package org.georchestra.ds.users;

import java.time.LocalDate;
import java.time.format.DateTimeFormatter;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.SortedSet;
import java.util.UUID;
import java.util.function.Predicate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.naming.Name;
import javax.naming.directory.Attributes;
import javax.naming.directory.SearchControls;
import javax.naming.ldap.LdapName;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.georchestra.ds.DataServiceException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.NameNotFoundException;
import org.springframework.ldap.core.ContextMapper;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import org.springframework.ldap.filter.Filter;
import org.springframework.ldap.filter.PresentFilter;
import org.springframework.ldap.support.LdapNameBuilder;
import org.springframework.security.authentication.encoding.LdapShaPasswordEncoder;

/* loaded from: input_file:WEB-INF/lib/georchestra-ldap-account-management-23.0.8-SNAPSHOT.jar:org/georchestra/ds/users/AccountDaoImpl.class */
public class AccountDaoImpl implements AccountDao {
    private static final Log LOG = LogFactory.getLog(AccountDaoImpl.class.getName());
    private AccountContextMapper attributMapper;
    private LdapTemplate ldapTemplate;
    private LdapName userSearchBaseDN;
    private LdapName pendingUserSearchBaseDN;
    private String roleSearchBaseDN;
    private String basePath;
    private String orgSearchBaseDN;
    private String pendingOrgSearchBaseDN;
    private final DateTimeFormatter ldapTimestampFmt = DateTimeFormatter.ofPattern("yyyyMMddHHmmssX");

    /* loaded from: input_file:WEB-INF/lib/georchestra-ldap-account-management-23.0.8-SNAPSHOT.jar:org/georchestra/ds/users/AccountDaoImpl$AccountContextMapper.class */
    public static class AccountContextMapper implements ContextMapper<Account> {
        private final Pattern pattern;
        private LdapName pendingUserSearchBaseDN;

        public AccountContextMapper(LdapName ldapName, String str, String str2) {
            this.pendingUserSearchBaseDN = ldapName;
            this.pattern = Pattern.compile(String.format("([^=,]+)=([^=,]+),((%s)|(%s))$", str, str2));
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.ldap.core.ContextMapper
        public Account mapFromContext(Object obj) {
            DirContextAdapter dirContextAdapter = (DirContextAdapter) obj;
            SortedSet<String> attributeSortedStringSet = dirContextAdapter.getAttributeSortedStringSet(UserSchema.SSH_KEY);
            String stringAttribute = dirContextAdapter.getStringAttribute("georchestraObjectIdentifier");
            Account createFull = AccountFactory.createFull(null == stringAttribute ? null : UUID.fromString(stringAttribute), dirContextAdapter.getStringAttribute(UserSchema.UID_KEY), dirContextAdapter.getStringAttribute("cn"), dirContextAdapter.getStringAttribute(UserSchema.SURNAME_KEY), dirContextAdapter.getStringAttribute(UserSchema.GIVEN_NAME_KEY), dirContextAdapter.getStringAttribute(UserSchema.MAIL_KEY), dirContextAdapter.getStringAttribute("title"), dirContextAdapter.getStringAttribute(UserSchema.TELEPHONE_KEY), dirContextAdapter.getStringAttribute("description"), dirContextAdapter.getStringAttribute(UserSchema.POSTAL_ADDRESS_KEY), dirContextAdapter.getStringAttribute(UserSchema.POSTAL_CODE_KEY), dirContextAdapter.getStringAttribute(UserSchema.REGISTERED_ADDRESS_KEY), dirContextAdapter.getStringAttribute(UserSchema.POST_OFFICE_BOX_KEY), dirContextAdapter.getStringAttribute(UserSchema.PHYSICAL_DELIVERY_OFFICE_NAME_KEY), dirContextAdapter.getStringAttribute(UserSchema.STREET_KEY), dirContextAdapter.getStringAttribute(UserSchema.LOCALITY_KEY), dirContextAdapter.getStringAttribute(UserSchema.FACSIMILE_KEY), dirContextAdapter.getStringAttribute(UserSchema.HOME_POSTAL_ADDRESS_KEY), dirContextAdapter.getStringAttribute(UserSchema.MOBILE_KEY), dirContextAdapter.getStringAttribute(UserSchema.ROOM_NUMBER_KEY), dirContextAdapter.getStringAttribute(UserSchema.STATE_OR_PROVINCE_KEY), dirContextAdapter.getStringAttribute(UserSchema.MANAGER_KEY), dirContextAdapter.getStringAttribute(UserSchema.NOTE_KEY), dirContextAdapter.getStringAttribute(UserSchema.CONTEXT_KEY), null, attributeSortedStringSet == null ? new String[0] : (String[]) attributeSortedStringSet.toArray(new String[attributeSortedStringSet.size()]), null);
            String stringAttribute2 = dirContextAdapter.getStringAttribute(UserSchema.SHADOW_EXPIRE_KEY);
            if (stringAttribute2 != null) {
                createFull.setShadowExpire(new Date(Long.valueOf(Long.valueOf(Long.parseLong(stringAttribute2)).longValue() * 1000).longValue()));
            }
            String stringAttribute3 = dirContextAdapter.getStringAttribute(UserSchema.LASTLOGIN_KEY);
            DateTimeFormatter ofPattern = DateTimeFormatter.ofPattern("yyyyMMddHHmmssz");
            if (stringAttribute3 != null) {
                createFull.setLastLogin(LocalDate.from(ofPattern.parse(stringAttribute3)));
            }
            String stringAttribute4 = dirContextAdapter.getStringAttribute(UserSchema.CREATIONDATE_KEY);
            if (stringAttribute4 != null) {
                createFull.setCreationDate(LocalDate.from(ofPattern.parse(stringAttribute4)));
            }
            String stringAttribute5 = dirContextAdapter.getStringAttribute(UserSchema.PRIVACY_POLICY_AGREEMENT_DATE_KEY);
            if (stringAttribute5 != null) {
                createFull.setPrivacyPolicyAgreementDate(LocalDate.ofEpochDay(Long.valueOf(Long.parseLong(stringAttribute5)).longValue()));
            }
            String str = null;
            SortedSet<String> attributeSortedStringSet2 = dirContextAdapter.getAttributeSortedStringSet(UserSchema.MEMBER_OF);
            if (attributeSortedStringSet2 != null) {
                Iterator<String> it = attributeSortedStringSet2.iterator();
                while (it.hasNext()) {
                    Matcher matcher = this.pattern.matcher(it.next());
                    if (matcher.matches()) {
                        if (str != null) {
                            throw new RuntimeException("More than one org per user on " + createFull.getCommonName());
                        }
                        str = matcher.group(2);
                    }
                }
                if (str != null) {
                    createFull.setOrg(str);
                }
            }
            createFull.setPending(dirContextAdapter.getDn().startsWith(this.pendingUserSearchBaseDN));
            tryToSetPasswordTypeAndGuessSaslUser(dirContextAdapter, createFull);
            return createFull;
        }

        private void tryToSetPasswordTypeAndGuessSaslUser(DirContextAdapter dirContextAdapter, Account account) {
            SASLPasswordWrapper sASLPasswordWrapper = new SASLPasswordWrapper(dirContextAdapter);
            account.setPasswordType(sASLPasswordWrapper.getPasswordType());
            account.setSASLUser(sASLPasswordWrapper.getUserName());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/georchestra-ldap-account-management-23.0.8-SNAPSHOT.jar:org/georchestra/ds/users/AccountDaoImpl$AccountSearcher.class */
    public class AccountSearcher {
        private AndFilter filter = new AndFilter().and(new EqualsFilter("objectClass", "inetOrgPerson")).and(new EqualsFilter("objectClass", "organizationalPerson")).and(new EqualsFilter("objectClass", "person")).and(new EqualsFilter("objectClass", "georchestraUser"));

        public List<Account> getActiveOrPendingAccounts() {
            SearchControls createSearchControls = createSearchControls();
            return (List) Stream.concat(AccountDaoImpl.this.ldapTemplate.search((Name) AccountDaoImpl.this.userSearchBaseDN, this.filter.encode(), createSearchControls, (ContextMapper) AccountDaoImpl.this.attributMapper).stream(), AccountDaoImpl.this.ldapTemplate.search((Name) AccountDaoImpl.this.pendingUserSearchBaseDN, this.filter.encode(), createSearchControls, (ContextMapper) AccountDaoImpl.this.attributMapper).stream()).collect(Collectors.toList());
        }

        public AccountSearcher() {
        }

        public AccountSearcher and(Filter filter) {
            this.filter.and(filter);
            return this;
        }

        private SearchControls createSearchControls() {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(UserSchema.ATTR_TO_RETRIEVE);
            searchControls.setSearchScope(2);
            return searchControls;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/georchestra-ldap-account-management-23.0.8-SNAPSHOT.jar:org/georchestra/ds/users/AccountDaoImpl$SASLPasswordWrapper.class */
    public static class SASLPasswordWrapper {
        private PasswordType passwordType;
        private String userName;

        public SASLPasswordWrapper(DirContextOperations dirContextOperations) {
            try {
                String str = new String((byte[]) dirContextOperations.getObjectAttribute(UserSchema.USER_PASSWORD_KEY));
                int lastIndexOf = str.lastIndexOf("}");
                this.passwordType = PasswordType.valueOf(str.substring(1, lastIndexOf).toUpperCase());
                if (this.passwordType == PasswordType.SASL) {
                    this.userName = str.substring(lastIndexOf + 1);
                }
            } catch (IllegalArgumentException | IndexOutOfBoundsException | NullPointerException e) {
                this.passwordType = PasswordType.UNKNOWN;
            }
        }

        public PasswordType getPasswordType() {
            return this.passwordType;
        }

        public String getUserName() {
            return this.userName;
        }
    }

    @Autowired
    public AccountDaoImpl(LdapTemplate ldapTemplate) {
        this.ldapTemplate = ldapTemplate;
    }

    @PostConstruct
    public void init() {
        this.attributMapper = new AccountContextMapper(this.pendingUserSearchBaseDN, this.orgSearchBaseDN + "," + this.basePath, this.pendingOrgSearchBaseDN + "," + this.basePath);
    }

    public void setLdapTemplate(LdapTemplate ldapTemplate) {
        this.ldapTemplate = ldapTemplate;
    }

    public void setUserSearchBaseDN(String str) {
        this.userSearchBaseDN = LdapNameBuilder.newInstance(str).build();
    }

    public void setPendingUserSearchBaseDN(String str) {
        this.pendingUserSearchBaseDN = LdapNameBuilder.newInstance(str).build();
    }

    public void setOrgSearchBaseDN(String str) {
        this.orgSearchBaseDN = str;
    }

    public void setPendingOrgSearchBaseDN(String str) {
        this.pendingOrgSearchBaseDN = str;
    }

    public void setRoleSearchBaseDN(String str) {
        this.roleSearchBaseDN = str;
    }

    public void setBasePath(String str) {
        this.basePath = str;
    }

    @Override // org.georchestra.ds.users.AccountDao
    public synchronized void insert(@NonNull Account account) throws DataServiceException, DuplicatedUidException, DuplicatedEmailException {
        if (account == null) {
            throw new NullPointerException("account is marked non-null but is null");
        }
        checkMandatoryFields(account);
        String lowerCase = account.getUid().toLowerCase();
        try {
            findByUID(lowerCase);
            throw new DuplicatedUidException("there is a user with this user identifier (uid): " + account.getUid());
        } catch (NameNotFoundException e) {
            LOG.debug("User with uid " + lowerCase + " not found, account can be created");
            try {
                findByEmail(account.getEmail().trim());
                throw new DuplicatedEmailException("there is a user with this email: " + account.getEmail());
            } catch (NameNotFoundException e2) {
                LOG.debug("No account with the mail " + account.getEmail() + ", account can be created.");
                try {
                    Name buildUserDn = buildUserDn(account);
                    DirContextAdapter dirContextAdapter = new DirContextAdapter(buildUserDn);
                    mapToContext(account, dirContextAdapter);
                    if (account.getSASLUser() == null) {
                        dirContextAdapter.setAttributeValue(UserSchema.USER_PASSWORD_KEY, account.getPassword());
                    }
                    this.ldapTemplate.bind(buildUserDn, dirContextAdapter, (Attributes) null);
                } catch (NameNotFoundException e3) {
                    throw new DataServiceException(e3);
                }
            }
        }
    }

    @Override // org.georchestra.ds.users.AccountDao
    public synchronized void update(Account account) throws DataServiceException, DuplicatedEmailException {
        checkMandatoryFields(account);
        try {
        } catch (NameNotFoundException e) {
            LOG.debug("Updated account with email " + account.getEmail() + " does not exist, update possible.");
        }
        if (!findByEmail(account.getEmail()).getUid().equals(account.getUid())) {
            throw new DuplicatedEmailException("There is already an existing user with this email: " + account.getEmail());
        }
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext(buildUserDn(account));
        mapToContext(account, lookupContext);
        this.ldapTemplate.modifyAttributes(lookupContext);
    }

    @Override // org.georchestra.ds.users.AccountDao
    public synchronized void update(Account account, Account account2) throws DataServiceException, DuplicatedEmailException, NameNotFoundException {
        if (!Objects.equals(account.getUniqueIdentifier(), account2.getUniqueIdentifier())) {
            account2.setUniqueIdentifier(account.getUniqueIdentifier());
        }
        if (hasUserDnChanged(account, account2)) {
            this.ldapTemplate.rename((Name) buildUserDn(account), (Name) buildUserDn(account2));
        }
        update(account2);
    }

    @Override // org.georchestra.ds.users.AccountDao
    public boolean hasUserDnChanged(Account account, Account account2) {
        return !buildUserDn(account).equals(buildUserDn(account2));
    }

    @Override // org.georchestra.ds.users.AccountDao
    public boolean hasUserLoginChanged(Account account, Account account2) {
        return !account.getUid().equals(account2.getUid());
    }

    @Override // org.georchestra.ds.users.AccountDao
    public synchronized void delete(Account account) throws NameNotFoundException {
        this.ldapTemplate.unbind((Name) buildUserDn(account), true);
    }

    @Override // org.georchestra.ds.users.AccountDao
    public Account findByUID(String str) throws NameNotFoundException {
        if (str == null) {
            throw new NameNotFoundException("Cannot find user with uid : " + str + " in LDAP server");
        }
        try {
            Account account = (Account) this.ldapTemplate.lookup((Name) buildUserDn(str.toLowerCase(), false), UserSchema.ATTR_TO_RETRIEVE, (ContextMapper) this.attributMapper);
            if (account != null) {
                return account;
            }
        } catch (NameNotFoundException e) {
            try {
                Account account2 = (Account) this.ldapTemplate.lookup((Name) buildUserDn(str.toLowerCase(), true), UserSchema.ATTR_TO_RETRIEVE, (ContextMapper) this.attributMapper);
                if (account2 != null) {
                    return account2;
                }
            } catch (Exception e2) {
            }
        }
        throw new NameNotFoundException("Cannot find user with uid : " + str + " in LDAP server");
    }

    @Override // org.georchestra.ds.users.AccountDao
    public Account findById(@NonNull UUID uuid) throws NameNotFoundException, DataServiceException {
        if (uuid == null) {
            throw new NullPointerException("id is marked non-null but is null");
        }
        List<Account> findAll = findAll(account -> {
            return uuid.equals(account.getUniqueIdentifier());
        });
        if (findAll.size() == 1) {
            return findAll.get(0);
        }
        if (findAll.isEmpty()) {
            throw new NameNotFoundException("georchestraObjectIdentifier not found: " + uuid);
        }
        throw new IllegalStateException("Multiple accounts with the same id: " + uuid);
    }

    @Override // org.georchestra.ds.users.AccountDao
    public List<Account> findByShadowExpire() {
        return new AccountSearcher().and(new PresentFilter(UserSchema.SHADOW_EXPIRE_KEY)).and(new EqualsFilter("objectClass", "shadowAccount")).getActiveOrPendingAccounts();
    }

    @Override // org.georchestra.ds.users.AccountDao
    public Account findByEmail(String str) throws DataServiceException, NameNotFoundException {
        List<Account> activeOrPendingAccounts = new AccountSearcher().and(new EqualsFilter(UserSchema.MAIL_KEY, str)).getActiveOrPendingAccounts();
        if (activeOrPendingAccounts.isEmpty()) {
            throw new NameNotFoundException("There is no user with this email: " + str);
        }
        return activeOrPendingAccounts.get(0);
    }

    @Override // org.georchestra.ds.users.AccountDao
    public List<Account> findByRole(String str) throws DataServiceException, NameNotFoundException {
        return new AccountSearcher().and(new EqualsFilter(UserSchema.MEMBER_OF, LdapNameBuilder.newInstance(this.basePath).add(this.roleSearchBaseDN).add("cn", str).build().toString())).getActiveOrPendingAccounts();
    }

    @Override // org.georchestra.ds.users.AccountDao
    public List<Account> findFilterBy(ProtectedUserFilter protectedUserFilter) throws DataServiceException {
        return protectedUserFilter.filterUsersList(new AccountSearcher().getActiveOrPendingAccounts());
    }

    @Override // org.georchestra.ds.users.AccountDao
    public List<Account> findAll(Predicate<Account> predicate) throws DataServiceException {
        return (List) new AccountSearcher().getActiveOrPendingAccounts().stream().filter(predicate).collect(Collectors.toList());
    }

    @Override // org.georchestra.ds.users.AccountDao
    public boolean exists(String str) {
        try {
            this.ldapTemplate.lookup((Name) buildUserDn(str.toLowerCase(), false));
            return true;
        } catch (NameNotFoundException e) {
            try {
                this.ldapTemplate.lookup((Name) buildUserDn(str.toLowerCase(), true));
                return true;
            } catch (NameNotFoundException e2) {
                return false;
            }
        }
    }

    @Override // org.georchestra.ds.users.AccountDao
    public String generateUid(String str) {
        String next = UidGenerator.next(str);
        while (true) {
            String str2 = next;
            if (!exists(str2)) {
                return str2;
            }
            next = UidGenerator.next(str2);
        }
    }

    @Override // org.georchestra.ds.users.AccountDao
    public String buildFullUserDn(Account account) {
        return String.format("%s,%s", buildUserDn(account.getUid(), account.isPending()), this.basePath);
    }

    private LdapName buildUserDn(Account account) {
        return buildUserDn(account.getUid(), account.isPending());
    }

    @Override // org.georchestra.ds.users.AccountDao
    public void changePassword(String str, String str2) throws DataServiceException {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("uid is required");
        }
        if (StringUtils.isEmpty(str2)) {
            throw new IllegalArgumentException("password is required");
        }
        DirContextOperations lookupContext = this.ldapTemplate.lookupContext((Name) buildUserDn(str, false));
        lookupContext.setAttributeValue(UserSchema.USER_PASSWORD_KEY, new LdapShaPasswordEncoder().encodePassword(str2, String.valueOf(System.currentTimeMillis()).getBytes()));
        this.ldapTemplate.modifyAttributes(lookupContext);
    }

    private void checkMandatoryFields(Account account) throws IllegalArgumentException {
        if (account.getUid().length() <= 0) {
            throw new IllegalArgumentException("uid is required");
        }
        if (account.getGivenName().length() <= 0) {
            throw new IllegalArgumentException("Given name (cn) is required");
        }
        if (account.getSurname().length() <= 0) {
            throw new IllegalArgumentException("surname name (sn) is required");
        }
        if (account.getEmail().length() <= 0) {
            throw new IllegalArgumentException("email is required");
        }
        if (account.getCommonName().length() == 0) {
            throw new IllegalArgumentException("common name is required");
        }
    }

    private void mapToContext(Account account, DirContextOperations dirContextOperations) {
        HashSet hashSet = new HashSet();
        if (dirContextOperations.getStringAttributes("objectClass") != null) {
            Collections.addAll(hashSet, dirContextOperations.getStringAttributes("objectClass"));
        }
        Collections.addAll(hashSet, "top", "person", "organizationalPerson", "inetOrgPerson", "shadowAccount", "georchestraUser", "ldapPublicKey");
        if (account.getSshKeys() == null || account.getSshKeys().length == 0) {
            hashSet.remove("ldapPublicKey");
        }
        dirContextOperations.setAttributeValues("objectClass", hashSet.toArray());
        setAccountField(dirContextOperations, UserSchema.SURNAME_KEY, account.getSurname());
        setAccountField(dirContextOperations, "cn", account.getCommonName());
        setAccountField(dirContextOperations, "description", account.getDescription());
        setAccountField(dirContextOperations, UserSchema.TELEPHONE_KEY, account.getPhone());
        setAccountField(dirContextOperations, UserSchema.MOBILE_KEY, account.getMobile());
        setAccountField(dirContextOperations, "title", account.getTitle());
        setAccountField(dirContextOperations, UserSchema.STREET_KEY, account.getStreet());
        setAccountField(dirContextOperations, UserSchema.LOCALITY_KEY, account.getLocality());
        setAccountField(dirContextOperations, UserSchema.FACSIMILE_KEY, account.getFacsimile());
        setAccountField(dirContextOperations, UserSchema.ROOM_NUMBER_KEY, account.getRoomNumber());
        setAccountField(dirContextOperations, UserSchema.GIVEN_NAME_KEY, account.getGivenName());
        setAccountField(dirContextOperations, UserSchema.UID_KEY, account.getUid().toLowerCase());
        setAccountField(dirContextOperations, UserSchema.MAIL_KEY, account.getEmail());
        setAccountField(dirContextOperations, UserSchema.POSTAL_ADDRESS_KEY, account.getPostalAddress());
        setAccountField(dirContextOperations, UserSchema.POSTAL_CODE_KEY, account.getPostalCode());
        setAccountField(dirContextOperations, UserSchema.REGISTERED_ADDRESS_KEY, account.getRegisteredAddress());
        setAccountField(dirContextOperations, UserSchema.POST_OFFICE_BOX_KEY, account.getPostOfficeBox());
        setAccountField(dirContextOperations, UserSchema.PHYSICAL_DELIVERY_OFFICE_NAME_KEY, account.getPhysicalDeliveryOfficeName());
        setAccountField(dirContextOperations, UserSchema.STATE_OR_PROVINCE_KEY, account.getStateOrProvince());
        setAccountField(dirContextOperations, UserSchema.HOME_POSTAL_ADDRESS_KEY, account.getHomePostalAddress());
        if (account.getSshKeys() == null || account.getSshKeys().length > 0) {
            dirContextOperations.setAttributeValues(UserSchema.SSH_KEY, account.getSshKeys());
        }
        if (account.getManager() != null) {
            setAccountField(dirContextOperations, UserSchema.MANAGER_KEY, "uid=" + account.getManager() + "," + this.userSearchBaseDN.toString() + "," + this.basePath);
        } else {
            setAccountField(dirContextOperations, UserSchema.MANAGER_KEY, null);
        }
        if (account.getShadowExpire() != null) {
            setAccountField(dirContextOperations, UserSchema.SHADOW_EXPIRE_KEY, String.valueOf(account.getShadowExpire().getTime() / 1000));
        } else {
            setAccountField(dirContextOperations, UserSchema.SHADOW_EXPIRE_KEY, null);
        }
        if (account.getPrivacyPolicyAgreementDate() != null) {
            setAccountField(dirContextOperations, UserSchema.PRIVACY_POLICY_AGREEMENT_DATE_KEY, String.valueOf(account.getPrivacyPolicyAgreementDate().toEpochDay()));
        } else {
            setAccountField(dirContextOperations, UserSchema.PRIVACY_POLICY_AGREEMENT_DATE_KEY, null);
        }
        if (null == account.getUniqueIdentifier()) {
            account.setUniqueIdentifier(UUID.randomUUID());
        }
        setAccountField(dirContextOperations, "georchestraObjectIdentifier", account.getUniqueIdentifier().toString());
        setAccountField(dirContextOperations, UserSchema.NOTE_KEY, account.getNote());
        setAccountField(dirContextOperations, UserSchema.CONTEXT_KEY, account.getContext());
        if (new SASLPasswordWrapper(dirContextOperations).getPasswordType().equals(PasswordType.SASL) || !StringUtils.isEmpty(account.getSASLUser())) {
            setAccountField(dirContextOperations, UserSchema.USER_PASSWORD_KEY, StringUtils.isEmpty(account.getSASLUser()) ? null : "{SASL}" + account.getSASLUser());
        }
    }

    private void setAccountField(DirContextOperations dirContextOperations, String str, Object obj) {
        if (!isNullValue(obj)) {
            dirContextOperations.setAttributeValue(str, obj);
            return;
        }
        Object[] objectAttributes = dirContextOperations.getObjectAttributes(str);
        if (objectAttributes != null) {
            if (objectAttributes.length != 1) {
                LOG.error("Multiple values encountered for field " + str + ", expected a single value");
            } else {
                LOG.info("Removing attribute " + str);
                dirContextOperations.removeAttributeValue(str, objectAttributes[0]);
            }
        }
    }

    private boolean isNullValue(Object obj) {
        if (obj == null) {
            return true;
        }
        return (obj instanceof String) && StringUtils.isEmpty(obj.toString());
    }

    private LdapName buildUserDn(String str, boolean z) {
        LdapNameBuilder newInstance = LdapNameBuilder.newInstance();
        newInstance.add((Name) (z ? this.pendingUserSearchBaseDN : this.userSearchBaseDN));
        newInstance.add(UserSchema.UID_KEY, str);
        return newInstance.build();
    }
}
