getEntityType() == Entity.USER) {
                findGroupMemberships = this.ldapPropertiesMapper.isUsingUserMembershipAttribute() ? findUserMembersOfGroupViaMemberOf(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults()) : findUserMembersOfGroupViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
            } else {
                if (membershipQuery.getEntityToReturn().getEntityType() != Entity.GROUP) {
                    throw new IllegalArgumentException("You can only find the GROUP or USER members of a GROUP");
                }
                findGroupMemberships = this.ldapPropertiesMapper.isNestedGroupsDisabled() ? Collections.emptyList() : findGroupMembersOfGroupViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getEntityToMatch().getGroupType(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
            }
        } else {
            if (membershipQuery.getEntityToReturn().getEntityType() != Entity.GROUP) {
                throw new IllegalArgumentException("You can only find the GROUP memberships of USER or GROUP");
            }
            if (membershipQuery.getEntityToReturn().getGroupType() != GroupType.GROUP) {
                if (membershipQuery.getEntityToReturn().getGroupType() == GroupType.LEGACY_ROLE) {
                    return Collections.emptyList();
                }
                throw new IllegalArgumentException("Cannot find group memberships of entity via member DN for GroupType: " + membershipQuery.getEntityToReturn().getGroupType());
            }
            if (membershipQuery.getReturnType() == String.class) {
                return toGenericIterable(findGroupMembershipNames(membershipQuery));
            }
            findGroupMemberships = findGroupMemberships(membershipQuery);
        }
        return membershipQuery.getReturnType() == String.class ? toGenericIterable(SearchResultsUtil.convertEntitiesToNames(findGroupMemberships)) : toGenericIterable(findGroupMemberships);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> membershipQuery) throws OperationFailedException {
        if (membershipQuery.getEntityToMatch().getEntityType() == Entity.USER) {
            return this.ldapPropertiesMapper.isUsingUserMembershipAttributeForGroupMembership() ? findGroupMembershipsOfUserViaMemberOf(membershipQuery.getEntityNameToMatch(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults()) : findGroupMembershipsOfUserViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
        }
        if (membershipQuery.getEntityToMatch().getEntityType() == Entity.GROUP) {
            return this.ldapPropertiesMapper.isNestedGroupsDisabled() ? Collections.emptyList() : findGroupMembershipsOfGroupViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
        }
        throw new IllegalArgumentException("You can only find the GROUP memberships of USER or GROUP");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Iterable<String> findGroupMembershipNames(MembershipQuery<String> membershipQuery) throws OperationFailedException {
        if (membershipQuery.getEntityToMatch().getEntityType() == Entity.USER) {
            return this.ldapPropertiesMapper.isUsingUserMembershipAttributeForGroupMembership() ? findGroupMembershipNamesOfUserViaMemberOf(membershipQuery.getEntityNameToMatch(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults()) : findGroupMembershipNamesOfUserViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
        }
        if (membershipQuery.getEntityToMatch().getEntityType() == Entity.GROUP) {
            return this.ldapPropertiesMapper.isNestedGroupsDisabled() ? Collections.emptyList() : findGroupMembershipNamesOfGroupViaMemberDN(membershipQuery.getEntityNameToMatch(), membershipQuery.getStartIndex(), membershipQuery.getMaxResults());
        }
        throw new IllegalArgumentException("You can only find the GROUP memberships of USER or GROUP");
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfUserViaMemberOf(String str, int i, int i2) throws OperationFailedException {
        return findGroupMembershipsOfUserViaMemberOf(str, i, i2, this.lookupGroupByDn);
    }

    private List<String> findGroupMembershipNamesOfUserViaMemberOf(String str, int i, int i2) throws OperationFailedException {
        return findGroupMembershipsOfUserViaMemberOf(str, i, i2, this.lookupGroupNameByDn);
    }

    static int totalResultsSize(int i, int i2) {
        int i3;
        if (i2 != -1 && (i3 = i + i2) >= 0) {
            return i3;
        }
        return -1;
    }

    protected <T> List<T> findGroupMembershipsOfUserViaMemberOf(String str, int i, int i2, LookupByDn<T> lookupByDn) throws OperationFailedException {
        try {
            Set<String> memberOfs = getMemberOfs(m14findUserByName(str));
            if (memberOfs == null) {
                logger.debug("User with name <{}> does not have any memberOf values and therefore has no memberships", str);
                return Collections.emptyList();
            }
            ImmutableList.Builder builder = ImmutableList.builder();
            int i3 = 0;
            int i4 = totalResultsSize(i, i2);
            for (String str2 : memberOfs) {
                try {
                    builder.add(lookupByDn.lookup(this.ldapNameFactory.get(str2)));
                    i3++;
                } catch (GroupNotFoundException e) {
                } catch (LdapNameFormatException e2) {
                    logger.info("Invalid group DN {}", str2);
                }
                if (i4 != -1 && i3 >= i4) {
                    break;
                }
            }
            return SearchResultsUtil.constrainResults(builder.build(), i, i2);
        } catch (UserNotFoundException e3) {
            logger.debug("User with name <{}> does not exist and therefore has no memberships", str);
            return Collections.emptyList();
        }
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfUserViaMemberDN(String str, int i, int i2) throws OperationFailedException {
        try {
            return findGroupMembershipsOfEntityViaMemberDN(m14findUserByName(str).getLdapName(), i, i2);
        } catch (UserNotFoundException | IllegalArgumentException e) {
            return Collections.emptyList();
        }
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfGroupViaMemberDN(String str, int i, int i2) throws OperationFailedException {
        try {
            return findGroupMembershipsOfEntityViaMemberDN(findGroupByNameAndType(str, GroupType.GROUP).getLdapName(), i, i2);
        } catch (GroupNotFoundException e) {
            return Collections.emptyList();
        }
    }

    private Iterable<String> findGroupMembershipNamesOfUserViaMemberDN(String str, int i, int i2) throws OperationFailedException {
        try {
            return findGroupMembershipNamesOfEntityViaMemberDN(m14findUserByName(str).getLdapName(), i, i2);
        } catch (UserNotFoundException | IllegalArgumentException e) {
            return Collections.emptyList();
        }
    }

    private Iterable<String> findGroupMembershipNamesOfGroupViaMemberDN(String str, int i, int i2) throws OperationFailedException {
        try {
            return findGroupMembershipNamesOfEntityViaMemberDN(findGroupDnByName(str), i, i2);
        } catch (GroupNotFoundException e) {
            return Collections.emptyList();
        }
    }

    private List<LDAPGroupWithAttributes> findGroupMembershipsOfEntityViaMemberDN(CrowdLdapName crowdLdapName, int i, int i2) throws OperationFailedException {
        return findGroupMembershipsOfEntityViaMemberDN(crowdLdapName, i, i2, getGroupContextMapper(GroupType.GROUP, true));
    }

    private Iterable<String> findGroupMembershipNamesOfEntityViaMemberDN(CrowdLdapName crowdLdapName, int i, int i2) throws OperationFailedException {
        return NamedLdapEntity.namesOf((List<? extends NamedLdapEntity>) findGroupMembershipsOfEntityViaMemberDN(crowdLdapName, i, i2, NamedLdapEntity.mapperFromAttribute(this.ldapPropertiesMapper.getGroupNameAttribute())));
    }

    private <T> List<T> findGroupMembershipsOfEntityViaMemberDN(CrowdLdapName crowdLdapName, int i, int i2, ContextMapperWithRequiredAttributes<T> contextMapperWithRequiredAttributes) throws OperationFailedException {
        AndFilter groupsByGroupMemberAttributeFilter = getGroupsByGroupMemberAttributeFilter(crowdLdapName);
        CrowdLdapName group = this.searchDN.getGroup();
        String encode = groupsByGroupMemberAttributeFilter.encode();
        logger.debug("Executing search at DN: <{}> with filter: <{}>", group, encode);
        return searchEntities(group, encode, contextMapperWithRequiredAttributes, i, i2);
    }

    private List<LDAPGroupWithAttributes> findGroupMembersOfGroupViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        return findMembersOfGroupViaMemberDN(str, groupType, LDAPGroupWithAttributes.class, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        return findMembersOfGroupViaMemberDN(str, groupType, LDAPUserWithAttributes.class, i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.lang.Iterable] */
    public Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        List emptyList;
        try {
            LDAPGroupWithAttributes findGroupWithAttributesByName = m10findGroupWithAttributesByName(str);
            if (findGroupWithAttributesByName.getType() == groupType) {
                String encode = getUsersByUserGroupMembershipAttributeFilter(findGroupWithAttributesByName.getLdapName()).encode();
                CrowdLdapName user = this.searchDN.getUser();
                logger.debug("Executing search at DN: <{}> with filter: <{}>", user, encode);
                emptyList = toGenericIterable(searchEntities(user, encode, getUserContextMapper(UserContextMapperConfig.Builder.withCustomAttributes().build()), i, i2));
            } else {
                logger.debug("Group with name <{}> does exist but is of GroupType <{}> and not <{}>", new Object[]{str, findGroupWithAttributesByName.getType(), groupType});
                emptyList = Collections.emptyList();
            }
        } catch (GroupNotFoundException e) {
            logger.debug("Group with name <{}> does not exist and therefore has no members", str);
            emptyList = Collections.emptyList();
        }
        return emptyList;
    }

    private <T extends LDAPDirectoryEntity> List<T> findMembersOfGroupViaMemberDN(String str, GroupType groupType, Class<T> cls, int i, int i2) throws OperationFailedException {
        try {
            Set<String> memberDNs = getMemberDNs(findGroupByNameAndType(str, groupType));
            if (memberDNs == null) {
                logger.debug("Group with name <{}> does not have any memberDNs and therefore has no members", str);
                return Collections.emptyList();
            }
            ImmutableList.Builder builder = ImmutableList.builder();
            int i3 = 0;
            int i4 = totalResultsSize(i, i2);
            Iterator<String> it = memberDNs.iterator();
            while (it.hasNext()) {
                try {
                    LDAPDirectoryEntity findEntityByDN = findEntityByDN(it.next(), cls);
                    if (!(findEntityByDN instanceof LDAPGroupWithAttributes)) {
                        builder.add(findEntityByDN);
                        i3++;
                    } else if (((LDAPGroupWithAttributes) findEntityByDN).getType() == groupType) {
                        builder.add(findEntityByDN);
                        i3++;
                    }
                } catch (UserNotFoundException | GroupNotFoundException e) {
                }
                if (i4 != -1 && i3 >= i4) {
                    break;
                }
            }
            return SearchResultsUtil.constrainResults(builder.build(), i, i2);
        } catch (GroupNotFoundException e2) {
            logger.debug("Group with name <{}> does not exist and therefore has no members", str);
            return Collections.emptyList();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static <T> Iterable<T> toGenericIterable(Iterable iterable) {
        return iterable;
    }

    public Iterable<CrowdLdapName> findDirectMembersOfGroup(CrowdLdapName crowdLdapName, ContextMapperWithRequiredAttributes<CrowdLdapName> contextMapperWithRequiredAttributes, GroupUserCache groupUserCache) throws OperationFailedException {
        Iterable<CrowdLdapName> emptyList;
        Iterable<CrowdLdapName> ldapNames;
        if (this.ldapPropertiesMapper.isUsingUserMembershipAttribute()) {
            emptyList = groupUserCache.getUsersByUserGroupMembership(crowdLdapName);
            if (emptyList == null) {
                emptyList = searchEntities(this.searchDN.getUser(), getUsersByUserGroupMembershipAttributeFilter(crowdLdapName).encode(), contextMapperWithRequiredAttributes, 0, -1);
            }
        } else {
            emptyList = Collections.emptyList();
        }
        Optional<LDAPGroupWithAttributes> groupWithUserMembership = groupUserCache.getGroupWithUserMembership(crowdLdapName);
        Supplier supplier = groupWithUserMembership.isPresent() ? () -> {
            return groupWithUserMembership;
        } : Suppliers.memoize(() -> {
            return findGroup(crowdLdapName).map(this::postprocessGroup);
        });
        if (this.ldapPropertiesMapper.isUsingUserMembershipAttribute() && this.ldapPropertiesMapper.isNestedGroupsDisabled()) {
            ldapNames = Collections.emptyList();
        } else {
            Optional<LDAPGroupWithAttributes> optional = supplier.get();
            if (!optional.isPresent()) {
                return Collections.emptyList();
            }
            ldapNames = toLdapNames(getMemberDNs(optional.get()));
        }
        return Iterables.concat(emptyList, ldapNames, findAdditionalDirectMembers(crowdLdapName, supplier, groupUserCache));
    }

    protected Iterable<CrowdLdapName> findAdditionalDirectMembers(CrowdLdapName crowdLdapName, @Nullable Supplier<Optional<LDAPGroupWithAttributes>> supplier, GroupUserCache groupUserCache) throws OperationFailedException {
        return Collections.emptyList();
    }

    Optional<LDAPGroupWithAttributes> findGroup(CrowdLdapName crowdLdapName) {
        try {
            return Optional.of((LDAPGroupWithAttributes) this.ldapTemplate.get().lookup(crowdLdapName, getGroupContextMapper(GroupType.GROUP, true)));
        } catch (NameNotFoundException e) {
            if (!(e.getCause() instanceof javax.naming.NameNotFoundException)) {
                throw e;
            }
            logger.warn("Treating missing LDAP group as empty: {}", crowdLdapName);
            return Optional.empty();
        }
    }

    private AndFilter getUsersByUserGroupMembershipAttributeFilter(CrowdLdapName crowdLdapName) {
        AndFilter andFilter = new AndFilter();
        andFilter.and(new HardcodedFilter(this.ldapPropertiesMapper.getUserFilter()));
        andFilter.and(new EqualsFilter(this.ldapPropertiesMapper.getUserGroupMembershipsAttribute(), crowdLdapName.toString()));
        return andFilter;
    }

    private AndFilter getGroupsByGroupMemberAttributeFilter(CrowdLdapName crowdLdapName) {
        AndFilter andFilter = new AndFilter();
        andFilter.and(new HardcodedFilter(this.ldapPropertiesMapper.getGroupFilter()));
        andFilter.and(new EqualsFilter(this.ldapPropertiesMapper.getGroupMemberAttribute(), crowdLdapName.toString()));
        return andFilter;
    }

    private CrowdLdapName findGroupDnByName(String str) throws OperationFailedException, GroupNotFoundException {
        try {
            return (CrowdLdapName) Iterables.getOnlyElement(searchGroupObjects(QueryBuilder.queryFor(Group.class, EntityDescriptor.group()).with(Restriction.on(GroupTermKeys.NAME).exactlyMatching(str)).returningAtMost(1), DN_MAPPER));
        } catch (NoSuchElementException e) {
            throw new GroupNotFoundException(str);
        }
    }

    Iterable<CrowdLdapName> toLdapNames(Iterable<String> iterable) {
        Function<String, ? extends CrowdLdapName> function = TO_LDAP_NAME;
        Objects.requireNonNull(function);
        return Iterables.transform(iterable, (v1) -> {
            return r1.apply(v1);
        });
    }
}
