package org.keycloak.federation.ldap;

import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.idm.query.Condition;
import org.keycloak.federation.ldap.idm.query.QueryParameter;
import org.keycloak.federation.ldap.idm.query.internal.LDAPIdentityQuery;
import org.keycloak.federation.ldap.idm.query.internal.LDAPQueryConditionsBuilder;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.FullNameLDAPFederationMapperFactory;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.UserAttributeLDAPFederationMapperFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationEventAwareProviderFactory;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserFederationSyncResult;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:org/keycloak/federation/ldap/LDAPFederationProviderFactory.class */
public class LDAPFederationProviderFactory extends UserFederationEventAwareProviderFactory {
    private static final Logger logger = Logger.getLogger(LDAPFederationProviderFactory.class);
    public static final String PROVIDER_NAME = "ldap";
    private LDAPIdentityStoreRegistry ldapStoreRegistry;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.federation.ldap.LDAPFederationProviderFactory$1QueryHolder, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/federation/ldap/LDAPFederationProviderFactory$1QueryHolder.class */
    public class C1QueryHolder {
        LDAPIdentityQuery query;

        C1QueryHolder() {
        }
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public UserFederationProvider m4create(KeycloakSession keycloakSession) {
        throw new IllegalAccessError("Illegal to call this method");
    }

    /* renamed from: getInstance, reason: merged with bridge method [inline-methods] */
    public LDAPFederationProvider m3getInstance(KeycloakSession keycloakSession, UserFederationProviderModel userFederationProviderModel) {
        return new LDAPFederationProvider(this, keycloakSession, userFederationProviderModel, this.ldapStoreRegistry.getLdapStore(userFederationProviderModel));
    }

    public void init(Config.Scope scope) {
        this.ldapStoreRegistry = new LDAPIdentityStoreRegistry();
    }

    public void close() {
        this.ldapStoreRegistry = null;
    }

    public String getId() {
        return PROVIDER_NAME;
    }

    public Set<String> getConfigurationOptions() {
        return Collections.emptySet();
    }

    public void onProviderModelCreated(RealmModel realmModel, UserFederationProviderModel userFederationProviderModel) {
        LDAPConfig lDAPConfig = new LDAPConfig(userFederationProviderModel.getConfig());
        boolean isActiveDirectory = lDAPConfig.isActiveDirectory();
        UserFederationProvider.EditMode editMode = lDAPConfig.getEditMode();
        String valueOf = String.valueOf(editMode == UserFederationProvider.EditMode.READ_ONLY || editMode == UserFederationProvider.EditMode.UNSYNCED);
        String usernameLdapAttribute = lDAPConfig.getUsernameLdapAttribute();
        realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("username", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "username", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, usernameLdapAttribute, "read.only", valueOf}));
        if (!lDAPConfig.getRdnLdapAttribute().equalsIgnoreCase("cn")) {
            realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("first name", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "firstName", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "cn", "read.only", valueOf}));
        } else if (usernameLdapAttribute.equalsIgnoreCase("cn")) {
            realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("first name", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "firstName", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "givenName", "read.only", valueOf}));
        } else if (editMode == UserFederationProvider.EditMode.WRITABLE) {
            realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("first name", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "firstName", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "givenName", "read.only", valueOf}));
            realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("username-cn", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "username", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "cn", "read.only", valueOf}));
        } else {
            realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("full name", userFederationProviderModel.getId(), FullNameLDAPFederationMapperFactory.PROVIDER_ID, new String[]{FullNameLDAPFederationMapper.LDAP_FULL_NAME_ATTRIBUTE, "cn", "read.only", valueOf}));
        }
        realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("last name", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "lastName", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "sn", "read.only", valueOf}));
        realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("email", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "email", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, "mail", "read.only", valueOf}));
        String str = isActiveDirectory ? "whenCreated" : "createTimestamp";
        String str2 = isActiveDirectory ? "whenChanged" : "modifyTimestamp";
        realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("creation date", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "createTimestamp", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, str, "read.only", "true"}));
        realmModel.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("modify date", userFederationProviderModel.getId(), UserAttributeLDAPFederationMapperFactory.PROVIDER_ID, new String[]{UserAttributeLDAPFederationMapper.USER_MODEL_ATTRIBUTE, "modifyTimestamp", UserAttributeLDAPFederationMapper.LDAP_ATTRIBUTE, str2, "read.only", "true"}));
    }

    public UserFederationSyncResult syncAllUsers(KeycloakSessionFactory keycloakSessionFactory, String str, UserFederationProviderModel userFederationProviderModel) {
        logger.infof("Sync all users from LDAP to local store: realm: %s, federation provider: %s", str, userFederationProviderModel.getDisplayName());
        UserFederationSyncResult syncImpl = syncImpl(keycloakSessionFactory, createQuery(keycloakSessionFactory, str, userFederationProviderModel), str, userFederationProviderModel);
        logger.infof("Sync all users finished: %s", syncImpl.getStatus());
        return syncImpl;
    }

    public UserFederationSyncResult syncChangedUsers(KeycloakSessionFactory keycloakSessionFactory, String str, UserFederationProviderModel userFederationProviderModel, Date date) {
        logger.infof("Sync changed users from LDAP to local store: realm: %s, federation provider: %s, last sync time: " + date, str, userFederationProviderModel.getDisplayName());
        LDAPQueryConditionsBuilder lDAPQueryConditionsBuilder = new LDAPQueryConditionsBuilder();
        Condition orCondition = lDAPQueryConditionsBuilder.orCondition(lDAPQueryConditionsBuilder.greaterThanOrEqualTo(new QueryParameter("createTimestamp"), date), lDAPQueryConditionsBuilder.greaterThanOrEqualTo(new QueryParameter("modifyTimestamp"), date));
        LDAPIdentityQuery createQuery = createQuery(keycloakSessionFactory, str, userFederationProviderModel);
        createQuery.where(orCondition);
        UserFederationSyncResult syncImpl = syncImpl(keycloakSessionFactory, createQuery, str, userFederationProviderModel);
        logger.infof("Sync changed users finished: %s", syncImpl.getStatus());
        return syncImpl;
    }

    protected UserFederationSyncResult syncImpl(KeycloakSessionFactory keycloakSessionFactory, LDAPIdentityQuery lDAPIdentityQuery, final String str, final UserFederationProviderModel userFederationProviderModel) {
        final UserFederationSyncResult userFederationSyncResult = new UserFederationSyncResult();
        if (Boolean.parseBoolean((String) userFederationProviderModel.getConfig().get("pagination"))) {
            String str2 = (String) userFederationProviderModel.getConfig().get("batchSizeForSync");
            int parseInt = str2 != null ? Integer.parseInt(str2) : 1000;
            boolean z = true;
            while (z) {
                lDAPIdentityQuery.setLimit(parseInt);
                final List<LDAPObject> resultList = lDAPIdentityQuery.getResultList();
                z = lDAPIdentityQuery.getPaginationContext() != null;
                KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.federation.ldap.LDAPFederationProviderFactory.1
                    public void run(KeycloakSession keycloakSession) {
                        userFederationSyncResult.add(LDAPFederationProviderFactory.this.importLdapUsers(keycloakSession, str, userFederationProviderModel, resultList));
                    }
                });
            }
        } else {
            final List<LDAPObject> resultList2 = lDAPIdentityQuery.getResultList();
            KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.federation.ldap.LDAPFederationProviderFactory.2
                public void run(KeycloakSession keycloakSession) {
                    userFederationSyncResult.add(LDAPFederationProviderFactory.this.importLdapUsers(keycloakSession, str, userFederationProviderModel, resultList2));
                }
            });
        }
        return userFederationSyncResult;
    }

    private LDAPIdentityQuery createQuery(KeycloakSessionFactory keycloakSessionFactory, final String str, final UserFederationProviderModel userFederationProviderModel) {
        final C1QueryHolder c1QueryHolder = new C1QueryHolder();
        KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.federation.ldap.LDAPFederationProviderFactory.3
            public void run(KeycloakSession keycloakSession) {
                LDAPFederationProvider m3getInstance = LDAPFederationProviderFactory.this.m3getInstance(keycloakSession, userFederationProviderModel);
                RealmModel realm = keycloakSession.realms().getRealm(str);
                c1QueryHolder.query = LDAPUtils.createQueryForUserSearch(m3getInstance, realm);
            }
        });
        return c1QueryHolder.query;
    }

    protected UserFederationSyncResult importLdapUsers(KeycloakSession keycloakSession, String str, UserFederationProviderModel userFederationProviderModel, List<LDAPObject> list) {
        return m3getInstance(keycloakSession, userFederationProviderModel).importLDAPUsers(keycloakSession.realms().getRealm(str), list, userFederationProviderModel);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SPNEGOAuthenticator createSPNEGOAuthenticator(String str, CommonKerberosConfig commonKerberosConfig) {
        return new SPNEGOAuthenticator(commonKerberosConfig, createKerberosSubjectAuthenticator(commonKerberosConfig), str);
    }

    protected KerberosServerSubjectAuthenticator createKerberosSubjectAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        return new KerberosServerSubjectAuthenticator(commonKerberosConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KerberosUsernamePasswordAuthenticator createKerberosUsernamePasswordAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        return new KerberosUsernamePasswordAuthenticator(commonKerberosConfig);
    }
}
