package com.atlassian.crowd.directory;

import com.atlassian.crowd.directory.ldap.LDAPPropertiesMapper;
import com.atlassian.crowd.directory.ldap.LDAPPropertiesMapperImpl;
import com.atlassian.crowd.directory.ldap.control.DeletedResultsControl;
import com.atlassian.crowd.directory.ldap.credential.ActiveDirectoryCredentialEncoder;
import com.atlassian.crowd.directory.ldap.credential.EnforceUnencryptedCredentialEncoder;
import com.atlassian.crowd.directory.ldap.credential.LDAPCredentialEncoder;
import com.atlassian.crowd.directory.ldap.mapper.ContextMapperWithRequiredAttributes;
import com.atlassian.crowd.directory.ldap.mapper.TombstoneContextMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.ActiveDirectoryUserContextMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.AttributeMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.ObjectGUIDMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.ObjectSIDMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.PrimaryGroupIdMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.SIDUtils;
import com.atlassian.crowd.directory.ldap.mapper.attribute.USNChangedMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.UserAccountControlMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.UserAccountControlUtil;
import com.atlassian.crowd.directory.ldap.mapper.attribute.group.RFC4519MemberDnRangeOffsetMapper;
import com.atlassian.crowd.directory.ldap.mapper.attribute.group.RFC4519MemberDnRangedMapper;
import com.atlassian.crowd.directory.ldap.name.GenericConverter;
import com.atlassian.crowd.directory.ldap.util.IncrementalAttributeMapper;
import com.atlassian.crowd.directory.ldap.util.ListAttributeValueProcessor;
import com.atlassian.crowd.directory.ldap.util.RangeOption;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.MembershipAlreadyExistsException;
import com.atlassian.crowd.exception.MembershipNotFoundException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.Tombstone;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.group.GroupTemplateWithAttributes;
import com.atlassian.crowd.model.group.GroupType;
import com.atlassian.crowd.model.group.LDAPGroupWithAttributes;
import com.atlassian.crowd.model.user.LDAPUserWithAttributes;
import com.atlassian.crowd.model.user.User;
import com.atlassian.crowd.search.Entity;
import com.atlassian.crowd.search.EntityDescriptor;
import com.atlassian.crowd.search.builder.QueryBuilder;
import com.atlassian.crowd.search.builder.Restriction;
import com.atlassian.crowd.search.ldap.ActiveDirectoryQueryTranslaterImpl;
import com.atlassian.crowd.search.query.entity.restriction.PropertyImpl;
import com.atlassian.crowd.search.query.membership.MembershipQuery;
import com.atlassian.crowd.search.util.SearchResultsUtil;
import com.atlassian.crowd.util.InstanceFactory;
import com.atlassian.crowd.util.PasswordHelper;
import com.atlassian.event.api.EventPublisher;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.naming.Name;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.LdapName;
import org.apache.commons.lang3.Validate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.ldap.NamingException;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.GreaterThanOrEqualsFilter;
import org.springframework.ldap.filter.HardcodedFilter;

/* loaded from: input_file:com/atlassian/crowd/directory/MicrosoftActiveDirectory.class */
public class MicrosoftActiveDirectory extends RFC4519Directory {
    public static final int UF_ACCOUNTDISABLE = 2;
    private static final int UF_PASSWD_NOTREQD = 32;
    private static final int UF_NORMAL_ACCOUNT = 512;
    private static final int UF_PASSWORD_EXPIRED = 8388608;
    private static final String AD_USER_ACCOUNT_CONTROL = "userAccountControl";
    private static final String AD_SAM_ACCOUNT_NAME = "samAccountName";
    private static final String AD_HIGHEST_COMMITTED_USN = "highestCommittedUSN";
    private static final String AD_IS_DELETED = "isDeleted";
    private static final String AD_OBJECT_CLASS = "objectClass";
    private static final String DELETED_OBJECTS_DN_ADDITION = "CN=Deleted Objects";
    private static final String ROOT_DOMAIN_NAMING_CONTEXT = "rootDomainNamingContext";
    private static final String GROUP_TYPE_NAME = "groupType";
    private static final String GROUP_TYPE_VALUE = "2";
    private final LDAPCredentialEncoder credentialEncoder;
    private static final Logger logger = LoggerFactory.getLogger(MicrosoftActiveDirectory.class);
    public static final PropertyImpl<String> OBJECT_SID = new PropertyImpl<>(ObjectSIDMapper.ATTRIBUTE_KEY, String.class);

    public MicrosoftActiveDirectory(ActiveDirectoryQueryTranslaterImpl activeDirectoryQueryTranslaterImpl, EventPublisher eventPublisher, InstanceFactory instanceFactory, PasswordHelper passwordHelper) {
        super(activeDirectoryQueryTranslaterImpl, eventPublisher, instanceFactory);
        this.credentialEncoder = new ActiveDirectoryCredentialEncoder(new EnforceUnencryptedCredentialEncoder(passwordHelper));
    }

    public static String getStaticDirectoryType() {
        return "Microsoft Active Directory";
    }

    public String getDescriptiveName() {
        return getStaticDirectoryType();
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public void removeGroup(String str) throws GroupNotFoundException, OperationFailedException {
        Validate.notEmpty(str, "name argument cannot be null or empty", new Object[0]);
        LDAPGroupWithAttributes findGroupByName = m10findGroupByName(str);
        if (isPrimaryGroupSupportEnabled()) {
            Iterable<LdapName> findUserMembersNamesOfGroupViaPrimaryGroupId = findUserMembersNamesOfGroupViaPrimaryGroupId(SIDUtils.getLastRidFromSid(findGroupByName.getValue(ObjectSIDMapper.ATTRIBUTE_KEY)), 0, 1);
            if (!Iterables.isEmpty(findUserMembersNamesOfGroupViaPrimaryGroupId)) {
                throw new OperationFailedException("Cannot remove group '" + findGroupByName.getName() + "' because it is the primary group of some user(s), including '" + ((LdapName) Iterables.get(findUserMembersNamesOfGroupViaPrimaryGroupId, 0)).toString() + "'");
            }
        }
        try {
            this.ldapTemplate.unbind(asLdapGroupName(findGroupByName.getDn(), str));
        } catch (NamingException e) {
            throw new OperationFailedException(e);
        }
    }

    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public boolean isUserDirectGroupMember(String str, String str2) throws OperationFailedException {
        Validate.notEmpty(str, "username argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName argument cannot be null or empty", new Object[0]);
        try {
            LDAPGroupWithAttributes findGroupByName = m10findGroupByName(str2);
            LDAPUserWithAttributes findUserByName = m12findUserByName(str);
            if (!isDnDirectGroupMember(findUserByName.getDn(), findGroupByName)) {
                if (!isUserMemberOfPrimaryGroup(findUserByName, findGroupByName)) {
                    return false;
                }
            }
            return true;
        } catch (GroupNotFoundException e) {
            return false;
        } catch (UserNotFoundException e2) {
            return false;
        }
    }

    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public void addUserToGroup(String str, String str2) throws GroupNotFoundException, OperationFailedException, UserNotFoundException, MembershipAlreadyExistsException {
        Validate.notEmpty(str, "username argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName argument cannot be null or empty", new Object[0]);
        LDAPGroupWithAttributes findGroupByName = m10findGroupByName(str2);
        LDAPUserWithAttributes findUserByName = m12findUserByName(str);
        if (isDnDirectGroupMember(findUserByName.getDn(), findGroupByName) || isUserMemberOfPrimaryGroup(findUserByName, findGroupByName)) {
            throw new MembershipAlreadyExistsException(getDirectoryId(), str, str2);
        }
        addDnToGroup(findUserByName.getDn(), findGroupByName);
    }

    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public void removeUserFromGroup(String str, String str2) throws UserNotFoundException, GroupNotFoundException, MembershipNotFoundException, OperationFailedException {
        Validate.notEmpty(str, "username argument cannot be null or empty", new Object[0]);
        Validate.notEmpty(str2, "groupName argument cannot be null or empty", new Object[0]);
        LDAPGroupWithAttributes findGroupByName = m10findGroupByName(str2);
        LDAPUserWithAttributes findUserByName = m12findUserByName(str);
        if (isDnDirectGroupMember(findUserByName.getDn(), findGroupByName)) {
            removeDnFromGroup(findUserByName.getDn(), findGroupByName);
        } else {
            if (!isUserMemberOfPrimaryGroup(findUserByName, findGroupByName)) {
                throw new MembershipNotFoundException(str, str2);
            }
            throw new OperationFailedException("Cannot remove user '" + findUserByName.getName() + "' from group '" + findGroupByName.getName() + "' because it is the primary group of the user");
        }
    }

    private String findGroupNameBySID(String str) throws GroupNotFoundException, OperationFailedException {
        Validate.notNull(str, "SID argument cannot be null", new Object[0]);
        try {
            return ((NamedLdapEntity) Iterables.getOnlyElement(searchGroupObjects(QueryBuilder.queryFor(String.class, EntityDescriptor.group()).with(Restriction.on(OBJECT_SID).exactlyMatching(str)).returningAtMost(1), NamedLdapEntity.mapperFromAttribute(this.ldapPropertiesMapper.getGroupNameAttribute())))).getName();
        } catch (NoSuchElementException e) {
            throw new GroupNotFoundException("objectId = " + str);
        }
    }

    private LDAPGroupWithAttributes findGroupWithAttributesBySID(String str) throws GroupNotFoundException, OperationFailedException {
        Validate.notNull(str, "SID argument cannot be null", new Object[0]);
        try {
            return (LDAPGroupWithAttributes) Iterables.getOnlyElement(searchGroupObjects(QueryBuilder.queryFor(Group.class, EntityDescriptor.group()).with(Restriction.on(OBJECT_SID).exactlyMatching(str)).returningAtMost(1), getGroupContextMapper(GroupType.GROUP)));
        } catch (NoSuchElementException e) {
            throw new GroupNotFoundException("objectId = " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public List<? extends LDAPGroupWithAttributes> findGroupMemberships(MembershipQuery<? extends LDAPGroupWithAttributes> membershipQuery) throws OperationFailedException {
        List<? extends LDAPGroupWithAttributes> findGroupMemberships = super.findGroupMemberships(membershipQuery);
        if (!isPrimaryGroupSupportEnabled() || membershipQuery.getEntityToMatch().getEntityType() != Entity.USER || isResultPageFull(findGroupMemberships, membershipQuery.getMaxResults())) {
            return findGroupMemberships;
        }
        try {
            return SearchResultsUtil.constrainResults(ImmutableList.builder().addAll(findGroupMemberships).add(findGroupWithAttributesBySID(getPrimaryGroupSIDOfUser(m11findUserWithAttributesByName(membershipQuery.getEntityNameToMatch())))).build(), 0, membershipQuery.getMaxResults());
        } catch (GroupNotFoundException e) {
            logger.debug("Primary group of user '{}' is not under the base DN", membershipQuery.getEntityNameToMatch());
            return findGroupMemberships;
        } catch (UserNotFoundException e2) {
            return findGroupMemberships;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public Iterable<String> findGroupMembershipNames(MembershipQuery<String> membershipQuery) throws OperationFailedException {
        ImmutableList copyOf = ImmutableList.copyOf(super.findGroupMembershipNames(membershipQuery));
        if (!isPrimaryGroupSupportEnabled() || membershipQuery.getEntityToMatch().getEntityType() != Entity.USER || isResultPageFull(copyOf, membershipQuery.getMaxResults())) {
            return copyOf;
        }
        try {
            return SearchResultsUtil.constrainResults(ImmutableList.builder().addAll(copyOf).add(findGroupNameBySID(getPrimaryGroupSIDOfUser(m11findUserWithAttributesByName(membershipQuery.getEntityNameToMatch())))).build(), 0, membershipQuery.getMaxResults());
        } catch (UserNotFoundException e) {
            return copyOf;
        } catch (GroupNotFoundException e2) {
            logger.debug("Primary group of user '{}' is not under the base DN", membershipQuery.getEntityNameToMatch());
            return copyOf;
        }
    }

    private AndFilter getUserByPrimaryGroupRidFilter(String str) {
        AndFilter andFilter = new AndFilter();
        andFilter.and(new HardcodedFilter(this.ldapPropertiesMapper.getUserFilter()));
        andFilter.and(new EqualsFilter(PrimaryGroupIdMapper.ATTRIBUTE_KEY, str));
        return andFilter;
    }

    private Iterable<LdapName> findUserMembersNamesOfGroupViaPrimaryGroupId(String str, int i, int i2) throws OperationFailedException {
        AndFilter userByPrimaryGroupRidFilter = getUserByPrimaryGroupRidFilter(str);
        ContextMapperWithRequiredAttributes<NamedLdapEntity> mapperFromAttribute = NamedLdapEntity.mapperFromAttribute(this.ldapPropertiesMapper.getUserNameAttribute());
        if (logger.isDebugEnabled()) {
            logger.debug("Executing search at DN: <" + this.searchDN.getUser() + "> with filter: <" + userByPrimaryGroupRidFilter.encode() + ">");
        }
        return NamedLdapEntity.dnsOf(searchEntities(this.searchDN.getUser(), userByPrimaryGroupRidFilter.encode(), mapperFromAttribute, i, i2));
    }

    private Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaPrimaryGroupId(String str, int i, int i2) throws OperationFailedException {
        AndFilter userByPrimaryGroupRidFilter = getUserByPrimaryGroupRidFilter(str);
        if (logger.isDebugEnabled()) {
            logger.debug("Executing search at DN: <" + this.searchDN.getUser() + "> with filter: <" + userByPrimaryGroupRidFilter.encode() + ">");
        }
        return toGenericIterable(searchEntities(this.searchDN.getUser(), userByPrimaryGroupRidFilter.encode(), getUserContextMapper(), i, i2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public List<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberDN(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        return augmentUserMembersOfGroupWithPrimaryGroupMembers(str, super.findUserMembersOfGroupViaMemberDN(str, groupType, i, i2), i, i2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public Iterable<LDAPUserWithAttributes> findUserMembersOfGroupViaMemberOf(String str, GroupType groupType, int i, int i2) throws OperationFailedException {
        return augmentUserMembersOfGroupWithPrimaryGroupMembers(str, ImmutableList.copyOf(super.findUserMembersOfGroupViaMemberOf(str, groupType, i, i2)), i, i2);
    }

    @Override // com.atlassian.crowd.directory.RFC4519Directory
    public Iterable<LdapName> findDirectMembersOfGroup(LdapName ldapName) throws OperationFailedException {
        Iterable<LdapName> findDirectMembersOfGroup = super.findDirectMembersOfGroup(ldapName);
        if (!isPrimaryGroupSupportEnabled()) {
            return findDirectMembersOfGroup;
        }
        return Iterables.concat(findDirectMembersOfGroup, findUserMembersNamesOfGroupViaPrimaryGroupId(SIDUtils.getLastRidFromSid(((LDAPGroupWithAttributes) this.ldapTemplate.lookup(ldapName, getGroupContextMapper(GroupType.GROUP))).getValue(ObjectSIDMapper.ATTRIBUTE_KEY)), 0, -1));
    }

    private List<LDAPUserWithAttributes> augmentUserMembersOfGroupWithPrimaryGroupMembers(String str, List<LDAPUserWithAttributes> list, int i, int i2) throws OperationFailedException {
        if (!isPrimaryGroupSupportEnabled() || isResultPageFull(list, i2)) {
            return ImmutableList.copyOf(list);
        }
        try {
            return SearchResultsUtil.constrainResults(ImmutableList.builder().addAll(list).addAll(findUserMembersOfGroupViaPrimaryGroupId(SIDUtils.getLastRidFromSid(m9findGroupWithAttributesByName(str).getValue(ObjectSIDMapper.ATTRIBUTE_KEY)), i, i2)).build(), 0, i2);
        } catch (GroupNotFoundException e) {
            return ImmutableList.copyOf(list);
        }
    }

    @VisibleForTesting
    static boolean isResultPageFull(List list, int i) {
        return i != -1 && list.size() == i;
    }

    @VisibleForTesting
    boolean isUserMemberOfPrimaryGroup(LDAPUserWithAttributes lDAPUserWithAttributes, LDAPGroupWithAttributes lDAPGroupWithAttributes) {
        if (isPrimaryGroupSupportEnabled()) {
            return getPrimaryGroupSIDOfUser(lDAPUserWithAttributes).equals(lDAPGroupWithAttributes.getValue(ObjectSIDMapper.ATTRIBUTE_KEY));
        }
        return false;
    }

    private String getPrimaryGroupSIDOfUser(LDAPUserWithAttributes lDAPUserWithAttributes) {
        return SIDUtils.substituteLastRidInSid(lDAPUserWithAttributes.getValue(ObjectSIDMapper.ATTRIBUTE_KEY), lDAPUserWithAttributes.getValue(PrimaryGroupIdMapper.ATTRIBUTE_KEY));
    }

    @VisibleForTesting
    boolean isPrimaryGroupSupportEnabled() {
        return getAttributeAsBoolean(LDAPPropertiesMapper.PRIMARY_GROUP_SUPPORT, false);
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected String getInitialGroupMemberDN() {
        return null;
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected LDAPCredentialEncoder getCredentialEncoder() {
        return this.credentialEncoder;
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected void getNewUserDirectorySpecificAttributes(User user, Attributes attributes) {
        attributes.put(AD_SAM_ACCOUNT_NAME, user.getName());
        attributes.put(new BasicAttribute("userAccountControl", user.isActive() ? Integer.toString(8389152) : Integer.toString(8389154)));
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    protected void getNewGroupDirectorySpecificAttributes(Group group, Attributes attributes) {
        attributes.put(GROUP_TYPE_NAME, GROUP_TYPE_VALUE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory, com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomUserAttributeMappers() {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(super.getCustomUserAttributeMappers());
        builder.add(new ObjectGUIDMapper());
        builder.add(new USNChangedMapper());
        builder.add(new ObjectSIDMapper());
        builder.add(new PrimaryGroupIdMapper());
        builder.add(new UserAccountControlMapper());
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.RFC4519Directory, com.atlassian.crowd.directory.SpringLDAPConnector
    public List<AttributeMapper> getCustomGroupAttributeMappers() {
        ImmutableList.Builder builder = ImmutableList.builder();
        builder.addAll(super.getCustomGroupAttributeMappers());
        builder.add(new ObjectGUIDMapper());
        builder.add(new USNChangedMapper());
        builder.add(new ObjectSIDMapper());
        return builder.build();
    }

    @Override // com.atlassian.crowd.directory.RFC4519Directory
    protected List<AttributeMapper> getMemberDnMappers() {
        return Arrays.asList(new RFC4519MemberDnRangedMapper(this.ldapPropertiesMapper.getGroupMemberAttribute(), this.ldapPropertiesMapper.isRelaxedDnStandardisation()), new RFC4519MemberDnRangeOffsetMapper(this.ldapPropertiesMapper.getGroupMemberAttribute()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public List<LDAPGroupWithAttributes> postprocessGroups(List<LDAPGroupWithAttributes> list) throws OperationFailedException {
        ArrayList newArrayList = Lists.newArrayList();
        for (LDAPGroupWithAttributes lDAPGroupWithAttributes : list) {
            if (lDAPGroupWithAttributes.getValue(RFC4519MemberDnRangeOffsetMapper.ATTRIBUTE_KEY) != null) {
                ListAttributeValueProcessor listAttributeValueProcessor = new ListAttributeValueProcessor();
                IncrementalAttributeMapper incrementalAttributeMapper = new IncrementalAttributeMapper(this.ldapPropertiesMapper.getGroupMemberAttribute(), listAttributeValueProcessor, new RangeOption(Integer.valueOf(lDAPGroupWithAttributes.getValue(RFC4519MemberDnRangeOffsetMapper.ATTRIBUTE_KEY)).intValue()));
                LdapName ldapName = getLdapName(lDAPGroupWithAttributes);
                while (incrementalAttributeMapper.hasMore()) {
                    this.ldapTemplate.lookup(ldapName, incrementalAttributeMapper.getAttributesArray(), incrementalAttributeMapper);
                }
                Set<String> values = lDAPGroupWithAttributes.getValues("memberDNs");
                HashSet hashSet = new HashSet(values.size() + listAttributeValueProcessor.getValues().size());
                hashSet.addAll(values);
                Iterator<String> it = listAttributeValueProcessor.getValues().iterator();
                while (it.hasNext()) {
                    hashSet.add(standardiseDN(it.next()));
                }
                GroupTemplateWithAttributes groupTemplateWithAttributes = new GroupTemplateWithAttributes(lDAPGroupWithAttributes);
                groupTemplateWithAttributes.setAttribute("memberDNs", hashSet);
                groupTemplateWithAttributes.removeAttribute(RFC4519MemberDnRangeOffsetMapper.ATTRIBUTE_KEY);
                newArrayList.add(new LDAPGroupWithAttributes(lDAPGroupWithAttributes.getDn(), groupTemplateWithAttributes));
            } else {
                newArrayList.add(lDAPGroupWithAttributes);
            }
        }
        return newArrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public Map<String, String> getBaseEnvironmentProperties() {
        Map<String, String> baseEnvironmentProperties = super.getBaseEnvironmentProperties();
        baseEnvironmentProperties.put(LDAPPropertiesMapperImpl.CONNECTION_BINARY_ATTRIBUTES, Joiner.on(' ').join(ImmutableList.of(ObjectGUIDMapper.ATTRIBUTE_KEY, ObjectSIDMapper.ATTRIBUTE_KEY)));
        return baseEnvironmentProperties;
    }

    public long fetchHighestCommittedUSN() throws OperationFailedException {
        try {
            String stringAttribute = ((DirContextAdapter) this.ldapTemplate.lookup(GenericConverter.emptyLdapName())).getStringAttribute(AD_HIGHEST_COMMITTED_USN);
            if (stringAttribute == null) {
                throw new OperationFailedException("No highestCommittedUSN attribute found for AD root");
            }
            try {
                long parseLong = Long.parseLong(stringAttribute);
                if (logger.isDebugEnabled()) {
                    logger.debug("Fetched highest committed USN of " + parseLong);
                }
                return parseLong;
            } catch (NumberFormatException e) {
                throw new OperationFailedException("Error parsing highestCommittedUSN as a number", e);
            }
        } catch (NamingException e2) {
            throw new OperationFailedException("Error looking up attributes for highestCommittedUSN", e2);
        }
    }

    public List<LDAPUserWithAttributes> findAddedOrUpdatedUsersSince(long j) throws OperationFailedException {
        return findAddedOrUpdatedObjectsSince(j, this.searchDN.getUser(), this.ldapPropertiesMapper.getUserFilter(), getUserContextMapper());
    }

    public List<LDAPGroupWithAttributes> findAddedOrUpdatedGroupsSince(long j) throws OperationFailedException {
        return findAddedOrUpdatedObjectsSince(j, this.searchDN.getGroup(), this.ldapPropertiesMapper.getGroupFilter(), getGroupContextMapper(GroupType.GROUP));
    }

    public List<Tombstone> findUserTombstonesSince(long j) throws OperationFailedException {
        return findTombstonesSince(j, this.searchDN.getUser(), this.ldapPropertiesMapper.getUserObjectClass());
    }

    public List<Tombstone> findGroupTombstonesSince(long j) throws OperationFailedException {
        return findTombstonesSince(j, this.searchDN.getGroup(), this.ldapPropertiesMapper.getGroupObjectClass());
    }

    protected <T> List<T> findAddedOrUpdatedObjectsSince(long j, Name name, String str, ContextMapperWithRequiredAttributes<T> contextMapperWithRequiredAttributes) throws OperationFailedException {
        AndFilter andFilter = new AndFilter();
        andFilter.and(new HardcodedFilter(str));
        andFilter.and(new GreaterThanOrEqualsFilter(USNChangedMapper.ATTRIBUTE_KEY, Long.toString(j + 1)));
        logger.debug("Performing polling search: baseDN = " + name + " - filter = " + andFilter.encode());
        return searchEntities(name, andFilter.encode(), contextMapperWithRequiredAttributes, 0, -1);
    }

    private Name getDeletedObjectsDN() {
        try {
            return new LdapName(new StringBuffer(DELETED_OBJECTS_DN_ADDITION).append(",").append(((DirContextAdapter) this.ldapTemplate.lookup(new LdapName(""))).getStringAttribute(ROOT_DOMAIN_NAMING_CONTEXT)).toString());
        } catch (javax.naming.NamingException e) {
            return this.searchDN.getNamingContext();
        }
    }

    protected List<Tombstone> findTombstonesSince(long j, Name name, String str) throws OperationFailedException {
        TombstoneContextMapper tombstoneContextMapper = new TombstoneContextMapper();
        SearchControls subTreeSearchControls = getSubTreeSearchControls(tombstoneContextMapper);
        AndFilter andFilter = new AndFilter();
        andFilter.and(new EqualsFilter(AD_IS_DELETED, "TRUE"));
        andFilter.and(new EqualsFilter(AD_OBJECT_CLASS, str));
        andFilter.and(new GreaterThanOrEqualsFilter(USNChangedMapper.ATTRIBUTE_KEY, Long.toString(j + 1)));
        Name deletedObjectsDN = getDeletedObjectsDN();
        logger.debug("Performing tombstones search: baseDN = " + deletedObjectsDN + " - filter = " + andFilter.encode());
        return searchEntitiesWithRequestControls(deletedObjectsDN, andFilter.encode(), tombstoneContextMapper, subTreeSearchControls, new DeletedResultsControl(), 0, -1);
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public ContextMapperWithRequiredAttributes<LDAPUserWithAttributes> getUserContextMapper() {
        return new ActiveDirectoryUserContextMapper(getDirectoryId(), this.ldapPropertiesMapper, getCustomUserAttributeMappers());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public List<ModificationItem> getUserModificationItems(User user, LDAPUserWithAttributes lDAPUserWithAttributes) {
        ImmutableList.Builder addAll = ImmutableList.builder().addAll(super.getUserModificationItems(user, lDAPUserWithAttributes));
        String value = lDAPUserWithAttributes.getValue("userAccountControl");
        ModificationItem createModificationItem = createModificationItem("userAccountControl", value, user.isActive() ? UserAccountControlUtil.enabledUser(value) : UserAccountControlUtil.disabledUser(value));
        if (createModificationItem != null) {
            addAll.add(createModificationItem);
        }
        return addAll.build();
    }

    @Override // com.atlassian.crowd.directory.SpringLDAPConnector
    public boolean supportsInactiveAccounts() {
        return true;
    }
}
