package com.unboundid.scim.ldap;

import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.ldap.sdk.AddRequest;
import com.unboundid.ldap.sdk.Attribute;
import com.unboundid.ldap.sdk.Control;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.DeleteRequest;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPResult;
import com.unboundid.ldap.sdk.LDAPSearchException;
import com.unboundid.ldap.sdk.Modification;
import com.unboundid.ldap.sdk.ModificationType;
import com.unboundid.ldap.sdk.ModifyDNRequest;
import com.unboundid.ldap.sdk.ModifyRequest;
import com.unboundid.ldap.sdk.RDN;
import com.unboundid.ldap.sdk.ReadOnlyEntry;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchRequest;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.controls.PostReadRequestControl;
import com.unboundid.ldap.sdk.controls.PostReadResponseControl;
import com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl;
import com.unboundid.ldap.sdk.controls.SimplePagedResultsControl;
import com.unboundid.ldap.sdk.controls.SortKey;
import com.unboundid.ldap.sdk.controls.VirtualListViewRequestControl;
import com.unboundid.ldap.sdk.controls.VirtualListViewResponseControl;
import com.unboundid.scim.data.AttributeValueResolver;
import com.unboundid.scim.data.BaseResource;
import com.unboundid.scim.data.Meta;
import com.unboundid.scim.schema.AttributeDescriptor;
import com.unboundid.scim.schema.CoreSchema;
import com.unboundid.scim.schema.ResourceDescriptor;
import com.unboundid.scim.sdk.AttributePath;
import com.unboundid.scim.sdk.Debug;
import com.unboundid.scim.sdk.DebugType;
import com.unboundid.scim.sdk.DeleteResourceRequest;
import com.unboundid.scim.sdk.GetResourceRequest;
import com.unboundid.scim.sdk.GetResourcesRequest;
import com.unboundid.scim.sdk.InvalidResourceException;
import com.unboundid.scim.sdk.PageParameters;
import com.unboundid.scim.sdk.PatchResourceRequest;
import com.unboundid.scim.sdk.PostResourceRequest;
import com.unboundid.scim.sdk.PutResourceRequest;
import com.unboundid.scim.sdk.ResourceNotFoundException;
import com.unboundid.scim.sdk.Resources;
import com.unboundid.scim.sdk.SCIMAttribute;
import com.unboundid.scim.sdk.SCIMAttributeValue;
import com.unboundid.scim.sdk.SCIMBackend;
import com.unboundid.scim.sdk.SCIMException;
import com.unboundid.scim.sdk.SCIMFilter;
import com.unboundid.scim.sdk.SCIMFilterType;
import com.unboundid.scim.sdk.SCIMObject;
import com.unboundid.scim.sdk.SCIMQueryAttributes;
import com.unboundid.scim.sdk.SCIMRequest;
import com.unboundid.scim.sdk.ServerErrorException;
import com.unboundid.scim.sdk.SortParameters;
import com.unboundid.scim.sdk.UnsupportedOperationException;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.Validator;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.ws.rs.core.UriBuilder;

/* loaded from: input_file:com/unboundid/scim/ldap/LDAPBackend.class */
public abstract class LDAPBackend extends SCIMBackend {
    private static final Set<String> DEFAULT_LASTMOD_ATTRS;
    private volatile Map<ResourceDescriptor, ResourceMapper> resourceMappers;
    private boolean supportsPostReadRequestControl = false;
    private boolean supportsVLVRequestControl = false;
    private boolean supportsSimplePagesResultsControl = false;

    public LDAPBackend(Map<ResourceDescriptor, ResourceMapper> map) {
        this.resourceMappers = map;
    }

    public void setResourceMappers(Map<ResourceDescriptor, ResourceMapper> map) {
        this.resourceMappers = map;
    }

    public void setSupportsPostReadRequestControl(boolean z) {
        this.supportsPostReadRequestControl = z;
    }

    public boolean supportsPostReadRequestControl() {
        return this.supportsPostReadRequestControl;
    }

    public void setSupportsVLVRequestControl(boolean z) {
        this.supportsVLVRequestControl = z;
    }

    public boolean supportsVLVRequestControl() {
        return this.supportsVLVRequestControl;
    }

    public void setSupportsSimplePagedResultsControl(boolean z) {
        this.supportsSimplePagesResultsControl = z;
    }

    public boolean supportsSimplePagedResultsControl() {
        return this.supportsSimplePagesResultsControl;
    }

    protected abstract LDAPRequestInterface getLDAPRequestInterface(String str) throws SCIMException;

    protected Set<String> getLastModAttributes() {
        return DEFAULT_LASTMOD_ATTRS;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResourceMapper getResourceMapper(ResourceDescriptor resourceDescriptor) throws SCIMException {
        ResourceMapper resourceMapper = this.resourceMappers.get(resourceDescriptor);
        if (resourceMapper == null) {
            throw new ServerErrorException("No resource mapper found for resource '" + resourceDescriptor.getName() + "'");
        }
        return resourceMapper;
    }

    public BaseResource getResource(GetResourceRequest getResourceRequest) throws SCIMException {
        ResourceMapper resourceMapper = getResourceMapper(getResourceRequest.getResourceDescriptor());
        HashSet hashSet = new HashSet();
        hashSet.addAll(resourceMapper.toLDAPAttributeTypes(getResourceRequest.getAttributes()));
        hashSet.addAll(getLastModAttributes());
        hashSet.add("objectclass");
        String[] strArr = new String[hashSet.size()];
        hashSet.toArray(strArr);
        LDAPRequestInterface lDAPRequestInterface = getLDAPRequestInterface(getResourceRequest.getAuthenticatedUserID());
        SearchResultEntry returnEntry = resourceMapper.getReturnEntry(lDAPRequestInterface, getResourceRequest.getResourceID(), getResourceRequest.getAttributes(), strArr);
        BaseResource baseResource = new BaseResource(getResourceRequest.getResourceDescriptor());
        setIdAndMetaAttributes(resourceMapper, baseResource, getResourceRequest, returnEntry, getResourceRequest.getAttributes());
        Iterator<SCIMAttribute> it = resourceMapper.toSCIMAttributes(returnEntry, getResourceRequest.getAttributes(), lDAPRequestInterface).iterator();
        while (it.hasNext()) {
            Validator.ensureTrue(baseResource.getScimObject().addAttribute(it.next()));
        }
        return baseResource;
    }

    public Resources<?> getResources(GetResourcesRequest getResourcesRequest) throws SCIMException {
        Set<DN> searchBaseDNs;
        SearchScope searchScope;
        ResourceMapper resourceMapper = getResourceMapper(getResourcesRequest.getResourceDescriptor());
        if (resourceMapper == null || !resourceMapper.supportsQuery()) {
            throw new UnsupportedOperationException("The requested operation is not supported on resource end-point '" + getResourcesRequest.getResourceDescriptor().getEndpoint() + "'");
        }
        try {
            SCIMFilter filter = getResourcesRequest.getFilter();
            Set<String> lDAPAttributeTypes = resourceMapper.toLDAPAttributeTypes(getResourcesRequest.getAttributes());
            lDAPAttributeTypes.addAll(getLastModAttributes());
            lDAPAttributeTypes.add("objectclass");
            int maxResults = getConfig().getMaxResults();
            LDAPRequestInterface lDAPRequestInterface = getLDAPRequestInterface(getResourcesRequest.getAuthenticatedUserID());
            ResourceSearchResultListener resourceSearchResultListener = new ResourceSearchResultListener(this, getResourcesRequest, lDAPRequestInterface, maxResults);
            SearchRequest searchRequest = null;
            if (filter != null && resourceMapper.idMapsToDn() && filter.getFilterType() == SCIMFilterType.EQUALITY) {
                AttributePath filterAttribute = filter.getFilterAttribute();
                if (filterAttribute.getAttributeSchema().equalsIgnoreCase("urn:scim:schemas:core:1.0") && filterAttribute.getAttributeName().equalsIgnoreCase("id")) {
                    String[] strArr = new String[lDAPAttributeTypes.size()];
                    lDAPAttributeTypes.toArray(strArr);
                    searchRequest = new SearchRequest(resourceSearchResultListener, filter.getFilterValue(), SearchScope.BASE, Filter.createPresenceFilter("objectclass"), strArr);
                }
            }
            if (getResourcesRequest.getBaseID() != null) {
                SearchResultEntry entryWithoutAttrs = resourceMapper.getEntryWithoutAttrs(lDAPRequestInterface, getResourcesRequest.getBaseID());
                boolean z = false;
                if (entryWithoutAttrs != null) {
                    Iterator<DN> it = resourceMapper.getSearchBaseDNs().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (it.next().isAncestorOf(entryWithoutAttrs.getParsedDN(), true)) {
                            z = true;
                            break;
                        }
                    }
                }
                if (!z) {
                    throw new InvalidResourceException("The specified base-id does not exist under any of the configured branches of the DIT.");
                }
                searchBaseDNs = Collections.singleton(entryWithoutAttrs.getParsedDN());
            } else {
                searchBaseDNs = resourceMapper.getSearchBaseDNs();
            }
            if (getResourcesRequest.getSearchScope() == null) {
                searchScope = SearchScope.SUB;
            } else if (SearchScope.BASE.getName().equalsIgnoreCase(getResourcesRequest.getSearchScope())) {
                searchScope = SearchScope.BASE;
            } else if (SearchScope.ONE.getName().equalsIgnoreCase(getResourcesRequest.getSearchScope())) {
                searchScope = SearchScope.ONE;
            } else if (SearchScope.SUB.getName().equalsIgnoreCase(getResourcesRequest.getSearchScope())) {
                searchScope = SearchScope.SUB;
            } else {
                if (!"subordinate".equalsIgnoreCase(getResourcesRequest.getSearchScope())) {
                    throw new InvalidResourceException("Search scope '" + getResourcesRequest.getSearchScope() + "' is not supported.");
                }
                searchScope = SearchScope.SUBORDINATE_SUBTREE;
            }
            SearchResult searchResult = null;
            int i = 1;
            int i2 = maxResults;
            for (DN dn : searchBaseDNs) {
                if (searchRequest == null) {
                    try {
                        Filter lDAPFilter = resourceMapper.toLDAPFilter(filter);
                        if (lDAPFilter == null) {
                            return new Resources<>(Collections.emptyList());
                        }
                        addFilterAttributes(lDAPAttributeTypes, lDAPFilter);
                        String[] strArr2 = new String[lDAPAttributeTypes.size()];
                        lDAPAttributeTypes.toArray(strArr2);
                        searchRequest = new SearchRequest(resourceSearchResultListener, dn.toString(), searchScope, lDAPFilter, strArr2);
                    } catch (InvalidResourceException e) {
                        throw new InvalidResourceException("Invalid filter: " + e.getLocalizedMessage(), e);
                    }
                }
                SortParameters sortParameters = getResourcesRequest.getSortParameters();
                if (sortParameters != null) {
                    try {
                        Control lDAPSortControl = resourceMapper.toLDAPSortControl(sortParameters);
                        if (lDAPSortControl != null) {
                            searchRequest.addControl(lDAPSortControl);
                        }
                    } catch (InvalidResourceException e2) {
                        throw new InvalidResourceException("Invalid sort parameters: " + e2.getLocalizedMessage(), e2);
                    }
                }
                PageParameters pageParameters = getResourcesRequest.getPageParameters();
                int totalResults = i2 - resourceSearchResultListener.getTotalResults();
                if (pageParameters != null) {
                    if (pageParameters.getCount() > 0) {
                        i2 = pageParameters.getCount();
                        totalResults = Math.min(i2, maxResults) - resourceSearchResultListener.getTotalResults();
                    }
                    if (this.supportsVLVRequestControl) {
                        searchRequest.setSizeLimit(0);
                        i = pageParameters.getStartIndex();
                        searchRequest.addControl(new VirtualListViewRequestControl(i, 0, totalResults - 1, 0, (ASN1OctetString) null, true));
                        if (!searchRequest.hasControl("1.2.840.113556.1.4.473")) {
                            searchRequest.addControl(new ServerSideSortRequestControl(new SortKey[]{new SortKey("uid")}));
                        }
                    } else if (this.supportsSimplePagesResultsControl) {
                        searchRequest.addControl(new SimplePagedResultsControl(totalResults));
                    } else {
                        searchRequest.setSizeLimit(totalResults);
                    }
                } else if (this.supportsSimplePagesResultsControl) {
                    searchRequest.addControl(new SimplePagedResultsControl(totalResults));
                } else {
                    searchRequest.setSizeLimit(totalResults);
                }
                ArrayList arrayList = new ArrayList();
                resourceMapper.addSearchControls(arrayList, getResourcesRequest.getAttributes());
                searchRequest.addControls((Control[]) arrayList.toArray(new Control[arrayList.size()]));
                try {
                    searchResult = lDAPRequestInterface.search(searchRequest);
                } catch (LDAPSearchException e3) {
                    if (!e3.getResultCode().equals(ResultCode.SIZE_LIMIT_EXCEEDED)) {
                        throw e3;
                    }
                    searchResult = e3.getSearchResult();
                    if (searchResult == null) {
                        throw e3;
                    }
                }
                if (searchRequest.getScope() == SearchScope.BASE || resourceSearchResultListener.getTotalResults() >= i2) {
                    break;
                }
                searchRequest = null;
            }
            List<BaseResource> resources = resourceSearchResultListener.getResources();
            List<BaseResource> subList = resources.subList(0, Math.min(resources.size(), i2));
            VirtualListViewResponseControl vLVResponseControl = getVLVResponseControl(searchResult);
            return vLVResponseControl != null ? new Resources<>(subList, vLVResponseControl.getContentCount(), i) : new Resources<>(subList, resourceSearchResultListener.getTotalResults(), i);
        } catch (LDAPException e4) {
            Debug.debugException(e4);
            throw ResourceMapper.toSCIMException(e4);
        }
    }

    public BaseResource postResource(PostResourceRequest postResourceRequest) throws SCIMException {
        if (getConfig().isCheckSchema()) {
            postResourceRequest.getResourceObject().checkSchema(postResourceRequest.getResourceDescriptor(), false);
        }
        for (SCIMAttribute sCIMAttribute : postResourceRequest.getResourceObject().getAttributes("urn:scim:schemas:core:1.0")) {
            if (sCIMAttribute.getAttributeDescriptor().isReadOnly()) {
                throw new InvalidResourceException("Attribute '" + sCIMAttribute.getName() + "' may not be provided in POST because it is read only");
            }
        }
        ResourceMapper resourceMapper = getResourceMapper(postResourceRequest.getResourceDescriptor());
        HashSet hashSet = new HashSet();
        hashSet.addAll(resourceMapper.toLDAPAttributeTypes(postResourceRequest.getAttributes()));
        hashSet.addAll(getLastModAttributes());
        hashSet.add("objectclass");
        String[] strArr = new String[hashSet.size()];
        hashSet.toArray(strArr);
        try {
            if (!resourceMapper.supportsCreate()) {
                throw new UnsupportedOperationException("The '" + postResourceRequest.getResourceDescriptor().getName() + "' resource definition does not support creation of resources");
            }
            LDAPRequestInterface lDAPRequestInterface = getLDAPRequestInterface(postResourceRequest.getAuthenticatedUserID());
            ReadOnlyEntry lDAPEntry = resourceMapper.toLDAPEntry(postResourceRequest.getResourceObject(), lDAPRequestInterface);
            AddRequest addRequest = new AddRequest(lDAPEntry);
            if (this.supportsPostReadRequestControl) {
                addRequest.addControl(new PostReadRequestControl(strArr));
            }
            PostReadResponseControl postReadResponseControl = getPostReadResponseControl(lDAPRequestInterface.add(addRequest));
            ReadOnlyEntry readOnlyEntry = lDAPEntry;
            if (postReadResponseControl != null) {
                readOnlyEntry = postReadResponseControl.getEntry();
            } else {
                ReadOnlyEntry searchForEntry = lDAPRequestInterface.searchForEntry(new SearchRequest(lDAPEntry.getDN(), SearchScope.BASE, Filter.createPresenceFilter("objectclass"), strArr));
                if (searchForEntry != null) {
                    readOnlyEntry = searchForEntry;
                }
            }
            BaseResource baseResource = new BaseResource(postResourceRequest.getResourceDescriptor());
            setIdAndMetaAttributes(resourceMapper, baseResource, postResourceRequest, readOnlyEntry, postResourceRequest.getAttributes());
            Iterator<SCIMAttribute> it = resourceMapper.toSCIMAttributes(new SearchResultEntry(readOnlyEntry, new Control[0]), postResourceRequest.getAttributes(), lDAPRequestInterface).iterator();
            while (it.hasNext()) {
                Validator.ensureTrue(baseResource.getScimObject().addAttribute(it.next()));
            }
            return baseResource;
        } catch (LDAPException e) {
            Debug.debugException(e);
            throw ResourceMapper.toSCIMException(e);
        }
    }

    public void deleteResource(DeleteResourceRequest deleteResourceRequest) throws SCIMException {
        ResourceMapper resourceMapper = getResourceMapper(deleteResourceRequest.getResourceDescriptor());
        try {
            LDAPRequestInterface lDAPRequestInterface = getLDAPRequestInterface(deleteResourceRequest.getAuthenticatedUserID());
            LDAPResult delete = lDAPRequestInterface.delete(new DeleteRequest(resourceMapper.getEntryWithoutAttrs(lDAPRequestInterface, deleteResourceRequest.getResourceID()).getDN()));
            if (delete.getResultCode().equals(ResultCode.SUCCESS)) {
            } else {
                throw new LDAPException(delete.getResultCode());
            }
        } catch (LDAPException e) {
            Debug.debugException(e);
            if (!e.getResultCode().equals(ResultCode.NO_SUCH_OBJECT)) {
                throw ResourceMapper.toSCIMException(e);
            }
            throw new ResourceNotFoundException("Resource " + deleteResourceRequest.getResourceID() + " not found");
        }
    }

    public BaseResource putResource(PutResourceRequest putResourceRequest) throws SCIMException {
        SearchResultEntry returnEntry;
        if (getConfig().isCheckSchema()) {
            putResourceRequest.getResourceObject().checkSchema(putResourceRequest.getResourceDescriptor(), false);
        }
        ResourceMapper resourceMapper = getResourceMapper(putResourceRequest.getResourceDescriptor());
        Set<String> modifiableLDAPAttributeTypes = resourceMapper.getModifiableLDAPAttributeTypes(putResourceRequest.getResourceObject());
        String[] strArr = new String[modifiableLDAPAttributeTypes.size()];
        modifiableLDAPAttributeTypes.toArray(strArr);
        String resourceID = putResourceRequest.getResourceID();
        ArrayList arrayList = new ArrayList();
        try {
            LDAPRequestInterface lDAPRequestInterface = getLDAPRequestInterface(putResourceRequest.getAuthenticatedUserID());
            SearchResultEntry entry = resourceMapper.getEntry(lDAPRequestInterface, resourceID, strArr);
            arrayList.addAll(resourceMapper.toLDAPModificationsForPut(entry, putResourceRequest.getResourceObject(), strArr, lDAPRequestInterface));
            HashSet hashSet = new HashSet();
            hashSet.addAll(resourceMapper.toLDAPAttributeTypes(putResourceRequest.getAttributes()));
            hashSet.addAll(getLastModAttributes());
            hashSet.add("objectclass");
            String[] strArr2 = new String[hashSet.size()];
            hashSet.toArray(strArr2);
            if (arrayList.isEmpty()) {
                returnEntry = resourceMapper.getReturnEntry(lDAPRequestInterface, resourceID, putResourceRequest.getAttributes(), strArr2);
            } else {
                Entry duplicate = entry.duplicate();
                ListIterator listIterator = arrayList.listIterator();
                ArrayList arrayList2 = new ArrayList(1);
                ArrayList arrayList3 = new ArrayList(1);
                while (listIterator.hasNext()) {
                    Modification modification = (Modification) listIterator.next();
                    if ((modification.getModificationType() == ModificationType.INCREMENT || modification.getModificationType() == ModificationType.REPLACE) && entry.getRDN().hasAttribute(modification.getAttributeName())) {
                        if (modification.getValues().length != 1) {
                            throw new InvalidResourceException("The '" + modification.getAttributeName() + "' attribute must contain exactly one value because it is an RDN attribute.");
                        }
                        listIterator.remove();
                        arrayList2.add(modification.getAttributeName());
                        arrayList3.add(modification.getValues()[0]);
                        DN parentDN = duplicate.getParentDN();
                        duplicate.setDN("");
                        duplicate = Entry.applyModifications(duplicate, true, new Modification[]{modification});
                        duplicate.setDN(new DN(new RDN((String[]) arrayList2.toArray(new String[arrayList2.size()]), (String[]) arrayList3.toArray(new String[arrayList3.size()])), parentDN));
                    }
                }
                PostReadResponseControl postReadResponseControl = null;
                if (!duplicate.getParsedDN().equals(entry.getParsedDN())) {
                    ModifyDNRequest modifyDNRequest = new ModifyDNRequest(entry.getDN(), duplicate.getRDN().toString(), true);
                    if (arrayList.isEmpty() && this.supportsPostReadRequestControl) {
                        modifyDNRequest.addControl(new PostReadRequestControl(strArr2));
                    }
                    LDAPResult modifyDN = lDAPRequestInterface.modifyDN(modifyDNRequest);
                    if (arrayList.isEmpty()) {
                        postReadResponseControl = getPostReadResponseControl(modifyDN);
                    }
                }
                if (!arrayList.isEmpty()) {
                    ModifyRequest modifyRequest = new ModifyRequest(duplicate.getDN(), arrayList);
                    if (this.supportsPostReadRequestControl) {
                        modifyRequest.addControl(new PostReadRequestControl(strArr2));
                    }
                    postReadResponseControl = getPostReadResponseControl(lDAPRequestInterface.modify(modifyRequest));
                }
                returnEntry = postReadResponseControl != null ? new SearchResultEntry(postReadResponseControl.getEntry(), new Control[0]) : resourceMapper.getReturnEntry(lDAPRequestInterface, resourceID, putResourceRequest.getAttributes(), strArr2);
            }
            BaseResource baseResource = new BaseResource(putResourceRequest.getResourceDescriptor());
            setIdAndMetaAttributes(resourceMapper, baseResource, putResourceRequest, returnEntry, putResourceRequest.getAttributes());
            Iterator<SCIMAttribute> it = resourceMapper.toSCIMAttributes(returnEntry, putResourceRequest.getAttributes(), lDAPRequestInterface).iterator();
            while (it.hasNext()) {
                Validator.ensureTrue(baseResource.getScimObject().addAttribute(it.next()));
            }
            return baseResource;
        } catch (LDAPException e) {
            Debug.debugException(e);
            throw ResourceMapper.toSCIMException(e);
        }
    }

    public BaseResource patchResource(PatchResourceRequest patchResourceRequest) throws SCIMException {
        SearchResultEntry returnEntry;
        SCIMObject resourceObject = patchResourceRequest.getResourceObject();
        Iterator it = resourceObject.getSchemas().iterator();
        while (it.hasNext()) {
            for (SCIMAttribute sCIMAttribute : resourceObject.getAttributes((String) it.next())) {
                if (sCIMAttribute.getAttributeDescriptor().isReadOnly() && !CoreSchema.ID_DESCRIPTOR.equals(sCIMAttribute.getAttributeDescriptor())) {
                    throw new InvalidResourceException("Attribute '" + sCIMAttribute.getName() + "' may not be provided in PATCH because it is read only");
                }
                if (sCIMAttribute.getAttributeDescriptor().isMultiValued()) {
                    for (SCIMAttributeValue sCIMAttributeValue : sCIMAttribute.getValues()) {
                        if (sCIMAttributeValue.isComplex()) {
                            for (SCIMAttribute sCIMAttribute2 : sCIMAttributeValue.getAttributes().values()) {
                                if (sCIMAttribute2.getAttributeDescriptor().isReadOnly()) {
                                    throw new InvalidResourceException("Attribute '" + sCIMAttribute.getName() + "." + sCIMAttribute2.getName() + "' may not be provided in PATCH because it is read only");
                                }
                            }
                        }
                    }
                } else if (sCIMAttribute.getValue().isComplex()) {
                    for (SCIMAttribute sCIMAttribute3 : sCIMAttribute.getValue().getAttributes().values()) {
                        if (sCIMAttribute3.getAttributeDescriptor().isReadOnly()) {
                            throw new InvalidResourceException("Attribute '" + sCIMAttribute.getName() + "." + sCIMAttribute3.getName() + "' may not be provided in PATCH because it is read only");
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        ResourceMapper resourceMapper = getResourceMapper(patchResourceRequest.getResourceDescriptor());
        Set<String> modifiableLDAPAttributeTypes = resourceMapper.getModifiableLDAPAttributeTypes(patchResourceRequest.getResourceObject());
        String[] strArr = new String[modifiableLDAPAttributeTypes.size()];
        modifiableLDAPAttributeTypes.toArray(strArr);
        String resourceID = patchResourceRequest.getResourceID();
        ArrayList arrayList = new ArrayList();
        try {
            LDAPRequestInterface lDAPRequestInterface = getLDAPRequestInterface(patchResourceRequest.getAuthenticatedUserID());
            SearchResultEntry entry = resourceMapper.getEntry(lDAPRequestInterface, resourceID, strArr);
            arrayList.addAll(resourceMapper.toLDAPModificationsForPatch(entry, patchResourceRequest.getResourceObject(), lDAPRequestInterface));
            HashSet hashSet = new HashSet();
            hashSet.addAll(resourceMapper.toLDAPAttributeTypes(patchResourceRequest.getAttributes()));
            hashSet.addAll(getLastModAttributes());
            hashSet.add("objectclass");
            String[] strArr2 = new String[hashSet.size()];
            hashSet.toArray(strArr2);
            if (arrayList.isEmpty()) {
                returnEntry = resourceMapper.getReturnEntry(lDAPRequestInterface, resourceID, patchResourceRequest.getAttributes(), strArr2);
            } else {
                if (getConfig().isCheckSchema()) {
                    checkSchemaForPatch(patchResourceRequest, entry, resourceMapper, lDAPRequestInterface);
                }
                Entry duplicate = entry.duplicate();
                ListIterator listIterator = arrayList.listIterator();
                ArrayList arrayList2 = new ArrayList(1);
                ArrayList arrayList3 = new ArrayList(1);
                while (listIterator.hasNext()) {
                    Modification modification = (Modification) listIterator.next();
                    if ((modification.getModificationType() == ModificationType.INCREMENT || modification.getModificationType() == ModificationType.REPLACE) && entry.getRDN().hasAttribute(modification.getAttributeName())) {
                        if (modification.getValues().length != 1) {
                            throw new InvalidResourceException("The '" + modification.getAttributeName() + "' attribute must contain exactly one value because it is an RDN attribute.");
                        }
                        listIterator.remove();
                        arrayList2.add(modification.getAttributeName());
                        arrayList3.add(modification.getValues()[0]);
                        DN parentDN = duplicate.getParentDN();
                        duplicate.setDN("");
                        duplicate = Entry.applyModifications(duplicate, true, new Modification[]{modification});
                        duplicate.setDN(new DN(new RDN((String[]) arrayList2.toArray(new String[arrayList2.size()]), (String[]) arrayList3.toArray(new String[arrayList3.size()])), parentDN));
                    }
                }
                if (Debug.debugEnabled()) {
                    Debug.debug(Level.FINE, DebugType.OTHER, "Patching resource, mods=" + arrayList);
                }
                PostReadResponseControl postReadResponseControl = null;
                if (!duplicate.getParsedDN().equals(entry.getParsedDN())) {
                    ModifyDNRequest modifyDNRequest = new ModifyDNRequest(entry.getDN(), duplicate.getRDN().toString(), true);
                    if (arrayList.isEmpty() && this.supportsPostReadRequestControl) {
                        modifyDNRequest.addControl(new PostReadRequestControl(strArr2));
                    }
                    postReadResponseControl = getPostReadResponseControl(lDAPRequestInterface.modifyDN(modifyDNRequest));
                }
                if (!arrayList.isEmpty()) {
                    ModifyRequest modifyRequest = new ModifyRequest(duplicate.getDN(), arrayList);
                    if (this.supportsPostReadRequestControl) {
                        modifyRequest.addControl(new PostReadRequestControl(strArr2));
                    }
                    postReadResponseControl = getPostReadResponseControl(lDAPRequestInterface.modify(modifyRequest));
                }
                returnEntry = postReadResponseControl != null ? new SearchResultEntry(postReadResponseControl.getEntry(), new Control[0]) : resourceMapper.getReturnEntry(lDAPRequestInterface, resourceID, patchResourceRequest.getAttributes(), strArr2);
            }
            BaseResource baseResource = new BaseResource(patchResourceRequest.getResourceDescriptor());
            setIdAndMetaAttributes(resourceMapper, baseResource, patchResourceRequest, returnEntry, patchResourceRequest.getAttributes());
            if (!patchResourceRequest.getAttributes().allAttributesRequested()) {
                Iterator<SCIMAttribute> it2 = resourceMapper.toSCIMAttributes(returnEntry, patchResourceRequest.getAttributes(), lDAPRequestInterface).iterator();
                while (it2.hasNext()) {
                    Validator.ensureTrue(baseResource.getScimObject().addAttribute(it2.next()));
                }
            }
            if (Debug.debugEnabled()) {
                Debug.debug(Level.FINE, DebugType.OTHER, "Returning resource from PATCH request: " + baseResource.toString());
            }
            return baseResource;
        } catch (LDAPException e) {
            Debug.debugException(e);
            throw ResourceMapper.toSCIMException(e);
        }
    }

    public Collection<ResourceDescriptor> getResourceDescriptors() {
        return this.resourceMappers.keySet();
    }

    public static void setIdAndMetaAttributes(ResourceMapper resourceMapper, BaseResource baseResource, SCIMRequest sCIMRequest, Entry entry, SCIMQueryAttributes sCIMQueryAttributes) throws SCIMException {
        String idFromEntry = resourceMapper.getIdFromEntry(entry);
        baseResource.setId(idFromEntry);
        Date date = null;
        Attribute attribute = entry.getAttribute("createTimestamp");
        if (attribute == null || !attribute.hasValue()) {
            Attribute attribute2 = entry.getAttribute("ds-create-time");
            if (attribute2 != null && attribute2.hasValue()) {
                try {
                    date = expandCompactTimestamp(attribute2.getValueByteArray());
                } catch (Exception e) {
                    Debug.debugException(e);
                }
            }
        } else {
            try {
                date = StaticUtils.decodeGeneralizedTime(attribute.getValue());
            } catch (ParseException e2) {
                Debug.debugException(e2);
            }
        }
        Date date2 = null;
        Attribute attribute3 = entry.getAttribute("modifyTimestamp");
        if (attribute3 == null || !attribute3.hasValue()) {
            Attribute attribute4 = entry.getAttribute("ds-update-time");
            if (attribute4 != null && attribute4.hasValue()) {
                try {
                    date2 = expandCompactTimestamp(attribute4.getValueByteArray());
                } catch (Exception e3) {
                    Debug.debugException(e3);
                }
            }
        } else {
            try {
                date2 = StaticUtils.decodeGeneralizedTime(attribute3.getValue());
            } catch (ParseException e4) {
                Debug.debugException(e4);
            }
        }
        UriBuilder fromUri = UriBuilder.fromUri(sCIMRequest.getBaseURL());
        if (!sCIMRequest.getBaseURL().getPath().endsWith("v1/")) {
            fromUri.path("v1");
        }
        fromUri.path(baseResource.getResourceDescriptor().getEndpoint());
        fromUri.path(idFromEntry);
        baseResource.setMeta(new Meta(date, date2, fromUri.build(new Object[0]), (String) null));
        if (sCIMQueryAttributes != null) {
            baseResource.getScimObject().setAttribute(sCIMQueryAttributes.pareAttribute(baseResource.getScimObject().getAttribute("urn:scim:schemas:core:1.0", "meta")));
        }
    }

    protected String getSASLAuthenticationID(String str) {
        if (str == null) {
            return "";
        }
        try {
            return "dn:" + new DN(str).toString();
        } catch (LDAPException e) {
            Debug.debugException(Level.FINE, e);
            return "u:" + str;
        }
    }

    private static VirtualListViewResponseControl getVLVResponseControl(SearchResult searchResult) throws LDAPException {
        VirtualListViewResponseControl responseControl;
        if (searchResult == null || (responseControl = searchResult.getResponseControl("2.16.840.1.113730.3.4.10")) == null) {
            return null;
        }
        return responseControl instanceof VirtualListViewResponseControl ? responseControl : new VirtualListViewResponseControl(responseControl.getOID(), responseControl.isCritical(), responseControl.getValue());
    }

    private static PostReadResponseControl getPostReadResponseControl(LDAPResult lDAPResult) throws LDAPException {
        PostReadResponseControl responseControl;
        if (lDAPResult == null || (responseControl = lDAPResult.getResponseControl("1.3.6.1.1.13.2")) == null) {
            return null;
        }
        return responseControl instanceof PostReadResponseControl ? responseControl : new PostReadResponseControl(responseControl.getOID(), responseControl.isCritical(), responseControl.getValue());
    }

    private static void addFilterAttributes(Set<String> set, Filter filter) {
        switch (filter.getFilterType()) {
            case -121:
            case -93:
            case -92:
            case -91:
            case -90:
            case -88:
                set.add(filter.getAttributeName());
                return;
            case -120:
            case -119:
            case -118:
            case -117:
            case -116:
            case -115:
            case -114:
            case -113:
            case -112:
            case -111:
            case -110:
            case -109:
            case -108:
            case -107:
            case -106:
            case -105:
            case -104:
            case -103:
            case -102:
            case -101:
            case -100:
            case -99:
            case -98:
            case -97:
            case -89:
            default:
                return;
            case -96:
            case -95:
                for (Filter filter2 : filter.getComponents()) {
                    addFilterAttributes(set, filter2);
                }
                return;
            case -94:
                addFilterAttributes(set, filter.getNOTComponent());
                return;
        }
    }

    private static Date expandCompactTimestamp(byte[] bArr) {
        if (bArr.length != 8) {
            throw new IllegalArgumentException("The compact representation of the timestamp was not 8 bytes");
        }
        long j = 0;
        for (int i = 0; i < 8; i++) {
            j = (j << 8) | (bArr[i] & 255);
        }
        return new Date(j);
    }

    protected static void checkSchemaForPatch(PatchResourceRequest patchResourceRequest, SearchResultEntry searchResultEntry, ResourceMapper resourceMapper, LDAPRequestInterface lDAPRequestInterface) throws SCIMException {
        SCIMAttribute attribute;
        SCIMObject resourceObject = patchResourceRequest.getResourceObject();
        ResourceDescriptor resourceDescriptor = patchResourceRequest.getResourceDescriptor();
        SCIMAttribute attribute2 = resourceObject.getAttribute("urn:scim:schemas:core:1.0", CoreSchema.META_DESCRIPTOR.getName());
        if (attribute2 != null && (attribute = attribute2.getValue().getAttribute("attributes")) != null) {
            for (SCIMAttributeValue sCIMAttributeValue : attribute.getValues()) {
                AttributePath parse = sCIMAttributeValue.isComplex() ? AttributePath.parse((String) sCIMAttributeValue.getSubAttributeValue("value", AttributeValueResolver.STRING_RESOLVER), resourceMapper.getDefaultSchemaURI()) : AttributePath.parse(sCIMAttributeValue.getStringValue(), resourceMapper.getDefaultSchemaURI());
                AttributeDescriptor attribute3 = resourceDescriptor.getAttribute(parse.getAttributeSchema(), parse.getAttributeName());
                if (parse.getSubAttributeName() != null) {
                    attribute3 = attribute3.getSubAttribute(parse.getSubAttributeName());
                }
                if (attribute3.isRequired()) {
                    throw new InvalidResourceException("Attribute '" + parse.toString() + "' may not be removed because it is required");
                }
            }
        }
        for (String str : resourceObject.getSchemas()) {
            for (SCIMAttribute sCIMAttribute : resourceObject.getAttributes(str)) {
                if (sCIMAttribute.getAttributeDescriptor().isRequired() && sCIMAttribute.getAttributeDescriptor().isMultiValued()) {
                    int i = 0;
                    SCIMAttributeValue[] values = sCIMAttribute.getValues();
                    int length = values.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= length) {
                            break;
                        }
                        SCIMAttributeValue sCIMAttributeValue2 = values[i2];
                        if (sCIMAttributeValue2.isComplex()) {
                            if (!"delete".equalsIgnoreCase((String) sCIMAttributeValue2.getSubAttributeValue("operation", AttributeValueResolver.STRING_RESOLVER))) {
                                i = 0;
                                break;
                            }
                            i++;
                        }
                        i2++;
                    }
                    if (i > 0) {
                        List<SCIMAttribute> sCIMAttributes = resourceMapper.toSCIMAttributes(searchResultEntry, new SCIMQueryAttributes(Collections.singletonMap(sCIMAttribute.getAttributeDescriptor(), Collections.emptySet())), lDAPRequestInterface);
                        if (!sCIMAttributes.isEmpty() && sCIMAttributes.get(0).getValues().length <= i) {
                            throw new InvalidResourceException("Multi-valued attribute '" + str + ":" + sCIMAttribute.getAttributeDescriptor().getName() + "' is required and must have at least one value");
                        }
                    } else {
                        continue;
                    }
                }
            }
        }
    }

    static {
        HashSet hashSet = new HashSet(2);
        hashSet.add("createTimestamp");
        hashSet.add("modifyTimestamp");
        DEFAULT_LASTMOD_ATTRS = Collections.unmodifiableSet(hashSet);
    }
}
