package com.unboundid.scim.ldap;

import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPURL;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.scim.schema.AttributeDescriptor;
import com.unboundid.scim.sdk.Debug;
import com.unboundid.scim.sdk.DebugType;
import com.unboundid.scim.sdk.InvalidResourceException;
import com.unboundid.scim.sdk.ResourceNotFoundException;
import com.unboundid.scim.sdk.SCIMAttribute;
import com.unboundid.scim.sdk.SCIMAttributeValue;
import com.unboundid.scim.sdk.SCIMException;
import com.unboundid.scim.sdk.SCIMObject;
import com.unboundid.util.StaticUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;

/* loaded from: input_file:com/unboundid/scim/ldap/MembersDerivedAttribute.class */
public class MembersDerivedAttribute extends DerivedAttribute {
    public static final String ATTR_MEMBER = "member";
    public static final String ATTR_UNIQUE_MEMBER = "uniqueMember";
    public static final String ATTR_MEMBER_URL = "memberURL";
    public static final String OC_GROUP_OF_NAMES = "groupOfNames";
    public static final String OC_GROUP_OF_UNIQUE_NAMES = "groupOfUniqueNames";
    public static final String OC_GROUP_OF_ENTRIES = "groupOfEntries";
    public static final String OC_GROUP_OF_URLS = "groupOfURLs";
    protected AttributeDescriptor descriptor;
    protected LDAPSearchResolver userResolver;
    protected static Set<String> ldapAttributeTypes = new HashSet();

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public Set<String> getLDAPAttributeTypes() {
        return ldapAttributeTypes;
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public SCIMAttribute toSCIMAttribute(Entry entry, LDAPRequestInterface lDAPRequestInterface, LDAPSearchResolver lDAPSearchResolver) throws SCIMException {
        SCIMAttributeValue createMemberValue;
        ArrayList arrayList = new ArrayList();
        try {
            Set<String> filterAndIdAttributes = lDAPSearchResolver.getFilterAndIdAttributes();
            if (this.userResolver != null) {
                filterAndIdAttributes.addAll(this.userResolver.getFilterAndIdAttributes());
            }
            String[] strArr = (String[]) filterAndIdAttributes.toArray(new String[filterAndIdAttributes.size()]);
            String[] strArr2 = null;
            if (entry.hasObjectClass(OC_GROUP_OF_NAMES) || entry.hasObjectClass(OC_GROUP_OF_ENTRIES)) {
                if (entry.hasAttribute(ATTR_MEMBER)) {
                    strArr2 = entry.getAttributeValues(ATTR_MEMBER);
                }
            } else if (entry.hasObjectClass(OC_GROUP_OF_UNIQUE_NAMES)) {
                if (entry.hasAttribute(ATTR_UNIQUE_MEMBER)) {
                    strArr2 = entry.getAttributeValues(ATTR_UNIQUE_MEMBER);
                }
            } else if (entry.hasObjectClass(OC_GROUP_OF_URLS) && entry.hasAttribute(ATTR_MEMBER_URL)) {
                for (String str : entry.getAttributeValues(ATTR_MEMBER_URL)) {
                    LDAPURL ldapurl = new LDAPURL(str);
                    SearchResult search = lDAPRequestInterface.search(new SearchRequest(ldapurl.getBaseDN().toString(), SearchScope.SUB, ldapurl.getFilter(), strArr));
                    if (search.getEntryCount() > 0) {
                        Iterator it = search.getSearchEntries().iterator();
                        while (it.hasNext()) {
                            SCIMAttributeValue createMemberValue2 = createMemberValue(lDAPSearchResolver, (SearchResultEntry) it.next());
                            if (createMemberValue2 != null) {
                                arrayList.add(createMemberValue2);
                            }
                        }
                    }
                }
            }
            if (strArr2 != null) {
                for (String str2 : strArr2) {
                    if ((this.userResolver != null && this.userResolver.isDnInScope(str2)) || lDAPSearchResolver.isDnInScope(str2)) {
                        SearchResult search2 = lDAPRequestInterface.search(new SearchRequest(str2, SearchScope.BASE, "(objectclass=*)", strArr));
                        if (search2.getEntryCount() == 1 && (createMemberValue = createMemberValue(lDAPSearchResolver, (SearchResultEntry) search2.getSearchEntries().get(0))) != null) {
                            arrayList.add(createMemberValue);
                        }
                    }
                }
            }
            if (arrayList.isEmpty()) {
                return null;
            }
            return SCIMAttribute.create(getAttributeDescriptor(), (SCIMAttributeValue[]) arrayList.toArray(new SCIMAttributeValue[arrayList.size()]));
        } catch (LDAPException e) {
            Debug.debugException(e);
            throw ResourceMapper.toSCIMException("Error searching for values of the members attribute: " + StaticUtils.getExceptionMessage(e), e);
        }
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public void initialize(AttributeDescriptor attributeDescriptor) {
        this.descriptor = attributeDescriptor;
        if (getArguments().containsKey(DerivedAttribute.LDAP_SEARCH_REF)) {
            Object obj = getArguments().get(DerivedAttribute.LDAP_SEARCH_REF);
            if (obj instanceof LDAPSearchResolver) {
                this.userResolver = (LDAPSearchResolver) obj;
            }
        }
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public AttributeDescriptor getAttributeDescriptor() {
        return this.descriptor;
    }

    protected SCIMAttributeValue createMemberValue(LDAPSearchResolver lDAPSearchResolver, Entry entry) throws SCIMException {
        ArrayList arrayList = new ArrayList(2);
        if (this.userResolver != null && this.userResolver.isResourceEntry(entry)) {
            String idFromEntry = this.userResolver.getIdFromEntry(entry);
            arrayList.add(SCIMAttribute.create(getAttributeDescriptor().getSubAttribute("type"), new SCIMAttributeValue[]{SCIMAttributeValue.createStringValue("User")}));
            arrayList.add(SCIMAttribute.create(getAttributeDescriptor().getSubAttribute("value"), new SCIMAttributeValue[]{SCIMAttributeValue.createStringValue(idFromEntry)}));
            return SCIMAttributeValue.createComplexValue(arrayList);
        }
        if (lDAPSearchResolver.isResourceEntry(entry)) {
            String idFromEntry2 = lDAPSearchResolver.getIdFromEntry(entry);
            arrayList.add(SCIMAttribute.create(getAttributeDescriptor().getSubAttribute("type"), new SCIMAttributeValue[]{SCIMAttributeValue.createStringValue("Group")}));
            arrayList.add(SCIMAttribute.create(getAttributeDescriptor().getSubAttribute("value"), new SCIMAttributeValue[]{SCIMAttributeValue.createStringValue(idFromEntry2)}));
            return SCIMAttributeValue.createComplexValue(arrayList);
        }
        if (!Debug.debugEnabled()) {
            return null;
        }
        Debug.debug(Level.INFO, DebugType.OTHER, "Skipping group member '" + entry.getDN() + "' for group '" + entry.getDN() + "' because it is not within the scope of the SCIM User or Group resources.");
        return null;
    }

    @Override // com.unboundid.scim.ldap.DerivedAttribute
    public void toLDAPAttributes(SCIMObject sCIMObject, Collection<Attribute> collection, LDAPRequestInterface lDAPRequestInterface, LDAPSearchResolver lDAPSearchResolver) throws InvalidResourceException {
        SCIMAttribute attribute = sCIMObject.getAttribute(getAttributeDescriptor().getSchema(), getAttributeDescriptor().getName());
        if (attribute != null) {
            for (SCIMAttributeValue sCIMAttributeValue : attribute.getValues()) {
                SCIMAttribute attribute2 = sCIMAttributeValue.getAttribute("type");
                String stringValue = attribute2 != null ? attribute2.getValue().getStringValue() : null;
                String stringValue2 = sCIMAttributeValue.getAttribute("value").getValue().getStringValue();
                String str = null;
                if (stringValue == null) {
                    try {
                        if (this.userResolver != null) {
                            try {
                                str = this.userResolver.getDnFromId(lDAPRequestInterface, stringValue2);
                            } catch (ResourceNotFoundException e) {
                            }
                        }
                        if (str == null) {
                            str = lDAPSearchResolver.getDnFromId(lDAPRequestInterface, stringValue2);
                        }
                        collection.add(new Attribute(ATTR_UNIQUE_MEMBER, str));
                    } catch (Exception e2) {
                        Debug.debugException(e2);
                        throw new InvalidResourceException(e2.getMessage());
                    }
                } else {
                    if (stringValue.equalsIgnoreCase("User")) {
                        str = this.userResolver.getDnFromId(lDAPRequestInterface, stringValue2);
                    } else {
                        if (!stringValue.equalsIgnoreCase("Group")) {
                            throw new InvalidResourceException("Group member type '" + stringValue + " is not valid. Member values must be of type 'User' or 'Group'");
                        }
                        str = lDAPSearchResolver.getDnFromId(lDAPRequestInterface, stringValue2);
                    }
                    collection.add(new Attribute(ATTR_UNIQUE_MEMBER, str));
                }
            }
        }
    }

    static {
        ldapAttributeTypes.add(ATTR_MEMBER);
        ldapAttributeTypes.add(ATTR_UNIQUE_MEMBER);
        ldapAttributeTypes.add(ATTR_MEMBER_URL);
    }
}
