package de.acosix.alfresco.mtsupport.repo.auth.ldap;

import de.acosix.alfresco.mtsupport.repo.sync.EnhancedUserRegistry;
import de.acosix.alfresco.mtsupport.repo.sync.UserAccountInterpreter;
import java.io.Serializable;
import java.text.DateFormat;
import java.text.MessageFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.AbstractCollection;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.InvalidNameException;
import javax.naming.Name;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.management.subsystems.ActivateableBean;
import org.alfresco.repo.security.authentication.AuthenticationDiagnostic;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactory;
import org.alfresco.repo.security.sync.NodeDescription;
import org.alfresco.repo.security.sync.ldap.LDAPNameResolver;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.Pair;
import org.alfresco.util.PropertyCheck;
import org.alfresco.util.PropertyMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:de/acosix/alfresco/mtsupport/repo/auth/ldap/EnhancedLDAPUserRegistry.class */
public class EnhancedLDAPUserRegistry implements EnhancedUserRegistry, LDAPNameResolver, InitializingBean, ActivateableBean {
    private static final Logger LOGGER = LoggerFactory.getLogger(EnhancedLDAPUserRegistry.class);
    private static final Pattern PATTERN_RANGE_END = Pattern.compile(";range=[0-9]+-\\*");
    protected String groupSearchBase;
    protected String userSearchBase;
    protected LDAPInitialDirContextFactory ldapInitialContextFactory;
    protected NamespaceService namespaceService;
    protected Map<String, String> personAttributeMapping;
    protected Map<String, String> groupAttributeMapping;
    protected int queryBatchSize;
    protected int attributeBatchSize;
    protected boolean errorOnMissingMembers;
    protected boolean errorOnDuplicateGID;
    protected Pair<String[], Set<QName>> userKeys;
    protected Pair<String[], Set<QName>> groupKeys;
    protected DateFormat timestampFormat;
    protected UserAccountInterpreter userAccountInterpreter;
    protected Map<String, AttributeValueMapper> attributeValueMappers;
    private boolean active = true;
    protected boolean enableProgressEstimation = true;
    protected String groupQuery = "(objectclass=groupOfNames)";
    protected String groupDifferentialQuery = "(&(objectclass=groupOfNames)(!(modifyTimestamp<={0})))";
    protected String personQuery = "(objectclass=inetOrgPerson)";
    protected String personDifferentialQuery = "(&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0})))";
    protected String groupIdAttributeName = "cn";
    protected String userIdAttributeName = "uid";
    protected String memberAttributeName = "member";
    protected String modifyTimestampAttributeName = "modifyTimestamp";
    protected String groupType = "groupOfNames";
    protected String personType = "inetOrgPerson";
    protected Map<String, String> personAttributeDefaults = Collections.emptyMap();
    protected Map<String, String> groupAttributeDefaults = Collections.emptyMap();
    protected boolean errorOnMissingGID = false;
    protected boolean errorOnMissingUID = false;

    public EnhancedLDAPUserRegistry() {
        setTimestampFormat("yyyyMMddHHmmss'Z'");
    }

    public void setActive(boolean z) {
        this.active = z;
    }

    public void setEnableProgressEstimation(boolean z) {
        this.enableProgressEstimation = z;
    }

    public void setGroupIdAttributeName(String str) {
        this.groupIdAttributeName = str;
    }

    public void setGroupQuery(String str) {
        this.groupQuery = str;
    }

    public void setGroupDifferentialQuery(String str) {
        this.groupDifferentialQuery = str;
    }

    public void setPersonQuery(String str) {
        this.personQuery = str;
    }

    public void setPersonDifferentialQuery(String str) {
        this.personDifferentialQuery = str;
    }

    public void setGroupType(String str) {
        this.groupType = str;
    }

    public void setMemberAttribute(String str) {
        this.memberAttributeName = str;
    }

    public void setPersonType(String str) {
        this.personType = str;
    }

    public void setGroupSearchBase(String str) {
        this.groupSearchBase = str;
    }

    public void setUserSearchBase(String str) {
        this.userSearchBase = str;
    }

    public void setUserIdAttributeName(String str) {
        this.userIdAttributeName = str;
    }

    public void setModifyTimestampAttributeName(String str) {
        this.modifyTimestampAttributeName = str;
    }

    public void setTimestampFormat(String str) {
        this.timestampFormat = new SimpleDateFormat(str, Locale.UK);
        this.timestampFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
    }

    public void setErrorOnMissingMembers(boolean z) {
        this.errorOnMissingMembers = z;
    }

    public void setErrorOnMissingGID(boolean z) {
        this.errorOnMissingGID = z;
    }

    public void setErrorOnMissingUID(boolean z) {
        this.errorOnMissingUID = z;
    }

    public void setErrorOnDuplicateGID(boolean z) {
        this.errorOnDuplicateGID = z;
    }

    public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory lDAPInitialDirContextFactory) {
        this.ldapInitialContextFactory = lDAPInitialDirContextFactory;
    }

    public void setNamespaceService(NamespaceService namespaceService) {
        this.namespaceService = namespaceService;
    }

    public void setPersonAttributeDefaults(Map<String, String> map) {
        this.personAttributeDefaults = map;
    }

    public void setPersonAttributeMapping(Map<String, String> map) {
        this.personAttributeMapping = map;
    }

    public void setGroupAttributeDefaults(Map<String, String> map) {
        this.groupAttributeDefaults = map;
    }

    public void setGroupAttributeMapping(Map<String, String> map) {
        this.groupAttributeMapping = map;
    }

    public void setQueryBatchSize(int i) {
        this.queryBatchSize = i;
    }

    public void setAttributeBatchSize(int i) {
        this.attributeBatchSize = i;
    }

    public void setUserAccountInterpreter(UserAccountInterpreter userAccountInterpreter) {
        this.userAccountInterpreter = userAccountInterpreter;
    }

    public void setAttributeValueMappers(Map<String, AttributeValueMapper> map) {
        this.attributeValueMappers = map;
    }

    @Override // de.acosix.alfresco.mtsupport.repo.sync.EnhancedUserRegistry
    public UserAccountInterpreter getUserAccountInterpreter() {
        return this.userAccountInterpreter;
    }

    public boolean isActive() {
        return this.active;
    }

    public void afterPropertiesSet() throws Exception {
        PropertyCheck.mandatory(this, "namespaceService", this.namespaceService);
        PropertyCheck.mandatory(this, "ldapInitialContextFactory", this.ldapInitialContextFactory);
        if (this.personAttributeMapping == null) {
            this.personAttributeMapping = new HashMap(5);
        }
        this.personAttributeMapping.put(ContentModel.PROP_USERNAME.toPrefixString(this.namespaceService), this.userIdAttributeName);
        this.userKeys = initKeys(this.personAttributeMapping, new String[0]);
        if (this.groupAttributeMapping == null) {
            this.groupAttributeMapping = new HashMap(5);
        }
        this.groupAttributeMapping.put(ContentModel.PROP_AUTHORITY_NAME.toPrefixString(this.namespaceService), this.groupIdAttributeName);
        Map<String, String> map = this.groupAttributeMapping;
        String[] strArr = new String[1];
        strArr[0] = this.attributeBatchSize > 0 ? this.memberAttributeName + ";range=0-" + (this.attributeBatchSize - 1) : this.memberAttributeName;
        this.groupKeys = initKeys(map, strArr);
    }

    public Set<QName> getPersonMappedProperties() {
        return (Set) this.userKeys.getSecond();
    }

    public Collection<NodeDescription> getPersons(Date date) {
        String format = date == null ? this.personQuery : new MessageFormat(this.personDifferentialQuery, Locale.ENGLISH).format(new Object[]{this.timestampFormat.format(date)});
        Supplier<InitialDirContext> buildContextSupplier = buildContextSupplier();
        Function<InitialDirContext, Boolean> buildNextPageChecker = buildNextPageChecker();
        Function<InitialDirContext, NamingEnumeration<SearchResult>> buildUserSearcher = buildUserSearcher(format);
        AtomicInteger atomicInteger = new AtomicInteger(-1);
        if (this.enableProgressEstimation) {
            processQuery(searchResult -> {
                atomicInteger.getAndIncrement();
            }, this.userSearchBase, format, new String[0]);
        }
        return new PersonCollection(buildContextSupplier, buildNextPageChecker, buildUserSearcher, buildUserMapper(), this.queryBatchSize, atomicInteger.get());
    }

    public Collection<String> getPersonNames() {
        ArrayList arrayList = new ArrayList(20);
        processQuery(searchResult -> {
            Attribute attribute = searchResult.getAttributes().get(this.userIdAttributeName);
            if (attribute == null) {
                if (this.errorOnMissingUID) {
                    throw new AlfrescoRuntimeException("synchronization.err.ldap.get.user.id.missing", new Object[]{searchResult.getNameInNamespace(), this.userIdAttributeName});
                }
                LOGGER.warn("User missing user id attribute DN ={}  att = {}", searchResult.getNameInNamespace(), this.userIdAttributeName);
            } else {
                String str = (String) mapAttribute(attribute, String.class).iterator().next();
                LOGGER.debug("Person DN recognized: {}", str);
                arrayList.add(str);
            }
        }, this.userSearchBase, this.personQuery, new String[]{this.userIdAttributeName});
        return arrayList;
    }

    public Collection<NodeDescription> getGroups(Date date) {
        LdapName resolveDistinguishedNamePrefix = resolveDistinguishedNamePrefix(this.groupSearchBase);
        LdapName resolveDistinguishedNamePrefix2 = resolveDistinguishedNamePrefix(this.userSearchBase);
        boolean z = (resolveDistinguishedNamePrefix.startsWith(resolveDistinguishedNamePrefix2) || resolveDistinguishedNamePrefix2.startsWith(resolveDistinguishedNamePrefix)) ? false : true;
        String format = date == null ? this.groupQuery : new MessageFormat(this.groupDifferentialQuery, Locale.ENGLISH).format(new Object[]{this.timestampFormat.format(date)});
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap();
        processQuery(searchResult -> {
            Attribute attribute = searchResult.getAttributes().get(this.groupIdAttributeName);
            if (attribute == null) {
                if (this.errorOnMissingUID) {
                    throw new AlfrescoRuntimeException("synchronization.err.ldap.get.group.id.missing", new Object[]{searchResult.getNameInNamespace(), this.groupIdAttributeName});
                }
                LOGGER.warn("Missing GID on {}", searchResult.getNameInNamespace());
                return;
            }
            String str = (String) mapAttribute(attribute, String.class).iterator().next();
            LOGGER.debug("Group DN recognized: {}", str);
            if (!hashSet.contains(str)) {
                hashSet.add(str);
            } else {
                if (this.errorOnDuplicateGID) {
                    throw new AlfrescoRuntimeException("Duplicate group id found: " + str);
                }
                LOGGER.warn("Duplicate gid found for {} -> merging definitions", str);
                ((AtomicInteger) hashMap.computeIfAbsent(str, str2 -> {
                    return new AtomicInteger(1);
                })).getAndIncrement();
            }
        }, this.groupSearchBase, this.groupQuery, new String[]{this.groupIdAttributeName});
        return new PersonCollection(buildContextSupplier(), buildNextPageChecker(), buildGroupSearcher(format), buildGroupMapper(z, resolveDistinguishedNamePrefix, resolveDistinguishedNamePrefix2), this.queryBatchSize, hashSet.size());
    }

    public Collection<String> getGroupNames() {
        ArrayList arrayList = new ArrayList(20);
        processQuery(searchResult -> {
            Attribute attribute = searchResult.getAttributes().get(this.groupIdAttributeName);
            if (attribute == null) {
                if (this.errorOnMissingUID) {
                    throw new AlfrescoRuntimeException("synchronization.err.ldap.get.group.id.missing", new Object[]{searchResult.getNameInNamespace(), this.groupIdAttributeName});
                }
                LOGGER.warn("Missing GID on {}", searchResult.getNameInNamespace());
            } else {
                String str = (String) mapAttribute(attribute, String.class).iterator().next();
                LOGGER.debug("Group DN recognized: {}", str);
                arrayList.add(AuthorityType.GROUP.getPrefixString() + str);
            }
        }, this.groupSearchBase, this.groupQuery, new String[]{this.groupIdAttributeName});
        return arrayList;
    }

    public String resolveDistinguishedName(String str, AuthenticationDiagnostic authenticationDiagnostic) throws AuthenticationException {
        LOGGER.debug("resolveDistinguishedName userId: {}", str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(new String[]{this.userIdAttributeName});
        String str2 = this.userSearchBase + "(&" + this.personQuery + "(" + this.userIdAttributeName + "= userId))";
        try {
            try {
                InitialDirContext defaultIntialDirContext = this.ldapInitialContextFactory.getDefaultIntialDirContext(authenticationDiagnostic);
                NamingEnumeration<SearchResult> search = defaultIntialDirContext.search(this.userSearchBase, "(&" + this.personQuery + "(" + this.userIdAttributeName + "={0}))", new Object[]{str}, searchControls);
                if (search.hasMore()) {
                    SearchResult searchResult = (SearchResult) search.next();
                    Attributes attributes = searchResult.getAttributes();
                    Attribute attribute = attributes.get(this.userIdAttributeName);
                    if (attribute == null) {
                        if (this.errorOnMissingUID) {
                            throw new AlfrescoRuntimeException("User returned by user search does not have mandatory user id attribute " + attributes);
                        }
                        LOGGER.warn("User returned by user search does not have mandatory user id attribute {}", attributes);
                    } else if (str.equalsIgnoreCase((String) attribute.get(0))) {
                        String nameInNamespace = searchResult.getNameInNamespace();
                        commonCloseSearchResult(searchResult);
                        commonAfterQueryCleanup(search, null, defaultIntialDirContext);
                        return nameInNamespace;
                    }
                    commonCloseSearchResult(searchResult);
                }
                Object[] objArr = {str, str2};
                authenticationDiagnostic.addStep("authentication.step.ldap.lookup", false, objArr);
                throw new AuthenticationException("authentication.err.connection.ldap.user.notfound", objArr, authenticationDiagnostic);
            } catch (NamingException e) {
                authenticationDiagnostic.addStep("authentication.ldap.search", false, new Object[]{str, str2});
                throw new AuthenticationException("authentication.err.connection.ldap.search", authenticationDiagnostic, new Object[]{e.getLocalizedMessage()}, e);
            }
        } catch (Throwable th) {
            commonAfterQueryCleanup(null, null, null);
            throw th;
        }
    }

    protected void commonCloseSearchResult(SearchResult searchResult) throws NamingException {
        Context context = (Context) searchResult.getObject();
        if (context != null) {
            context.close();
        }
    }

    protected void commonAfterQueryCleanup(NamingEnumeration<SearchResult> namingEnumeration, SearchResult searchResult, InitialDirContext initialDirContext) {
        if (searchResult != null) {
            try {
                commonCloseSearchResult(searchResult);
            } catch (NamingException e) {
                LOGGER.debug("Error when closing result block context", e);
            }
        }
        if (namingEnumeration != null) {
            try {
                namingEnumeration.close();
            } catch (NamingException e2) {
                LOGGER.debug("Error when closing searchResults context", e2);
            }
        }
        if (initialDirContext != null) {
            try {
                initialDirContext.close();
            } catch (NamingException e3) {
                LOGGER.debug("Error when closing ldap context", e3);
            }
        }
    }

    protected Pair<String[], Set<QName>> initKeys(Map<String, String> map, String... strArr) {
        TreeSet treeSet = new TreeSet();
        HashSet hashSet = new HashSet(map.size() * 2);
        treeSet.addAll(Arrays.asList(strArr));
        treeSet.add(this.modifyTimestampAttributeName);
        map.forEach((str, str2) -> {
            if (str2 != null) {
                treeSet.add(str2);
            }
            hashSet.add(QName.resolveToQName(this.namespaceService, str));
        });
        LOGGER.debug("Derived attribute names {} and property qnames {} from configured mappings {} and extra attributes {}", new Object[]{treeSet, hashSet, map, Arrays.toString(strArr)});
        return new Pair<>(treeSet.toArray(new String[0]), hashSet);
    }

    protected LdapName resolveDistinguishedNamePrefix(String str) {
        String lowerCase = str.toLowerCase(Locale.ENGLISH);
        try {
            return fixedLdapName(lowerCase);
        } catch (InvalidNameException e) {
            throw new AlfrescoRuntimeException("synchronization.err.ldap.search.base.invalid", new Object[]{lowerCase, e.getLocalizedMessage()}, e);
        }
    }

    protected static Name jndiName(String str) throws InvalidNameException {
        CompositeName compositeName = new CompositeName();
        compositeName.add(str);
        return compositeName;
    }

    protected static LdapName fixedLdapName(String str) throws InvalidNameException {
        if (str.indexOf(92) == -1) {
            return new LdapName(str);
        }
        StringBuilder sb = new StringBuilder(str.length());
        int length = str.length();
        int i = 0;
        while (i < length) {
            char charAt = str.charAt(i);
            if (charAt == '\\') {
                if (i + 2 < length) {
                    char charAt2 = str.charAt(i + 1);
                    if (Character.isLetterOrDigit(charAt2)) {
                        char charAt3 = str.charAt(i + 2);
                        if (Character.isLetterOrDigit(charAt3)) {
                            if (charAt2 == '2' && charAt3 == '0') {
                                sb.append("\\ ");
                            } else if (charAt2 == '0' && charAt3 == 'D') {
                                sb.append("\\\r");
                            } else {
                                sb.append((CharSequence) str, i, i + 3);
                            }
                            i += 2;
                        }
                    }
                }
                if (i + 1 < length) {
                    sb.append((CharSequence) str, i, i + 2);
                    i++;
                } else {
                    sb.append(charAt);
                }
            } else {
                sb.append(charAt);
            }
            i++;
        }
        return new LdapName(sb.toString());
    }

    protected void processQuery(SearchCallback searchCallback, String str, String str2, String[] strArr) {
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes(strArr);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Processing query {}\nSearch base: {}\n\rReturn result limit: {}\n\tDereflink: {}\n\rReturn named object: {}\n\tTime limit for search: {}\n\tAttributes to return: {} items\n\tAttributes: {}", new Object[]{str2, str, Long.valueOf(searchControls.getCountLimit()), Boolean.valueOf(searchControls.getDerefLinkFlag()), Boolean.valueOf(searchControls.getReturningObjFlag()), Integer.valueOf(searchControls.getTimeLimit()), String.valueOf(strArr.length), Arrays.toString(strArr)});
        }
        InitialDirContext initialDirContext = null;
        NamingEnumeration<SearchResult> namingEnumeration = null;
        SearchResult searchResult = null;
        try {
            try {
                initialDirContext = this.ldapInitialContextFactory.getDefaultIntialDirContext(this.queryBatchSize);
                do {
                    namingEnumeration = initialDirContext.search(str, str2, searchControls);
                    while (namingEnumeration.hasMore()) {
                        SearchResult searchResult2 = (SearchResult) namingEnumeration.next();
                        searchCallback.process(searchResult2);
                        commonCloseSearchResult(searchResult2);
                        searchResult = null;
                    }
                } while (this.ldapInitialContextFactory.hasNextPage(initialDirContext, this.queryBatchSize));
                commonAfterQueryCleanup(namingEnumeration, searchResult, initialDirContext);
            } catch (ParseException e) {
                throw new AlfrescoRuntimeException("synchronization.err.ldap.search", new Object[]{e.getLocalizedMessage()}, e);
            } catch (NamingException e2) {
                throw new AlfrescoRuntimeException("synchronization.err.ldap.search", new Object[]{e2.getLocalizedMessage()}, e2);
            }
        } catch (Throwable th) {
            commonAfterQueryCleanup(namingEnumeration, searchResult, initialDirContext);
            throw th;
        }
    }

    protected boolean hasAttributeValue(Attribute attribute, String str) throws NamingException {
        if (attribute == null) {
            return false;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            Object mapAttributeValue = mapAttributeValue(attribute.getID(), all.next());
            if ((mapAttributeValue instanceof String) && str.equalsIgnoreCase((String) mapAttributeValue)) {
                return true;
            }
        }
        return false;
    }

    protected Attribute getRangeRestrictedAttribute(Attributes attributes, String str) throws NamingException {
        Attribute attribute = attributes.get(str);
        if (attribute != null) {
            return attribute;
        }
        NamingEnumeration all = attributes.getAll();
        String str2 = str.toLowerCase(Locale.ENGLISH) + ';';
        while (all.hasMore()) {
            Attribute attribute2 = (Attribute) all.next();
            if (attribute2.getID().toLowerCase(Locale.ENGLISH).startsWith(str2)) {
                return attribute2;
            }
        }
        return null;
    }

    protected Supplier<InitialDirContext> buildContextSupplier() {
        return () -> {
            return this.ldapInitialContextFactory.getDefaultIntialDirContext(this.queryBatchSize);
        };
    }

    protected Function<InitialDirContext, Boolean> buildNextPageChecker() {
        return initialDirContext -> {
            return Boolean.valueOf(this.ldapInitialContextFactory.hasNextPage(initialDirContext, this.queryBatchSize));
        };
    }

    protected Function<InitialDirContext, NamingEnumeration<SearchResult>> buildUserSearcher(String str) {
        LOGGER.debug("Building user searcher for query {}", str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) this.userKeys.getFirst());
        searchControls.setCountLimit(this.queryBatchSize > 0 ? this.queryBatchSize : 0L);
        return initialDirContext -> {
            try {
                return initialDirContext.search(this.userSearchBase, str, searchControls);
            } catch (NamingException e) {
                throw new AlfrescoRuntimeException("Failed to import people.", e);
            }
        };
    }

    protected NodeMapper buildUserMapper() {
        return searchResult -> {
            return mapToNode(searchResult, this.userIdAttributeName, this.personAttributeMapping, this.personAttributeDefaults);
        };
    }

    protected Function<InitialDirContext, NamingEnumeration<SearchResult>> buildGroupSearcher(String str) {
        LOGGER.debug("Building group searcher for query {}", str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        searchControls.setReturningAttributes((String[]) this.groupKeys.getFirst());
        searchControls.setCountLimit(this.queryBatchSize > 0 ? this.queryBatchSize : 0L);
        return initialDirContext -> {
            try {
                return initialDirContext.search(this.groupSearchBase, str, searchControls);
            } catch (NamingException e) {
                throw new AlfrescoRuntimeException("Failed to import groups.", e);
            }
        };
    }

    protected NodeMapper buildGroupMapper(boolean z, LdapName ldapName, LdapName ldapName2) {
        return searchResult -> {
            UidNodeDescription mapToNode = mapToNode(searchResult, this.groupIdAttributeName, this.groupAttributeMapping, this.groupAttributeDefaults);
            String str = AuthorityType.GROUP.getPrefixString() + mapToNode.getId();
            mapToNode.getProperties().put(ContentModel.PROP_AUTHORITY_NAME, str);
            mapToNode.getChildAssociations().addAll(lookupGroupChildren(searchResult, str, z, ldapName, ldapName2));
            return mapToNode;
        };
    }

    protected Collection<String> lookupGroupChildren(SearchResult searchResult, String str, boolean z, LdapName ldapName, LdapName ldapName2) throws NamingException {
        Attribute attribute;
        Attribute attribute2;
        InitialDirContext defaultIntialDirContext = this.ldapInitialContextFactory.getDefaultIntialDirContext();
        try {
            LOGGER.debug("Processing group: {}, from source: {}", str, searchResult.getNameInNamespace());
            HashSet hashSet = new HashSet();
            Attribute rangeRestrictedAttribute = getRangeRestrictedAttribute(searchResult.getAttributes(), this.memberAttributeName);
            int i = this.attributeBatchSize;
            while (rangeRestrictedAttribute != null) {
                for (int i2 = 0; i2 < rangeRestrictedAttribute.size(); i2++) {
                    String str2 = (String) rangeRestrictedAttribute.get(i2);
                    if (str2 != null && str2.length() > 0) {
                        try {
                            LdapName fixedLdapName = fixedLdapName(str2.toLowerCase(Locale.ENGLISH));
                            if (z) {
                                LdapName fixedLdapName2 = fixedLdapName(str2);
                                Attributes attributes = fixedLdapName2.getRdn(fixedLdapName2.size() - 1).toAttributes();
                                if (fixedLdapName.startsWith(ldapName2) && (attribute2 = attributes.get(this.userIdAttributeName)) != null) {
                                    String str3 = (String) mapAttribute(attribute2, String.class).iterator().next();
                                    LOGGER.debug("User DN recognized: {}", str3);
                                    hashSet.add(str3);
                                } else if (fixedLdapName.startsWith(ldapName) && (attribute = attributes.get(this.groupIdAttributeName)) != null) {
                                    String str4 = (String) mapAttribute(attribute, String.class).iterator().next();
                                    LOGGER.debug("Group DN recognized: {}{}", AuthorityType.GROUP.getPrefixString(), str4);
                                    hashSet.add(AuthorityType.GROUP.getPrefixString() + str4);
                                }
                            }
                            if (fixedLdapName.startsWith(ldapName2) || fixedLdapName.startsWith(ldapName)) {
                                try {
                                    Attributes attributes2 = defaultIntialDirContext.getAttributes(jndiName(str2), new String[]{"objectclass", this.groupIdAttributeName, this.userIdAttributeName});
                                    Attribute attribute3 = attributes2.get("objectclass");
                                    if (hasAttributeValue(attribute3, this.personType)) {
                                        Attribute attribute4 = attributes2.get(this.userIdAttributeName);
                                        if (attribute4 != null) {
                                            String str5 = (String) mapAttribute(attribute4, String.class).iterator().next();
                                            LOGGER.debug("User DN recognized by directory lookup: {}", str5);
                                            hashSet.add(str5);
                                        } else {
                                            if (this.errorOnMissingUID) {
                                                throw new AlfrescoRuntimeException("User missing user id attribute DN =" + str2 + "  att = " + this.userIdAttributeName);
                                            }
                                            LOGGER.warn("User missing user id attribute DN =" + str2 + "  att = " + this.userIdAttributeName);
                                        }
                                    } else if (hasAttributeValue(attribute3, this.groupType)) {
                                        Attribute attribute5 = attributes2.get(this.groupIdAttributeName);
                                        if (attribute5 != null) {
                                            String str6 = (String) mapAttribute(attribute5, String.class).iterator().next();
                                            LOGGER.debug("Group DN recognized by directory lookup: {}{}", AuthorityType.GROUP.getPrefixString(), str6);
                                            hashSet.add(AuthorityType.GROUP.getPrefixString() + str6);
                                        } else {
                                            if (this.errorOnMissingGID) {
                                                throw new AlfrescoRuntimeException("synchronization.err.ldap.get.group.id.missing", new Object[]{searchResult.getNameInNamespace(), this.groupIdAttributeName});
                                            }
                                            LOGGER.warn("Missing GID on {}", attributes2);
                                        }
                                    }
                                } catch (NamingException e) {
                                    if (this.errorOnMissingMembers) {
                                        throw new AlfrescoRuntimeException("synchronization.err.ldap.group.member.missing.exception", new Object[]{str, str2, e.getLocalizedMessage()}, e);
                                    }
                                    LOGGER.warn("Failed to resolve member of group '{}, ' with distinguished name: {}", new Object[]{str, str2, e});
                                }
                            }
                            if (this.errorOnMissingMembers) {
                                throw new AlfrescoRuntimeException("synchronization.err.ldap.group.member.missing", new Object[]{str, str2});
                            }
                            LOGGER.warn("Failed to resolve member of group '{}' with distinguished name: {}", str, str2);
                        } catch (InvalidNameException e2) {
                            LOGGER.debug("Member DN recognized as posixGroup: {}", str2);
                            hashSet.add(str2);
                        }
                    }
                }
                if (i <= 0 || PATTERN_RANGE_END.matcher(rangeRestrictedAttribute.getID().toLowerCase(Locale.ENGLISH)).find()) {
                    rangeRestrictedAttribute = null;
                } else {
                    rangeRestrictedAttribute = getRangeRestrictedAttribute(defaultIntialDirContext.getAttributes(jndiName(searchResult.getNameInNamespace()), new String[]{this.memberAttributeName + ";range=" + i + '-' + ((i + this.attributeBatchSize) - 1)}), this.memberAttributeName);
                    i += this.attributeBatchSize;
                }
            }
            return hashSet;
        } finally {
            commonAfterQueryCleanup(null, null, defaultIntialDirContext);
        }
    }

    protected UidNodeDescription mapToNode(SearchResult searchResult, String str, Map<String, String> map, Map<String, String> map2) throws NamingException {
        Attributes attributes = searchResult.getAttributes();
        String str2 = (String) mapAttribute(attributes.get(str), String.class).iterator().next();
        UidNodeDescription uidNodeDescription = new UidNodeDescription(searchResult.getNameInNamespace(), str2);
        Attribute attribute = attributes.get(this.modifyTimestampAttributeName);
        if (attribute != null) {
            try {
                uidNodeDescription.setLastModified(this.timestampFormat.parse(attribute.get().toString()));
                LOGGER.debug("Setting last modified of node {} to {}", str2, uidNodeDescription.getLastModified());
            } catch (ParseException e) {
                throw new AlfrescoRuntimeException("Failed to parse timestamp.", e);
            }
        }
        PropertyMap properties = uidNodeDescription.getProperties();
        for (String str3 : map.keySet()) {
            QName createQName = QName.createQName(str3, this.namespaceService);
            String str4 = map.get(str3);
            if (str4 != null) {
                Attribute attribute2 = attributes.get(str4);
                String str5 = map2.get(str3);
                if (attribute2 != null) {
                    Collection<Object> mapAttribute = mapAttribute(attribute2);
                    if (mapAttribute.size() == 1) {
                        Object next = mapAttribute.iterator().next();
                        if (next instanceof Serializable) {
                            properties.put(createQName, (Serializable) next);
                        } else {
                            properties.put(createQName, DefaultTypeConverter.INSTANCE.convert(String.class, next));
                        }
                    } else if (!mapAttribute.isEmpty()) {
                        ArrayList arrayList = new ArrayList();
                        mapAttribute.forEach(obj -> {
                            if (obj instanceof Serializable) {
                                arrayList.add((Serializable) obj);
                            } else {
                                arrayList.add(DefaultTypeConverter.INSTANCE.convert(String.class, obj));
                            }
                        });
                        properties.put(createQName, arrayList);
                    } else if (str5 != null) {
                        properties.put(createQName, str5);
                    } else {
                        properties.put(createQName, (Object) null);
                    }
                } else if (str5 != null) {
                    LOGGER.debug("Node {} does not provide attriute {} - using default value", str2, str4);
                    properties.put(createQName, str5);
                } else {
                    LOGGER.debug("Node {} does not provide attriute {} - setting to null", str2, str4);
                    properties.put(createQName, (Object) null);
                }
            } else {
                LOGGER.debug("No attribute name has been configured for property {}", createQName);
                String str6 = map2.get(str3);
                if (str6 != null) {
                    LOGGER.debug("Using default value for {} on node {}", createQName, str2);
                    properties.put(createQName, str6);
                }
            }
        }
        return uidNodeDescription;
    }

    protected <T> Collection<T> mapAttribute(Attribute attribute, Class<T> cls) throws NamingException {
        AbstractCollection arrayList = attribute.isOrdered() ? new ArrayList() : new HashSet();
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            arrayList.add(DefaultTypeConverter.INSTANCE.convert(cls, mapAttributeValue(attribute.getID(), all.next())));
        }
        LOGGER.debug("Mapped value of {} to {}", attribute, arrayList);
        return arrayList;
    }

    protected Collection<Object> mapAttribute(Attribute attribute) throws NamingException {
        AbstractCollection arrayList = attribute.isOrdered() ? new ArrayList() : new HashSet();
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            arrayList.add(mapAttributeValue(attribute.getID(), all.next()));
        }
        LOGGER.debug("Mapped value of {} to {}", attribute, arrayList);
        return arrayList;
    }

    protected Object mapAttributeValue(String str, Object obj) {
        Object obj2;
        AttributeValueMapper attributeValueMapper = this.attributeValueMappers != null ? this.attributeValueMappers.get(str) : null;
        if (attributeValueMapper != null) {
            LOGGER.trace("Using {} to map value {} of attribute {}", new Object[]{attributeValueMapper, obj, str});
            obj2 = attributeValueMapper.mapAttributeValue(str, obj);
        } else {
            obj2 = obj;
        }
        return obj2;
    }
}
