package org.apache.ranger.ldapusersync.process;

import com.google.common.collect.HashBasedTable;
import com.google.common.collect.Table;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Set;
import java.util.UUID;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.PagedResultsControl;
import javax.naming.ldap.PagedResultsResponseControl;
import javax.naming.ldap.Rdn;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.ugsyncutil.model.LdapSyncSourceInfo;
import org.apache.ranger.ugsyncutil.model.UgsyncAuditInfo;
import org.apache.ranger.unixusersync.config.UserGroupSyncConfig;
import org.apache.ranger.usergroupsync.UserGroupSink;
import org.apache.ranger.usergroupsync.UserGroupSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/ldapusersync/process/LdapUserGroupBuilder.class */
public class LdapUserGroupBuilder implements UserGroupSource {
    private static final String DATA_TYPE_BYTEARRAY = "byte[]";
    private static final String DATE_FORMAT = "yyyyMMddHHmmss";
    private static final int PAGE_SIZE = 500;
    private static final String MEMBER_OF_ATTR = "memberof=";
    private static final String GROUP_NAME_ATTRIBUTE = "cn=";
    private String deltaSyncUserTimeStamp;
    private String deltaSyncGroupTimeStamp;
    private String ldapUrl;
    private String ldapBindDn;
    private String ldapBindPassword;
    private String ldapAuthenticationMechanism;
    private String ldapReferral;
    private String searchBase;
    private String[] userSearchBase;
    private String userNameAttribute;
    private String userCloudIdAttribute;
    private int userSearchScope;
    private String userObjectClass;
    private String userSearchFilter;
    private Set<String> groupNameSet;
    private String extendedUserSearchFilter;
    private SearchControls userSearchControls;
    private Set<String> userGroupNameAttributeSet;
    private Set<String> otherUserAttributes;
    private String[] groupSearchBase;
    private int groupSearchScope;
    private String groupObjectClass;
    private String groupSearchFilter;
    private String extendedGroupSearchFilter;
    private String extendedAllGroupsSearchFilter;
    private SearchControls groupSearchControls;
    private String groupMemberAttributeName;
    private String groupNameAttribute;
    private String groupCloudIdAttribute;
    private Set<String> otherGroupAttributes;
    private int groupHierarchyLevels;
    private int deleteCycles;
    private String currentSyncSource;
    private LdapContext ldapContext;
    StartTlsResponse tls;
    private Table<String, String, String> groupUserTable;
    UgsyncAuditInfo ugsyncAuditInfo;
    LdapSyncSourceInfo ldapSyncSourceInfo;
    private Map<String, Map<String, String>> sourceUsers;
    private Map<String, Map<String, String>> sourceGroups;
    private Map<String, Set<String>> sourceGroupUsers;
    private static final Logger LOG = LoggerFactory.getLogger(LdapUserGroupBuilder.class);
    private static long deltaSyncUserTime = 0;
    private static long deltaSyncGroupTime = 0;
    private UserGroupSyncConfig config = UserGroupSyncConfig.getInstance();
    private boolean pagedResultsEnabled = true;
    private int pagedResultsSize = PAGE_SIZE;
    private boolean groupSearchFirstEnabled = true;
    private boolean userSearchEnabled = true;
    private boolean groupSearchEnabled = true;

    public static void main(String[] strArr) throws Throwable {
        new LdapUserGroupBuilder().init();
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void init() throws Throwable {
        deltaSyncUserTime = 0L;
        deltaSyncGroupTime = 0L;
        this.deleteCycles = 1;
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
        this.deltaSyncUserTimeStamp = simpleDateFormat.format(new Date(0L));
        this.deltaSyncGroupTimeStamp = simpleDateFormat.format(new Date(0L));
        setConfig();
        this.ugsyncAuditInfo = new UgsyncAuditInfo();
        this.ldapSyncSourceInfo = new LdapSyncSourceInfo();
        this.ldapSyncSourceInfo.setLdapUrl(this.ldapUrl);
        this.ldapSyncSourceInfo.setIncrementalSycn("True");
        this.ldapSyncSourceInfo.setUserSearchEnabled(Boolean.toString(this.userSearchEnabled));
        this.ldapSyncSourceInfo.setGroupSearchEnabled(Boolean.toString(this.groupSearchEnabled));
        this.ldapSyncSourceInfo.setGroupSearchFirstEnabled(Boolean.toString(this.groupSearchFirstEnabled));
        this.ldapSyncSourceInfo.setGroupHierarchyLevel(Integer.toString(this.groupHierarchyLevels));
        this.ugsyncAuditInfo.setSyncSource(this.currentSyncSource);
        this.ugsyncAuditInfo.setLdapSyncSourceInfo(this.ldapSyncSourceInfo);
    }

    private void createLdapContext() throws Throwable {
        Properties properties = new Properties();
        properties.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        properties.put("java.naming.provider.url", this.ldapUrl);
        if (this.ldapUrl.startsWith("ldaps") && this.config.getSSLTrustStorePath() != null && !this.config.getSSLTrustStorePath().trim().isEmpty()) {
            properties.put("java.naming.ldap.factory.socket", "org.apache.ranger.ldapusersync.process.CustomSSLSocketFactory");
        }
        if (StringUtils.isNotEmpty(this.userCloudIdAttribute) && this.config.getUserCloudIdAttributeDataType().equals(DATA_TYPE_BYTEARRAY)) {
            properties.put("java.naming.ldap.attributes.binary", this.userCloudIdAttribute);
        }
        if (StringUtils.isNotEmpty(this.groupCloudIdAttribute) && this.config.getGroupCloudIdAttributeDataType().equals(DATA_TYPE_BYTEARRAY)) {
            properties.put("java.naming.ldap.attributes.binary", this.groupCloudIdAttribute);
        }
        for (String str : this.otherUserAttributes) {
            if (this.config.getOtherUserAttributeDataType(str).equals(DATA_TYPE_BYTEARRAY)) {
                properties.put("java.naming.ldap.attributes.binary", str);
            }
        }
        for (String str2 : this.otherGroupAttributes) {
            if (this.config.getOtherGroupAttributeDataType(str2).equals(DATA_TYPE_BYTEARRAY)) {
                properties.put("java.naming.ldap.attributes.binary", str2);
            }
        }
        this.ldapContext = new InitialLdapContext(properties, (Control[]) null);
        if (!this.ldapUrl.startsWith("ldaps") && this.config.isStartTlsEnabled()) {
            this.tls = this.ldapContext.extendedOperation(new StartTlsRequest());
            if (this.config.getSSLTrustStorePath() == null || this.config.getSSLTrustStorePath().trim().isEmpty()) {
                this.tls.negotiate();
            } else {
                this.tls.negotiate(CustomSSLSocketFactory.getDefault());
            }
            LOG.info("Starting TLS session...");
        }
        this.ldapContext.addToEnvironment("java.naming.security.principal", this.ldapBindDn);
        this.ldapContext.addToEnvironment("java.naming.security.credentials", this.ldapBindPassword);
        this.ldapContext.addToEnvironment("java.naming.security.authentication", this.ldapAuthenticationMechanism);
        this.ldapContext.addToEnvironment("java.naming.referral", this.ldapReferral);
    }

    private void setConfig() throws Throwable {
        LOG.info("LdapUserGroupBuilder initialization started");
        this.currentSyncSource = this.config.getCurrentSyncSource();
        this.groupSearchFirstEnabled = true;
        this.userSearchEnabled = this.config.isUserSearchEnabled();
        this.groupSearchEnabled = this.config.isGroupSearchEnabled();
        this.ldapUrl = this.config.getLdapUrl();
        this.ldapBindDn = this.config.getLdapBindDn();
        this.ldapBindPassword = this.config.getLdapBindPassword();
        this.ldapAuthenticationMechanism = this.config.getLdapAuthenticationMechanism();
        this.ldapReferral = this.config.getContextReferral();
        this.searchBase = this.config.getSearchBase();
        this.userSearchBase = this.config.getUserSearchBase().split(";");
        this.userSearchScope = this.config.getUserSearchScope();
        this.userObjectClass = this.config.getUserObjectClass();
        this.userSearchFilter = this.config.getUserSearchFilter();
        this.userNameAttribute = this.config.getUserNameAttribute();
        this.userCloudIdAttribute = this.config.getUserCloudIdAttribute();
        HashSet hashSet = new HashSet();
        hashSet.add(this.userNameAttribute);
        this.userGroupNameAttributeSet = this.config.getUserGroupNameAttributeSet();
        Iterator<String> it = this.userGroupNameAttributeSet.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        hashSet.add(this.userCloudIdAttribute);
        this.otherUserAttributes = this.config.getOtherUserAttributes();
        Iterator<String> it2 = this.otherUserAttributes.iterator();
        while (it2.hasNext()) {
            hashSet.add(it2.next());
        }
        hashSet.add("uSNChanged");
        hashSet.add("modifytimestamp");
        this.userSearchControls = new SearchControls();
        this.userSearchControls.setSearchScope(this.userSearchScope);
        this.userSearchControls.setReturningAttributes((String[]) hashSet.toArray(new String[hashSet.size()]));
        this.pagedResultsEnabled = this.config.isPagedResultsEnabled();
        this.pagedResultsSize = this.config.getPagedResultsSize();
        this.groupSearchBase = this.config.getGroupSearchBase().split(";");
        this.groupSearchScope = this.config.getGroupSearchScope();
        this.groupObjectClass = this.config.getGroupObjectClass();
        this.groupSearchFilter = this.config.getGroupSearchFilter();
        this.groupMemberAttributeName = this.config.getUserGroupMemberAttributeName();
        this.groupNameAttribute = this.config.getGroupNameAttribute();
        this.groupCloudIdAttribute = this.config.getGroupCloudIdAttribute();
        this.groupHierarchyLevels = this.config.getGroupHierarchyLevels();
        this.extendedGroupSearchFilter = "(&" + this.extendedGroupSearchFilter + "(|(" + this.groupMemberAttributeName + "={0})(" + this.groupMemberAttributeName + "={1})))";
        this.groupSearchControls = new SearchControls();
        this.groupSearchControls.setSearchScope(this.groupSearchScope);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(this.groupNameAttribute);
        hashSet2.add(this.groupCloudIdAttribute);
        hashSet2.add(this.groupMemberAttributeName);
        hashSet2.add("uSNChanged");
        hashSet2.add("modifytimestamp");
        this.otherGroupAttributes = this.config.getOtherGroupAttributes();
        Iterator<String> it3 = this.otherGroupAttributes.iterator();
        while (it3.hasNext()) {
            hashSet2.add(it3.next());
        }
        this.groupSearchControls.setReturningAttributes((String[]) hashSet2.toArray(new String[hashSet2.size()]));
        if (StringUtils.isEmpty(this.userSearchFilter)) {
            this.groupNameSet = this.config.getGroupNameSet();
            String str = "";
            for (String str2 : this.groupNameSet) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("groupName = " + str2);
                }
                if (str2.startsWith(MEMBER_OF_ATTR) || str2.startsWith(GROUP_NAME_ATTRIBUTE)) {
                    String str3 = str2;
                    if (str2.startsWith(MEMBER_OF_ATTR)) {
                        str3 = str2.substring(MEMBER_OF_ATTR.length());
                    }
                    str = str + getDNForMemberOf(getFirstRDN(str3));
                } else {
                    LOG.info("Ignoring unsupported format for " + str2);
                }
            }
            if (StringUtils.isNotEmpty(str)) {
                str = "(|" + str + ")";
            }
            LOG.info("Final computedSearchFilter = " + str);
            this.userSearchFilter = str;
        }
        LOG.info("LdapUserGroupBuilder initialization completed with --  ldapUrl: " + this.ldapUrl + ",  ldapBindDn: " + this.ldapBindDn + ",  ldapBindPassword: ***** ,  ldapAuthenticationMechanism: " + this.ldapAuthenticationMechanism + ",  searchBase: " + this.searchBase + ",  userSearchBase: " + Arrays.toString(this.userSearchBase) + ",  userSearchScope: " + this.userSearchScope + ",  userObjectClass: " + this.userObjectClass + ",  userSearchFilter: " + this.userSearchFilter + ",  extendedUserSearchFilter: " + this.extendedUserSearchFilter + ",  userNameAttribute: " + this.userNameAttribute + ",  userSearchAttributes: " + hashSet + ",  userGroupNameAttributeSet: " + this.userGroupNameAttributeSet + ",  otherUserAttributes: " + this.otherUserAttributes + ",  pagedResultsEnabled: " + this.pagedResultsEnabled + ",  pagedResultsSize: " + this.pagedResultsSize + ",  groupSearchEnabled: " + this.groupSearchEnabled + ",  groupSearchBase: " + Arrays.toString(this.groupSearchBase) + ",  groupSearchScope: " + this.groupSearchScope + ",  groupObjectClass: " + this.groupObjectClass + ",  groupSearchFilter: " + this.groupSearchFilter + ",  extendedGroupSearchFilter: " + this.extendedGroupSearchFilter + ",  extendedAllGroupsSearchFilter: " + this.extendedAllGroupsSearchFilter + ",  groupMemberAttributeName: " + this.groupMemberAttributeName + ",  groupNameAttribute: " + this.groupNameAttribute + ", groupSearchAttributes: " + hashSet2 + ", groupSearchFirstEnabled: " + this.groupSearchFirstEnabled + ", userSearchEnabled: " + this.userSearchEnabled + ",  ldapReferral: " + this.ldapReferral);
    }

    private void closeLdapContext() throws Throwable {
        if (this.tls != null) {
            this.tls.close();
        }
        if (this.ldapContext != null) {
            this.ldapContext.close();
        }
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public boolean isChanged() {
        return true;
    }

    @Override // org.apache.ranger.usergroupsync.UserGroupSource
    public void updateSink(UserGroupSink userGroupSink) throws Throwable {
        LOG.info("LdapUserGroupBuilder updateSink started");
        boolean z = false;
        this.groupUserTable = HashBasedTable.create();
        this.sourceGroups = new HashMap();
        this.sourceUsers = new HashMap();
        this.sourceGroupUsers = new HashMap();
        long j = 0;
        if (this.config.isUserSyncDeletesEnabled() && this.deleteCycles >= this.config.getUserSyncDeletesFrequency()) {
            this.deleteCycles = 1;
            z = true;
            if (LOG.isDebugEnabled()) {
                LOG.debug("Compute deleted users/groups is enabled for this sync cycle");
            }
        }
        if (this.config.isUserSyncDeletesEnabled()) {
            this.deleteCycles++;
        }
        long groups = this.groupSearchEnabled ? getGroups(z) : 0L;
        if (this.userSearchEnabled) {
            LOG.info("Performing user search to retrieve users from AD/LDAP");
            j = getUsers(z);
        }
        if (this.groupHierarchyLevels > 0) {
            LOG.info("Going through group hierarchy for nested group evaluation");
            for (String str : this.sourceGroups.keySet()) {
                goUpGroupHierarchy(this.groupUserTable.column(str).keySet(), this.groupHierarchyLevels - 1, str);
            }
            LOG.info("Completed group hierarchy computation");
        }
        for (String str2 : this.groupUserTable.rowKeySet()) {
            Map row = this.groupUserTable.row(str2);
            HashSet hashSet = new HashSet();
            for (Map.Entry entry : row.entrySet()) {
                if (this.sourceUsers.containsKey(entry.getValue())) {
                    hashSet.add((String) entry.getValue());
                }
            }
            this.sourceGroupUsers.put(str2, hashSet);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Users = " + this.sourceUsers.keySet());
            LOG.debug("Groups = " + this.sourceGroups.keySet());
            LOG.debug("GroupUsers = " + this.sourceGroupUsers.keySet());
        }
        try {
            userGroupSink.addOrUpdateUsersGroups(this.sourceGroups, this.sourceUsers, this.sourceGroupUsers, z);
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
            LOG.info("deltaSyncUserTime = " + deltaSyncUserTime + " and highestdeltaSyncUserTime = " + j);
            if (deltaSyncUserTime < j) {
                deltaSyncUserTime = j + 1;
                this.deltaSyncUserTimeStamp = simpleDateFormat.format(new Date(j + 60));
            }
            LOG.info("deltaSyncGroupTime = " + deltaSyncGroupTime + " and highestdeltaSyncGroupTime = " + groups);
            if (deltaSyncGroupTime < groups) {
                deltaSyncGroupTime = groups + 1;
                this.deltaSyncGroupTimeStamp = simpleDateFormat.format(new Date(groups + 60));
            }
        } catch (Throwable th) {
            LOG.error("Failed to update ranger admin. Will retry in next sync cycle!!", th);
        }
        this.ldapSyncSourceInfo.setUserSearchFilter(this.extendedUserSearchFilter);
        this.ldapSyncSourceInfo.setGroupSearchFilter(this.extendedAllGroupsSearchFilter);
        try {
            userGroupSink.postUserGroupAuditInfo(this.ugsyncAuditInfo);
        } catch (Throwable th2) {
            LOG.error("sink.postUserGroupAuditInfo failed with exception: " + th2.getMessage());
        }
    }

    private long getUsers(boolean z) throws Throwable {
        NamingEnumeration namingEnumeration = null;
        NamingEnumeration namingEnumeration2 = null;
        try {
            createLdapContext();
            if (this.pagedResultsEnabled) {
                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
            }
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
            if (this.groupUserTable.rowKeySet().size() != 0 || !this.config.isDeltaSyncEnabled() || z) {
                deltaSyncUserTime = 0L;
                this.deltaSyncUserTimeStamp = simpleDateFormat.format(new Date(0L));
            }
            this.extendedUserSearchFilter = "(objectclass=" + this.userObjectClass + ")(|(uSNChanged>=" + deltaSyncUserTime + ")(modifyTimestamp>=" + this.deltaSyncUserTimeStamp + "Z))";
            if (this.userSearchFilter == null || this.userSearchFilter.trim().isEmpty()) {
                this.extendedUserSearchFilter = "(&" + this.extendedUserSearchFilter + ")";
            } else {
                String trim = this.userSearchFilter.trim();
                if (!trim.startsWith("(")) {
                    trim = "(" + trim + ")";
                }
                this.extendedUserSearchFilter = "(&" + this.extendedUserSearchFilter + trim + ")";
            }
            LOG.info("extendedUserSearchFilter = " + this.extendedUserSearchFilter);
            long j = deltaSyncUserTime;
            for (int i = 0; i < this.userSearchBase.length; i++) {
                byte[] bArr = null;
                int i2 = 0;
                int i3 = 0;
                do {
                    try {
                        namingEnumeration = this.ldapContext.search(this.userSearchBase[i], this.extendedUserSearchFilter, this.userSearchControls);
                        while (namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.next();
                            if (searchResult == null) {
                                LOG.info("userEntry null, skipping sync for the entry");
                            } else {
                                Attributes attributes = searchResult.getAttributes();
                                if (attributes == null) {
                                    LOG.info("attributes  missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                } else {
                                    Attribute attribute = attributes.get(this.userNameAttribute);
                                    if (attribute == null) {
                                        LOG.info(this.userNameAttribute + " missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                    } else {
                                        String nameInNamespace = searchResult.getNameInNamespace();
                                        String str = (String) attribute.get();
                                        if (str == null || str.trim().isEmpty()) {
                                            LOG.info(this.userNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                        } else {
                                            Attribute attribute2 = attributes.get("uSNChanged");
                                            if (attribute2 != null) {
                                                String str2 = (String) attribute2.get();
                                                long parseLong = Long.parseLong(str2);
                                                LOG.info("uSNChangedVal = " + str2 + "and currentDeltaSyncTime = " + parseLong);
                                                if (parseLong > j) {
                                                    j = parseLong;
                                                }
                                            } else {
                                                Attribute attribute3 = attributes.get("modifytimestamp");
                                                if (attribute3 != null) {
                                                    String str3 = (String) attribute3.get();
                                                    long time = simpleDateFormat.parse(str3).getTime();
                                                    LOG.info("timeStampVal = " + str3 + "and currentDeltaSyncTime = " + time);
                                                    if (time > j) {
                                                        j = time;
                                                        this.deltaSyncUserTimeStamp = str3;
                                                    }
                                                }
                                            }
                                            if (!this.groupSearchEnabled) {
                                                Iterator<String> it = this.userGroupNameAttributeSet.iterator();
                                                while (it.hasNext()) {
                                                    Attribute attribute4 = searchResult.getAttributes().get(it.next());
                                                    if (attribute4 != null) {
                                                        NamingEnumeration all = attribute4.getAll();
                                                        while (all.hasMore()) {
                                                            String str4 = (String) all.next();
                                                            if (LOG.isDebugEnabled()) {
                                                                LOG.debug("Adding " + str4 + " to " + str);
                                                            }
                                                            HashMap hashMap = new HashMap();
                                                            String shortName = getShortName(str4);
                                                            hashMap.put("original_name", shortName);
                                                            hashMap.put("full_name", str4);
                                                            hashMap.put("sync_source", this.currentSyncSource);
                                                            hashMap.put("ldap_url", this.config.getLdapUrl());
                                                            this.sourceGroups.put(str4, hashMap);
                                                            if (LOG.isDebugEnabled()) {
                                                                LOG.debug("As groupsearch is disabled, adding group " + shortName + " from user memberof attribute for user " + str);
                                                            }
                                                            this.groupUserTable.put(str4, nameInNamespace, nameInNamespace);
                                                        }
                                                    }
                                                }
                                            }
                                            HashMap hashMap2 = new HashMap();
                                            hashMap2.put("original_name", str);
                                            hashMap2.put("full_name", nameInNamespace);
                                            hashMap2.put("sync_source", this.currentSyncSource);
                                            hashMap2.put("ldap_url", this.config.getLdapUrl());
                                            Attribute attribute5 = attributes.get(this.userCloudIdAttribute);
                                            if (attribute5 != null) {
                                                addToAttrMap(hashMap2, "cloud_id", attribute5, this.config.getUserCloudIdAttributeDataType());
                                            }
                                            for (String str5 : this.otherUserAttributes) {
                                                if (attributes.get(str5) != null) {
                                                    addToAttrMap(hashMap2, str5, attributes.get(str5), this.config.getOtherUserAttributeDataType(str5));
                                                }
                                            }
                                            this.sourceUsers.put(nameInNamespace, hashMap2);
                                            if (this.groupUserTable.containsColumn(nameInNamespace) || this.groupUserTable.containsColumn(str)) {
                                                Map column = this.groupUserTable.column(nameInNamespace);
                                                if (MapUtils.isEmpty(column)) {
                                                    column = this.groupUserTable.column(str);
                                                }
                                                for (Map.Entry entry : column.entrySet()) {
                                                    if (LOG.isDebugEnabled()) {
                                                        LOG.debug("Updating groupUserTable " + ((String) entry.getValue()) + " with: " + str + " for " + ((String) entry.getKey()));
                                                    }
                                                    this.groupUserTable.put((String) entry.getKey(), nameInNamespace, nameInNamespace);
                                                }
                                            }
                                            i2++;
                                            if (i2 <= 2000) {
                                                LOG.info("Updating user count: " + i2 + ", userName: " + str);
                                                if (i2 == 2000) {
                                                    LOG.info("===> 2000 user records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
                                                }
                                            } else if (LOG.isTraceEnabled()) {
                                                LOG.trace("Updating user count: " + i2 + ", userName: " + str);
                                            } else if (i2 % 100 == 0) {
                                                LOG.info("Synced " + i2 + " users till now");
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                        if (responseControls != null) {
                            for (int i4 = 0; i4 < responseControls.length; i4++) {
                                if (responseControls[i4] instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl = responseControls[i4];
                                    int resultSize = pagedResultsResponseControl.getResultSize();
                                    if (resultSize != 0) {
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("END-OF-PAGE total : " + resultSize);
                                        }
                                    } else if (LOG.isDebugEnabled()) {
                                        LOG.debug("END-OF-PAGE total : unknown");
                                    }
                                    bArr = pagedResultsResponseControl.getCookie();
                                }
                            }
                        } else if (LOG.isDebugEnabled()) {
                            LOG.debug("No controls were sent from the server");
                        }
                        if (this.pagedResultsEnabled) {
                            if (LOG.isDebugEnabled()) {
                                i3++;
                                LOG.debug(String.format("Fetched paged results round: %s", Integer.valueOf(i3)));
                            }
                            this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, bArr, true)});
                        }
                    } catch (Exception e) {
                        LOG.error("LdapUserGroupBuilder.getUsers() failed with exception: ", e);
                        LOG.info("LdapUserGroupBuilder.getUsers() user count: " + i2);
                    }
                } while (bArr != null);
                LOG.info("LdapUserGroupBuilder.getUsers() completed with user count: " + i2);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("highestdeltaSyncUserTime = " + j);
            }
            return j;
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            if (0 != 0) {
                namingEnumeration2.close();
            }
            closeLdapContext();
        }
    }

    private long getGroups(boolean z) throws Throwable {
        NamingEnumeration namingEnumeration = null;
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat(DATE_FORMAT);
        long j = deltaSyncGroupTime;
        try {
            createLdapContext();
            if (this.pagedResultsEnabled) {
                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
            }
            this.extendedGroupSearchFilter = "(objectclass=" + this.groupObjectClass + ")";
            if (this.groupSearchFilter != null && !this.groupSearchFilter.trim().isEmpty()) {
                String trim = this.groupSearchFilter.trim();
                if (!trim.startsWith("(")) {
                    trim = "(" + trim + ")";
                }
                this.extendedGroupSearchFilter += trim;
            }
            if (!this.config.isDeltaSyncEnabled() || z) {
                deltaSyncGroupTime = 0L;
                this.deltaSyncGroupTimeStamp = simpleDateFormat.format(new Date(0L));
            }
            this.extendedAllGroupsSearchFilter = "(&" + this.extendedGroupSearchFilter + "(|(uSNChanged>=" + deltaSyncGroupTime + ")(modifyTimestamp>=" + this.deltaSyncGroupTimeStamp + "Z)))";
            LOG.info("extendedAllGroupsSearchFilter = " + this.extendedAllGroupsSearchFilter);
            for (int i = 0; i < this.groupSearchBase.length; i++) {
                byte[] bArr = null;
                int i2 = 0;
                int i3 = 0;
                do {
                    try {
                        namingEnumeration = this.ldapContext.search(this.groupSearchBase[i], this.extendedAllGroupsSearchFilter, this.groupSearchControls);
                        while (namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.next();
                            if (searchResult == null) {
                                LOG.info("groupEntry null, skipping sync for the entry");
                            } else {
                                i2++;
                                Attributes attributes = searchResult.getAttributes();
                                Attribute attribute = attributes.get(this.groupNameAttribute);
                                if (attribute == null) {
                                    LOG.info(this.groupNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                } else {
                                    String nameInNamespace = searchResult.getNameInNamespace();
                                    String str = (String) attribute.get();
                                    HashMap hashMap = new HashMap();
                                    hashMap.put("original_name", str);
                                    hashMap.put("full_name", nameInNamespace);
                                    hashMap.put("sync_source", this.currentSyncSource);
                                    hashMap.put("ldap_url", this.config.getLdapUrl());
                                    Attribute attribute2 = attributes.get(this.groupCloudIdAttribute);
                                    if (attribute2 != null) {
                                        addToAttrMap(hashMap, "cloud_id", attribute2, this.config.getGroupCloudIdAttributeDataType());
                                    }
                                    for (String str2 : this.otherGroupAttributes) {
                                        if (attributes.get(str2) != null) {
                                            addToAttrMap(hashMap, str2, attributes.get(str2), this.config.getOtherGroupAttributeDataType(str2));
                                        }
                                    }
                                    this.sourceGroups.put(nameInNamespace, hashMap);
                                    Attribute attribute3 = attributes.get("uSNChanged");
                                    if (attribute3 != null) {
                                        long parseLong = Long.parseLong((String) attribute3.get());
                                        if (parseLong > j) {
                                            j = parseLong;
                                        }
                                    } else {
                                        Attribute attribute4 = attributes.get("modifytimestamp");
                                        if (attribute4 != null) {
                                            String str3 = (String) attribute4.get();
                                            long time = simpleDateFormat.parse(str3).getTime();
                                            LOG.info("timeStampVal = " + str3 + "and currentDeltaSyncTime = " + time);
                                            if (time > j) {
                                                j = time;
                                                this.deltaSyncGroupTimeStamp = str3;
                                            }
                                        }
                                    }
                                    Attribute attribute5 = attributes.get(this.groupMemberAttributeName);
                                    int i4 = 0;
                                    if (attribute5 == null || attribute5.size() <= 0) {
                                        LOG.info("No members available for " + str);
                                        this.sourceGroupUsers.put(nameInNamespace, new HashSet());
                                    } else {
                                        NamingEnumeration all = attribute5.getAll();
                                        while (all.hasMore()) {
                                            String str4 = (String) all.next();
                                            if (str4 == null || str4.trim().isEmpty()) {
                                                this.sourceGroupUsers.put(nameInNamespace, new HashSet());
                                            } else {
                                                i4++;
                                                if (!this.userSearchEnabled) {
                                                    HashMap hashMap2 = new HashMap();
                                                    String shortName = getShortName(str4);
                                                    hashMap2.put("original_name", shortName);
                                                    hashMap2.put("full_name", str4);
                                                    hashMap2.put("sync_source", this.currentSyncSource);
                                                    hashMap2.put("ldap_url", this.config.getLdapUrl());
                                                    this.sourceUsers.put(str4, hashMap2);
                                                    if (LOG.isDebugEnabled()) {
                                                        LOG.debug("As usersearch is disabled, adding user " + shortName + " from group member attribute for group " + str);
                                                    }
                                                }
                                                this.groupUserTable.put(nameInNamespace, str4, str4);
                                            }
                                        }
                                        LOG.info("No. of members in the group " + str + " = " + i4);
                                    }
                                }
                            }
                        }
                        PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                        if (responseControls != null) {
                            for (int i5 = 0; i5 < responseControls.length; i5++) {
                                if (responseControls[i5] instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl = responseControls[i5];
                                    int resultSize = pagedResultsResponseControl.getResultSize();
                                    if (resultSize != 0) {
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("END-OF-PAGE total : " + resultSize);
                                        }
                                    } else if (LOG.isDebugEnabled()) {
                                        LOG.debug("END-OF-PAGE total : unknown");
                                    }
                                    bArr = pagedResultsResponseControl.getCookie();
                                }
                            }
                        } else if (LOG.isDebugEnabled()) {
                            LOG.debug("No controls were sent from the server");
                        }
                        if (this.pagedResultsEnabled) {
                            if (LOG.isDebugEnabled()) {
                                i3++;
                                LOG.debug(String.format("Fetched paged results round: %s", Integer.valueOf(i3)));
                            }
                            this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, bArr, true)});
                        }
                    } catch (Exception e) {
                        LOG.error("LdapUserGroupBuilder.getGroups() failed with exception: " + e);
                        LOG.info("LdapUserGroupBuilder.getGroups() group count: " + i2);
                    }
                } while (bArr != null);
                LOG.info("LdapUserGroupBuilder.getGroups() completed with group count: " + i2);
            }
            if (this.groupHierarchyLevels > 0) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("deltaSyncGroupTime = " + deltaSyncGroupTime);
                }
                if (deltaSyncGroupTime > 0) {
                    LOG.info("LdapUserGroupBuilder.getGroups(): Going through group hierarchy for nested group evaluation for deltasync");
                    goUpGroupHierarchyLdap(this.sourceGroups.keySet(), this.groupHierarchyLevels - 1);
                }
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("highestdeltaSyncGroupTime = " + j);
            }
            return j;
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            closeLdapContext();
        }
    }

    private void goUpGroupHierarchy(Set<String> set, int i, String str) throws InvalidNameException {
        if (i <= 0 || set.isEmpty()) {
            return;
        }
        LOG.info("nextLevelGroups = " + set + " for group = " + str);
        for (String str2 : set) {
            Set<String> keySet = this.groupUserTable.row(str).keySet();
            LOG.info("members of " + str + " = " + keySet);
            for (String str3 : keySet) {
                if (!this.groupUserTable.containsRow(str3)) {
                    LOG.info("Adding " + str3 + " to " + str2);
                    String str4 = (String) this.groupUserTable.get(str, str3);
                    LOG.info("Short name of " + str3 + " = " + str4);
                    if (str4 != null) {
                        this.groupUserTable.put(str2, str3, str4);
                    }
                }
            }
            goUpGroupHierarchy(this.groupUserTable.column(str2).keySet(), i - 1, str2);
        }
    }

    private void goUpGroupHierarchyLdap(Set<String> set, int i) throws Throwable {
        if (i <= 0 || set.isEmpty()) {
            return;
        }
        HashSet hashSet = new HashSet();
        NamingEnumeration namingEnumeration = null;
        try {
            try {
                createLdapContext();
                if (this.pagedResultsEnabled) {
                    this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
                }
                String str = "(&(objectclass=" + this.groupObjectClass + ")";
                if (this.groupSearchFilter != null && !this.groupSearchFilter.trim().isEmpty()) {
                    String trim = this.groupSearchFilter.trim();
                    if (!trim.startsWith("(")) {
                        trim = "(" + trim + ")";
                    }
                    str = str + trim + "(|";
                }
                StringBuilder sb = new StringBuilder();
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    sb.append("(").append(this.groupMemberAttributeName).append("=").append(it.next()).append(")");
                }
                sb.append("))");
                String str2 = str + ((Object) sb);
                LOG.info("extendedAllGroupsSearchFilter = " + str2);
                for (int i2 = 0; i2 < this.groupSearchBase.length; i2++) {
                    byte[] bArr = null;
                    int i3 = 0;
                    do {
                        try {
                            namingEnumeration = this.ldapContext.search(this.groupSearchBase[i2], str2, this.groupSearchControls);
                            while (namingEnumeration.hasMore()) {
                                SearchResult searchResult = (SearchResult) namingEnumeration.next();
                                if (searchResult == null) {
                                    LOG.info("groupEntry null, skipping sync for the entry");
                                } else {
                                    i3++;
                                    Attribute attribute = searchResult.getAttributes().get(this.groupNameAttribute);
                                    if (attribute == null) {
                                        LOG.info(this.groupNameAttribute + " empty for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                    } else {
                                        String nameInNamespace = searchResult.getNameInNamespace();
                                        hashSet.add(nameInNamespace);
                                        String str3 = (String) attribute.get();
                                        Attribute attribute2 = searchResult.getAttributes().get(this.groupMemberAttributeName);
                                        int i4 = 0;
                                        if (attribute2 == null || attribute2.size() <= 0) {
                                            LOG.info("No members available for " + str3);
                                        } else {
                                            HashMap hashMap = new HashMap();
                                            hashMap.put("original_name", str3);
                                            hashMap.put("full_name", nameInNamespace);
                                            hashMap.put("sync_source", this.currentSyncSource);
                                            hashMap.put("ldap_url", this.config.getLdapUrl());
                                            for (String str4 : this.otherGroupAttributes) {
                                                Attribute attribute3 = searchResult.getAttributes().get(str4);
                                                if (attribute3 != null) {
                                                    hashMap.put(str4, (String) attribute3.get());
                                                }
                                            }
                                            this.sourceGroups.put(nameInNamespace, hashMap);
                                            NamingEnumeration all = attribute2.getAll();
                                            while (all.hasMore()) {
                                                String str5 = (String) all.next();
                                                if (str5 != null && !str5.trim().isEmpty()) {
                                                    i4++;
                                                    if (!this.userSearchEnabled && !this.sourceGroups.containsKey(str5)) {
                                                        HashMap hashMap2 = new HashMap();
                                                        hashMap2.put("original_name", getShortName(str5));
                                                        hashMap2.put("full_name", str5);
                                                        hashMap2.put("sync_source", this.currentSyncSource);
                                                        hashMap2.put("ldap_url", this.config.getLdapUrl());
                                                        this.sourceUsers.put(str5, hashMap2);
                                                    }
                                                    this.groupUserTable.put(nameInNamespace, str5, str5);
                                                }
                                            }
                                            LOG.info("No. of members in the group " + str3 + " = " + i4);
                                        }
                                    }
                                }
                            }
                            PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                            if (responseControls != null) {
                                for (int i5 = 0; i5 < responseControls.length; i5++) {
                                    if (responseControls[i5] instanceof PagedResultsResponseControl) {
                                        PagedResultsResponseControl pagedResultsResponseControl = responseControls[i5];
                                        int resultSize = pagedResultsResponseControl.getResultSize();
                                        if (resultSize != 0) {
                                            if (LOG.isDebugEnabled()) {
                                                LOG.debug("END-OF-PAGE total : " + resultSize);
                                            }
                                        } else if (LOG.isDebugEnabled()) {
                                            LOG.debug("END-OF-PAGE total : unknown");
                                        }
                                        bArr = pagedResultsResponseControl.getCookie();
                                    }
                                }
                            } else if (LOG.isDebugEnabled()) {
                                LOG.debug("No controls were sent from the server");
                            }
                            if (this.pagedResultsEnabled) {
                                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, bArr, true)});
                            }
                        } catch (RuntimeException e) {
                            LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with runtime exception: ", e);
                            throw e;
                        } catch (Exception e2) {
                            LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", e2);
                            LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() group count: " + i3);
                        }
                    } while (bArr != null);
                    LOG.info("LdapUserGroupBuilder.goUpGroupHierarchyLdap() completed with group count: " + i3);
                }
                goUpGroupHierarchyLdap(hashSet, i - 1);
            } catch (RuntimeException e3) {
                LOG.error("LdapUserGroupBuilder.goUpGroupHierarchyLdap() failed with exception: ", e3);
                throw e3;
            }
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            closeLdapContext();
        }
    }

    private void addToAttrMap(Map<String, String> map, String str, Attribute attribute, String str2) throws Throwable {
        if (str2.equals(DATA_TYPE_BYTEARRAY)) {
            try {
                map.put(str, UUID.nameUUIDFromBytes((byte[]) attribute.get()).toString());
                return;
            } catch (ClassCastException e) {
                LOG.error(str + " type is not set properly " + e.getMessage());
                return;
            }
        }
        if (str2.equals("String")) {
            map.put(str, (String) attribute.get());
        } else {
            LOG.warn("Attribute Type " + str2 + " not supported for " + str);
        }
    }

    private static String getShortName(String str) {
        Object obj;
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        String str2 = "";
        try {
            List rdns = new LdapName(str).getRdns();
            for (int size = rdns.size() - 1; size >= 0; size--) {
                if (StringUtils.isNotEmpty(str2)) {
                    break;
                }
                Attributes attributes = ((Rdn) rdns.get(size)).toAttributes();
                try {
                    Attribute attribute = attributes.get("uid");
                    if (attribute != null) {
                        Object obj2 = attribute.get();
                        if (obj2 != null) {
                            str2 = obj2.toString();
                        }
                    } else {
                        Attribute attribute2 = attributes.get("cn");
                        if (attribute2 != null && (obj = attribute2.get()) != null) {
                            str2 = obj.toString();
                        }
                    }
                } catch (NoSuchElementException e) {
                    str2 = str;
                } catch (NamingException e2) {
                    str2 = str;
                }
            }
        } catch (InvalidNameException e3) {
            str2 = str;
        }
        LOG.info("longName: " + str + ", userName: " + str2);
        return str2;
    }

    private String getFirstRDN(String str) {
        Object obj;
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        String str2 = "";
        try {
            List rdns = new LdapName(str).getRdns();
            for (int size = rdns.size() - 1; size >= 0; size--) {
                if (StringUtils.isNotEmpty(str2)) {
                    break;
                }
                try {
                    Attribute attribute = ((Rdn) rdns.get(size)).toAttributes().get("cn");
                    if (attribute != null && (obj = attribute.get()) != null) {
                        str2 = GROUP_NAME_ATTRIBUTE + obj.toString();
                    }
                } catch (NamingException e) {
                    LOG.warn("NamingException while retrieving first RDN for " + str);
                } catch (NoSuchElementException e2) {
                    LOG.warn("NoSuchElementException while retrieving first RDN for " + str);
                }
            }
        } catch (InvalidNameException e3) {
            LOG.warn("InvalidNameException while retrieving first RDN for " + str);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Input group name: " + str + ", first RDN: " + str2);
        }
        return str2;
    }

    private String getDNForMemberOf(String str) throws Throwable {
        NamingEnumeration namingEnumeration = null;
        if (LOG.isDebugEnabled()) {
            LOG.debug("getDNForMemberOf(" + str + ")");
        }
        String str2 = "";
        try {
            createLdapContext();
            if (this.pagedResultsEnabled) {
                this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, false)});
            }
            SearchControls searchControls = new SearchControls();
            searchControls.setSearchScope(this.groupSearchScope);
            HashSet hashSet = new HashSet();
            hashSet.add(this.groupNameAttribute);
            searchControls.setReturningAttributes((String[]) hashSet.toArray(new String[hashSet.size()]));
            for (int i = 0; i < this.groupSearchBase.length; i++) {
                byte[] bArr = null;
                int i2 = 0;
                int i3 = 0;
                do {
                    try {
                        namingEnumeration = this.ldapContext.search(this.groupSearchBase[i], "(&(objectclass=" + this.groupObjectClass + ")(" + str + "))", searchControls);
                        while (namingEnumeration.hasMore()) {
                            SearchResult searchResult = (SearchResult) namingEnumeration.next();
                            if (searchResult == null) {
                                LOG.info("userEntry null, skipping sync for the entry");
                            } else {
                                Attributes attributes = searchResult.getAttributes();
                                if (attributes == null) {
                                    LOG.info("attributes  missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                } else if (attributes.get(this.groupNameAttribute) == null) {
                                    LOG.info(this.groupNameAttribute + " missing for entry " + searchResult.getNameInNamespace() + ", skipping sync");
                                } else {
                                    String nameInNamespace = searchResult.getNameInNamespace();
                                    LOG.info("groupFullName = " + nameInNamespace);
                                    str2 = str2 + "(memberof=" + nameInNamespace + ")";
                                    i2++;
                                    if (i2 <= 2000) {
                                        LOG.info("Updating group count: " + i2 + ", groupName: " + nameInNamespace);
                                        if (i2 == 2000) {
                                            LOG.info("===> 2000 group records have been synchronized so far. From now on, only a summary progress log will be written for every 100 users. To continue to see detailed log for every user, please enable Trace level logging. <===");
                                        }
                                    } else if (LOG.isTraceEnabled()) {
                                        LOG.trace("Updating group count: " + i2 + ", groupName: " + nameInNamespace);
                                    } else if (i2 % 100 == 0) {
                                        LOG.info("Synced " + i2 + " groups till now");
                                    }
                                }
                            }
                        }
                        PagedResultsResponseControl[] responseControls = this.ldapContext.getResponseControls();
                        if (responseControls != null) {
                            for (int i4 = 0; i4 < responseControls.length; i4++) {
                                if (responseControls[i4] instanceof PagedResultsResponseControl) {
                                    PagedResultsResponseControl pagedResultsResponseControl = responseControls[i4];
                                    int resultSize = pagedResultsResponseControl.getResultSize();
                                    if (resultSize != 0) {
                                        if (LOG.isDebugEnabled()) {
                                            LOG.debug("END-OF-PAGE total : " + resultSize);
                                        }
                                    } else if (LOG.isDebugEnabled()) {
                                        LOG.debug("END-OF-PAGE total : unknown");
                                    }
                                    bArr = pagedResultsResponseControl.getCookie();
                                }
                            }
                        } else if (LOG.isDebugEnabled()) {
                            LOG.debug("No controls were sent from the server");
                        }
                        if (this.pagedResultsEnabled) {
                            if (LOG.isDebugEnabled()) {
                                i3++;
                                LOG.debug(String.format("Fetched paged results round: %s", Integer.valueOf(i3)));
                            }
                            this.ldapContext.setRequestControls(new Control[]{new PagedResultsControl(this.pagedResultsSize, bArr, true)});
                        }
                    } catch (Exception e) {
                        LOG.error("LdapUserGroupBuilder.getDNForMemberOf() failed with exception: ", e);
                        LOG.info("LdapUserGroupBuilder.getDNForMemberOf() group count: " + i2);
                    }
                } while (bArr != null);
                LOG.info("LdapUserGroupBuilder.getDNForMemberOf() completed with group count: " + i2);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("computedSearchFilter = " + str2);
            }
            return str2;
        } finally {
            if (namingEnumeration != null) {
                namingEnumeration.close();
            }
            closeLdapContext();
        }
    }
}
