package org.keycloak.federation.ldap;

import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.keycloak.federation.ldap.idm.model.LDAPDn;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.federation.ldap.idm.query.internal.LDAPQueryConditionsBuilder;
import org.keycloak.federation.ldap.idm.store.ldap.LDAPIdentityStore;
import org.keycloak.federation.ldap.mappers.membership.MembershipType;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:org/keycloak/federation/ldap/LDAPUtils.class */
public class LDAPUtils {
    public static LDAPObject addUserToLDAP(LDAPFederationProvider lDAPFederationProvider, RealmModel realmModel, UserModel userModel) {
        LDAPObject lDAPObject = new LDAPObject();
        LDAPIdentityStore ldapIdentityStore = lDAPFederationProvider.getLdapIdentityStore();
        LDAPConfig config = ldapIdentityStore.getConfig();
        lDAPObject.setRdnAttributeName(config.getRdnLdapAttribute());
        lDAPObject.setObjectClasses(config.getUserObjectClasses());
        for (UserFederationMapperModel userFederationMapperModel : lDAPFederationProvider.sortMappersAsc(realmModel.getUserFederationMappersByFederationProvider(lDAPFederationProvider.getModel().getId()))) {
            lDAPFederationProvider.getMapper(userFederationMapperModel).onRegisterUserToLDAP(userFederationMapperModel, lDAPFederationProvider, lDAPObject, userModel, realmModel);
        }
        computeAndSetDn(config, lDAPObject);
        ldapIdentityStore.add(lDAPObject);
        return lDAPObject;
    }

    public static LDAPQuery createQueryForUserSearch(LDAPFederationProvider lDAPFederationProvider, RealmModel realmModel) {
        LDAPQuery lDAPQuery = new LDAPQuery(lDAPFederationProvider);
        LDAPConfig config = lDAPFederationProvider.getLdapIdentityStore().getConfig();
        lDAPQuery.setSearchScope(config.getSearchScope());
        lDAPQuery.setSearchDn(config.getUsersDn());
        lDAPQuery.addObjectClasses(config.getUserObjectClasses());
        String customUserSearchFilter = config.getCustomUserSearchFilter();
        if (customUserSearchFilter != null) {
            lDAPQuery.addWhereCondition(new LDAPQueryConditionsBuilder().addCustomLDAPFilter(customUserSearchFilter));
        }
        lDAPQuery.addMappers(realmModel.getUserFederationMappersByFederationProvider(lDAPFederationProvider.getModel().getId()));
        return lDAPQuery;
    }

    private static void computeAndSetDn(LDAPConfig lDAPConfig, LDAPObject lDAPObject) {
        String rdnLdapAttribute = lDAPConfig.getRdnLdapAttribute();
        String attributeAsString = lDAPObject.getAttributeAsString(rdnLdapAttribute);
        if (attributeAsString == null) {
            throw new ModelException("RDN Attribute [" + rdnLdapAttribute + "] is not filled. Filled attributes: " + lDAPObject.getAttributes());
        }
        LDAPDn fromString = LDAPDn.fromString(lDAPConfig.getUsersDn());
        fromString.addFirst(rdnLdapAttribute, attributeAsString);
        lDAPObject.setDn(fromString);
    }

    public static String getUsername(LDAPObject lDAPObject, LDAPConfig lDAPConfig) {
        String attributeAsString = lDAPObject.getAttributeAsString(lDAPConfig.getUsernameLdapAttribute());
        if (attributeAsString == null) {
            throw new ModelException("User returned from LDAP has null username! Check configuration of your LDAP mappings. Mapped username LDAP attribute: " + lDAPConfig.getUsernameLdapAttribute() + ", user DN: " + lDAPObject.getDn() + ", attributes from LDAP: " + lDAPObject.getAttributes());
        }
        return attributeAsString;
    }

    public static void checkUuid(LDAPObject lDAPObject, LDAPConfig lDAPConfig) {
        if (lDAPObject.getUuid() == null) {
            throw new ModelException("User returned from LDAP has null uuid! Check configuration of your LDAP settings. UUID Attribute must be unique among your LDAP records and available on all the LDAP user records. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN' . Mapped UUID LDAP attribute: " + lDAPConfig.getUuidLDAPAttributeName() + ", user DN: " + lDAPObject.getDn());
        }
    }

    public static LDAPObject createLDAPGroup(LDAPFederationProvider lDAPFederationProvider, String str, String str2, Collection<String> collection, String str3, Map<String, Set<String>> map) {
        LDAPObject lDAPObject = new LDAPObject();
        lDAPObject.setRdnAttributeName(str2);
        lDAPObject.setObjectClasses(collection);
        lDAPObject.setSingleAttribute(str2, str);
        LDAPDn fromString = LDAPDn.fromString(str3);
        fromString.addFirst(str2, str);
        lDAPObject.setDn(fromString);
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            lDAPObject.setAttribute(entry.getKey(), entry.getValue());
        }
        lDAPFederationProvider.getLdapIdentityStore().add(lDAPObject);
        return lDAPObject;
    }

    public static void addMember(LDAPFederationProvider lDAPFederationProvider, MembershipType membershipType, String str, LDAPObject lDAPObject, LDAPObject lDAPObject2, boolean z) {
        Set<String> existingMemberships = getExistingMemberships(str, lDAPObject);
        if (membershipType == MembershipType.DN) {
            Iterator<String> it = existingMemberships.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if ("cn=empty-membership-placeholder".equals(next)) {
                    existingMemberships.remove(next);
                    break;
                }
            }
        }
        existingMemberships.add(getMemberValueOfChildObject(lDAPObject2, membershipType));
        lDAPObject.setAttribute(str, existingMemberships);
        if (z) {
            lDAPFederationProvider.getLdapIdentityStore().update(lDAPObject);
        }
    }

    public static void deleteMember(LDAPFederationProvider lDAPFederationProvider, MembershipType membershipType, String str, LDAPObject lDAPObject, LDAPObject lDAPObject2, boolean z) {
        Set<String> existingMemberships = getExistingMemberships(str, lDAPObject);
        existingMemberships.remove(getMemberValueOfChildObject(lDAPObject2, membershipType));
        if (existingMemberships.size() == 0 && membershipType == MembershipType.DN && !lDAPFederationProvider.getLdapIdentityStore().getConfig().isActiveDirectory()) {
            existingMemberships.add("cn=empty-membership-placeholder");
        }
        lDAPObject.setAttribute(str, existingMemberships);
        lDAPFederationProvider.getLdapIdentityStore().update(lDAPObject);
    }

    public static Set<String> getExistingMemberships(String str, LDAPObject lDAPObject) {
        Set<String> attributeAsSet = lDAPObject.getAttributeAsSet(str);
        if (attributeAsSet == null) {
            attributeAsSet = new HashSet();
        }
        return attributeAsSet;
    }

    public static String getMemberValueOfChildObject(LDAPObject lDAPObject, MembershipType membershipType) {
        return membershipType == MembershipType.DN ? lDAPObject.getDn().toString() : lDAPObject.getAttributeAsString(lDAPObject.getRdnAttributeName());
    }
}
