package org.keycloak.storage.ldap;

import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.reflection.Property;
import org.keycloak.models.utils.reflection.PropertyCriteria;
import org.keycloak.models.utils.reflection.PropertyQueries;
import org.keycloak.storage.ldap.idm.model.LDAPDn;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder;
import org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore;
import org.keycloak.storage.ldap.mappers.LDAPMappersComparator;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.membership.MembershipType;

/* loaded from: input_file:org/keycloak/storage/ldap/LDAPUtils.class */
public class LDAPUtils {
    private static final Logger log = Logger.getLogger(LDAPUtils.class);

    public static LDAPObject addUserToLDAP(LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel, UserModel userModel) {
        return addUserToLDAP(lDAPStorageProvider, realmModel, userModel, null);
    }

    public static LDAPObject addUserToLDAP(LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel, UserModel userModel, Consumer<LDAPObject> consumer) {
        LDAPObject lDAPObject = new LDAPObject();
        LDAPIdentityStore ldapIdentityStore = lDAPStorageProvider.getLdapIdentityStore();
        LDAPConfig config = ldapIdentityStore.getConfig();
        lDAPObject.setRdnAttributeName(config.getRdnLdapAttribute());
        lDAPObject.setObjectClasses(config.getUserObjectClasses());
        Set<String> set = (Set) realmModel.getComponentsStream(lDAPStorageProvider.getModel().getId(), LDAPStorageMapper.class.getName()).sorted(new LDAPMappersComparator(config).sortAsc()).map(componentModel -> {
            LDAPStorageMapper mapper = lDAPStorageProvider.getMapperManager().getMapper(componentModel);
            mapper.onRegisterUserToLDAP(lDAPObject, userModel, realmModel);
            return mapper.mandatoryAttributeNames();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toSet());
        set.add(config.getRdnLdapAttribute());
        lDAPObject.executeOnMandatoryAttributesComplete(set, lDAPObject2 -> {
            computeAndSetDn(config, lDAPObject2);
            ldapIdentityStore.add(lDAPObject2);
            if (consumer != null) {
                consumer.accept(lDAPObject2);
            }
        });
        return lDAPObject;
    }

    public static LDAPQuery createQueryForUserSearch(LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel) {
        LDAPQuery lDAPQuery = new LDAPQuery(lDAPStorageProvider);
        LDAPConfig config = lDAPStorageProvider.getLdapIdentityStore().getConfig();
        lDAPQuery.setSearchScope(config.getSearchScope());
        lDAPQuery.setSearchDn(config.getUsersDn());
        lDAPQuery.addObjectClasses(config.getUserObjectClasses());
        String customUserSearchFilter = config.getCustomUserSearchFilter();
        if (customUserSearchFilter != null) {
            lDAPQuery.addWhereCondition(new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customUserSearchFilter));
        }
        lDAPQuery.addMappers((List) realmModel.getComponentsStream(lDAPStorageProvider.getModel().getId(), LDAPStorageMapper.class.getName()).collect(Collectors.toList()));
        String kerberosPrincipalAttribute = lDAPStorageProvider.getKerberosConfig().getKerberosPrincipalAttribute();
        if (kerberosPrincipalAttribute != null) {
            lDAPQuery.addReturningLdapAttribute(kerberosPrincipalAttribute);
            lDAPQuery.addReturningReadOnlyLdapAttribute(kerberosPrincipalAttribute);
        }
        return lDAPQuery;
    }

    public static void computeAndSetDn(LDAPConfig lDAPConfig, LDAPObject lDAPObject) {
        String rdnLdapAttribute = lDAPConfig.getRdnLdapAttribute();
        String attributeAsString = lDAPObject.getAttributeAsString(rdnLdapAttribute);
        if (attributeAsString == null) {
            throw new ModelException("RDN Attribute [" + rdnLdapAttribute + "] is not filled. Filled attributes: " + lDAPObject.getAttributes());
        }
        LDAPDn fromString = LDAPDn.fromString(lDAPConfig.getUsersDn());
        fromString.addFirst(rdnLdapAttribute, attributeAsString);
        lDAPObject.setDn(fromString);
    }

    public static String getUsername(LDAPObject lDAPObject, LDAPConfig lDAPConfig) {
        String attributeAsString = lDAPObject.getAttributeAsString(lDAPConfig.getUsernameLdapAttribute());
        if (attributeAsString == null) {
            throw new ModelException("User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: " + lDAPConfig.getUsernameLdapAttribute() + ", user DN: " + lDAPObject.getDn() + ", attributes from LDAP: " + lDAPObject.getAttributes());
        }
        return attributeAsString;
    }

    public static void checkUuid(LDAPObject lDAPObject, LDAPConfig lDAPConfig) {
        if (lDAPObject.getUuid() == null) {
            throw new ModelException("User returned from LDAP has null uuid! Check configuration of your LDAP settings. UUID Attribute must be unique among your LDAP records and available on all the LDAP user records. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN' . Mapped UUID LDAP attribute: " + lDAPConfig.getUuidLDAPAttributeName() + ", user DN: " + lDAPObject.getDn());
        }
    }

    public static LDAPObject createLDAPGroup(LDAPStorageProvider lDAPStorageProvider, String str, String str2, Collection<String> collection, String str3, Map<String, Set<String>> map, String str4) {
        LDAPObject lDAPObject = new LDAPObject();
        lDAPObject.setRdnAttributeName(str2);
        lDAPObject.setObjectClasses(collection);
        lDAPObject.setSingleAttribute(str2, str);
        for (String str5 : collection) {
            if (str5.equalsIgnoreCase("groupOfNames") || str5.equalsIgnoreCase("groupOfEntries") || str5.equalsIgnoreCase("groupOfUniqueNames")) {
                if (map.get(str4) == null) {
                    lDAPObject.setSingleAttribute(str4, "cn=empty-membership-placeholder");
                }
            }
        }
        LDAPDn fromString = LDAPDn.fromString(str3);
        fromString.addFirst(str2, str);
        lDAPObject.setDn(fromString);
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            lDAPObject.setAttribute(entry.getKey(), entry.getValue());
        }
        lDAPStorageProvider.getLdapIdentityStore().add(lDAPObject);
        return lDAPObject;
    }

    public static LDAPObject updateLDAPGroup(LDAPStorageProvider lDAPStorageProvider, LDAPObject lDAPObject) {
        lDAPStorageProvider.getLdapIdentityStore().update(lDAPObject);
        return lDAPObject;
    }

    public static void addMember(LDAPStorageProvider lDAPStorageProvider, MembershipType membershipType, String str, String str2, LDAPObject lDAPObject, LDAPObject lDAPObject2) {
        lDAPStorageProvider.getLdapIdentityStore().addMemberToGroup(lDAPObject.getDn().toString(), str, getMemberValueOfChildObject(lDAPObject2, membershipType, str2));
    }

    public static void deleteMember(LDAPStorageProvider lDAPStorageProvider, MembershipType membershipType, String str, String str2, LDAPObject lDAPObject, LDAPObject lDAPObject2) {
        lDAPStorageProvider.getLdapIdentityStore().removeMemberFromGroup(lDAPObject.getDn().toString(), str, getMemberValueOfChildObject(lDAPObject2, membershipType, str2));
    }

    public static Set<String> getExistingMemberships(LDAPStorageProvider lDAPStorageProvider, String str, LDAPObject lDAPObject) {
        fillRangedAttribute(lDAPStorageProvider, lDAPObject, str);
        Set<String> attributeAsSet = lDAPObject.getAttributeAsSet(str);
        if (attributeAsSet == null) {
            attributeAsSet = new HashSet();
        }
        return attributeAsSet;
    }

    public static String getMemberValueOfChildObject(LDAPObject lDAPObject, MembershipType membershipType, String str) {
        return membershipType == MembershipType.DN ? lDAPObject.getDn().toString() : lDAPObject.getAttributeAsString(str);
    }

    public static List<LDAPObject> loadAllLDAPObjects(LDAPQuery lDAPQuery, LDAPStorageProvider lDAPStorageProvider) {
        LDAPConfig config = lDAPStorageProvider.getLdapIdentityStore().getConfig();
        if (!config.isPagination()) {
            return lDAPQuery.getResultList();
        }
        int batchSizeForSync = config.getBatchSizeForSync();
        LinkedList linkedList = new LinkedList();
        boolean z = true;
        while (z) {
            lDAPQuery.setLimit(batchSizeForSync);
            linkedList.addAll(lDAPQuery.getResultList());
            z = lDAPQuery.getPaginationContext().hasNextPage();
        }
        return linkedList;
    }

    public static void validateCustomLdapFilter(String str) throws ComponentValidationException {
        if (str != null) {
            String trim = str.trim();
            if (trim.isEmpty()) {
                return;
            }
            if (!trim.startsWith("(") || !trim.endsWith(")")) {
                throw new ComponentValidationException("ldapErrorInvalidCustomFilter", new Object[0]);
            }
        }
    }

    private static LDAPQuery createLdapQueryForRangeAttribute(LDAPStorageProvider lDAPStorageProvider, LDAPObject lDAPObject, String str) {
        LDAPQuery lDAPQuery = new LDAPQuery(lDAPStorageProvider);
        lDAPQuery.setSearchDn(lDAPObject.getDn().toString());
        lDAPQuery.setSearchScope(0);
        lDAPQuery.addReturningLdapAttribute(str + ";range=" + (lDAPObject.getCurrentRange(str) + 1) + "-*");
        return lDAPQuery;
    }

    public static void fillRangedAttribute(LDAPStorageProvider lDAPStorageProvider, LDAPObject lDAPObject, String str) {
        LDAPObject lDAPObject2 = lDAPObject;
        while (!lDAPObject2.isRangeComplete(str)) {
            LDAPQuery createLdapQueryForRangeAttribute = createLdapQueryForRangeAttribute(lDAPStorageProvider, lDAPObject, str);
            try {
                lDAPObject2 = createLdapQueryForRangeAttribute.getFirstResult();
                lDAPObject.populateRangedAttribute(lDAPObject2, str);
                if (createLdapQueryForRangeAttribute != null) {
                    createLdapQueryForRangeAttribute.close();
                }
            } catch (Throwable th) {
                if (createLdapQueryForRangeAttribute != null) {
                    try {
                        createLdapQueryForRangeAttribute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    public static Map<String, Property<Object>> getUserModelProperties() {
        Map resultList = PropertyQueries.createQuery(UserModel.class).addCriteria(new PropertyCriteria() { // from class: org.keycloak.storage.ldap.LDAPUtils.1
            public boolean methodMatches(Method method) {
                return !(method.getName().startsWith("get") || method.getName().startsWith("is")) || method.getParameterCount() <= 0;
            }
        }).getResultList();
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : resultList.entrySet()) {
            hashMap.put(((String) entry.getKey()).toLowerCase(), (Property) entry.getValue());
        }
        return hashMap;
    }

    public static String getDefaultKerberosUserPrincipalAttribute(String str) {
        if (str == null) {
            return "krb5PrincipalName";
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case 3107:
                if (str.equals("ad")) {
                    z = true;
                    break;
                }
                break;
            case 3499333:
                if (str.equals("rhds")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "krbPrincipalName";
            case true:
                return "userPrincipalName";
            default:
                return "krb5PrincipalName";
        }
    }
}
