package com.unboundid.scim.ldap;

import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPURL;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.scim.schema.AttributeDescriptor;
import com.unboundid.scim.sdk.Debug;
import com.unboundid.scim.sdk.DebugType;
import com.unboundid.scim.sdk.InvalidResourceException;
import com.unboundid.scim.sdk.SCIMAttribute;
import com.unboundid.scim.sdk.SCIMAttributeValue;
import com.unboundid.scim.sdk.SCIMException;
import com.unboundid.scim.sdk.SCIMObject;
import com.unboundid.util.StaticUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;

/* loaded from: input_file:com/unboundid/scim/ldap/GroupsDerivedAttribute.class */
public class GroupsDerivedAttribute extends DerivedAttribute {
    private static final String HAVE_ISMEMBEROF = "haveIsMemberOf";
    private static final String ATTR_CN = "cn";
    private static final String ATTR_OBJECT_CLASS = "objectClass";
    private static final String ATTR_IS_MEMBER_OF = "isMemberOf";
    private static final String ATTR_MEMBER = "member";
    private static final String ATTR_MEMBER_URL = "memberURL";
    private static final String ATTR_UNIQUE_MEMBER = "uniqueMember";
    private static final String OC_GROUP_OF_URLS = "groupOfURLs";
    private static final String OC_VIRTUAL_STATIC_GROUP = "ds-virtual-static-group";
    private static final String DIRECT_GROUP = "direct";
    private static final String INDIRECT_GROUP = "indirect";
    private AttributeDescriptor descriptor;
    private LDAPSearchResolver groupResolver;
    private boolean haveIsMemberOf;

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public Set<String> getLDAPAttributeTypes() {
        return Collections.singleton(ATTR_IS_MEMBER_OF);
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public SCIMAttribute toSCIMAttribute(Entry entry, LDAPRequestInterface lDAPRequestInterface, LDAPSearchResolver lDAPSearchResolver) throws SCIMException {
        ArrayList arrayList = new ArrayList();
        if (this.groupResolver == null) {
            Debug.debug(Level.WARNING, DebugType.OTHER, "Cannot provide the groups attribute because there are no LDAPSearch parameters");
            return null;
        }
        try {
            if (!this.haveIsMemberOf) {
                LinkedList linkedList = new LinkedList();
                Iterator<DN> it = this.groupResolver.getBaseDNs().iterator();
                while (it.hasNext()) {
                    findGroupsForMember(entry, lDAPRequestInterface, it.next().toString(), groupsFilter(entry.getDN(), true), arrayList, linkedList, false);
                }
            } else if (entry.hasAttribute(ATTR_IS_MEMBER_OF)) {
                ArrayList arrayList2 = new ArrayList(3);
                arrayList2.add(ATTR_CN);
                arrayList2.add(ATTR_OBJECT_CLASS);
                this.groupResolver.addIdAttribute(arrayList2);
                String[] strArr = (String[]) arrayList2.toArray(new String[arrayList2.size()]);
                for (String str : entry.getAttributeValues(ATTR_IS_MEMBER_OF)) {
                    if (this.groupResolver.isDnInScope(str)) {
                        SearchRequest searchRequest = new SearchRequest(str, SearchScope.BASE, this.groupResolver.getFilterString(), strArr);
                        searchRequest.setSizeLimit(1);
                        Entry searchForEntry = lDAPRequestInterface.searchForEntry(searchRequest);
                        if (searchForEntry != null) {
                            boolean z = false;
                            if (!searchForEntry.hasObjectClass("groupOfURLs") && !searchForEntry.hasObjectClass(OC_VIRTUAL_STATIC_GROUP)) {
                                SearchRequest searchRequest2 = new SearchRequest(str, SearchScope.BASE, groupsFilter(entry.getDN(), false), new String[]{"1.1"});
                                searchRequest2.setSizeLimit(1);
                                z = lDAPRequestInterface.searchForEntry(searchRequest2) != null;
                            }
                            arrayList.add(createGroupValue(this.groupResolver.getIdFromEntry(searchForEntry), searchForEntry.getAttributeValue(ATTR_CN), z));
                        }
                    }
                }
            }
            if (arrayList.isEmpty()) {
                return null;
            }
            return SCIMAttribute.create(getAttributeDescriptor(), (SCIMAttributeValue[]) arrayList.toArray(new SCIMAttributeValue[arrayList.size()]));
        } catch (LDAPException e) {
            Debug.debugException(e);
            throw ResourceMapper.toSCIMException("Error searching for values of the groups attribute: " + StaticUtils.getExceptionMessage(e), e);
        }
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public void toLDAPAttributes(SCIMObject sCIMObject, Collection<Attribute> collection, LDAPRequestInterface lDAPRequestInterface, LDAPSearchResolver lDAPSearchResolver) throws SCIMException {
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public void initialize(AttributeDescriptor attributeDescriptor) {
        this.descriptor = attributeDescriptor;
        if (getArguments().containsKey(DerivedAttribute.LDAP_SEARCH_REF)) {
            Object obj = getArguments().get(DerivedAttribute.LDAP_SEARCH_REF);
            if (obj instanceof LDAPSearchResolver) {
                this.groupResolver = (LDAPSearchResolver) obj;
            }
        }
        this.haveIsMemberOf = true;
        Object obj2 = getArguments().get(HAVE_ISMEMBEROF);
        if (obj2 != null) {
            this.haveIsMemberOf = Boolean.valueOf(obj2.toString()).booleanValue();
        }
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public AttributeDescriptor getAttributeDescriptor() {
        return this.descriptor;
    }

    private Filter groupsFilter(String str, boolean z) throws LDAPException {
        Filter filter = null;
        if (this.groupResolver != null) {
            filter = Filter.create(this.groupResolver.getFilterString());
        }
        ArrayList arrayList = new ArrayList(3);
        arrayList.add(Filter.createEqualityFilter("member", str));
        arrayList.add(Filter.createEqualityFilter("uniqueMember", str));
        if (z) {
            arrayList.add(Filter.createEqualityFilter(ATTR_OBJECT_CLASS, "groupOfURLs"));
        }
        return filter != null ? Filter.createANDFilter(new Filter[]{filter, Filter.createORFilter(arrayList)}) : Filter.createORFilter(arrayList);
    }

    private void findGroupsForMember(Entry entry, LDAPRequestInterface lDAPRequestInterface, String str, Filter filter, List<SCIMAttributeValue> list, List<DN> list2, boolean z) throws LDAPException, InvalidResourceException {
        ArrayList arrayList = new ArrayList(4);
        arrayList.add(ATTR_CN);
        arrayList.add(ATTR_OBJECT_CLASS);
        arrayList.add("memberURL");
        this.groupResolver.addIdAttribute(arrayList);
        SearchResult search = lDAPRequestInterface.search(new SearchRequest(str, SearchScope.SUB, filter, (String[]) arrayList.toArray(new String[arrayList.size()])));
        ArrayList arrayList2 = new ArrayList(search.getEntryCount());
        for (Entry entry2 : search.getSearchEntries()) {
            DN parsedDN = entry2.getParsedDN();
            if (!list2.contains(parsedDN)) {
                list2.add(parsedDN);
                arrayList2.add(entry2);
                String idFromEntry = this.groupResolver.getIdFromEntry(entry2);
                if (entry2.hasObjectClass("groupOfURLs")) {
                    String attributeValue = entry2.getAttributeValue("memberURL");
                    if (attributeValue != null) {
                        LDAPURL ldapurl = new LDAPURL(attributeValue);
                        if (entry.matchesBaseAndScope(ldapurl.getBaseDN(), ldapurl.getScope()) && ldapurl.getFilter().matchesEntry(entry)) {
                            list.add(createGroupValue(idFromEntry, entry2.getAttributeValue(ATTR_CN), false));
                        }
                    }
                } else {
                    list.add(createGroupValue(idFromEntry, entry2.getAttributeValue(ATTR_CN), (z || entry2.hasObjectClass(OC_VIRTUAL_STATIC_GROUP)) ? false : true));
                }
            }
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            findGroupsForMember(entry, lDAPRequestInterface, str, groupsFilter(((SearchResultEntry) it.next()).getDN(), false), list, list2, true);
        }
    }

    private SCIMAttributeValue createGroupValue(String str, String str2, boolean z) throws InvalidResourceException {
        ArrayList arrayList = new ArrayList(3);
        arrayList.add(SCIMAttribute.create(getAttributeDescriptor().getSubAttribute("value"), new SCIMAttributeValue[]{SCIMAttributeValue.createStringValue(str)}));
        if (str2 != null) {
            arrayList.add(SCIMAttribute.create(getAttributeDescriptor().getSubAttribute("display"), new SCIMAttributeValue[]{SCIMAttributeValue.createStringValue(str2)}));
        }
        AttributeDescriptor subAttribute = getAttributeDescriptor().getSubAttribute("type");
        SCIMAttributeValue[] sCIMAttributeValueArr = new SCIMAttributeValue[1];
        sCIMAttributeValueArr[0] = SCIMAttributeValue.createStringValue(z ? DIRECT_GROUP : INDIRECT_GROUP);
        arrayList.add(SCIMAttribute.create(subAttribute, sCIMAttributeValueArr));
        return SCIMAttributeValue.createComplexValue(arrayList);
    }
}
