package org.keycloak.picketlink.ldap;

import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import org.jboss.logging.Logger;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.picketlink.idm.KeycloakEventBridge;
import org.keycloak.picketlink.idm.LDAPKeycloakCredentialHandler;
import org.keycloak.protocol.saml.SamlProtocol;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
import org.picketlink.idm.config.LDAPMappingConfigurationBuilder;
import org.picketlink.idm.config.LDAPStoreConfigurationBuilder;
import org.picketlink.idm.internal.DefaultPartitionManager;
import org.picketlink.idm.model.basic.User;

/* loaded from: input_file:WEB-INF/lib/keycloak-picketlink-ldap-1.1.0.Final.jar:org/keycloak/picketlink/ldap/PartitionManagerRegistry.class */
public class PartitionManagerRegistry {
    private static final Logger logger = Logger.getLogger((Class<?>) PartitionManagerRegistry.class);
    private Map<String, PartitionManagerContext> partitionManagers = new ConcurrentHashMap();

    /* loaded from: input_file:WEB-INF/lib/keycloak-picketlink-ldap-1.1.0.Final.jar:org/keycloak/picketlink/ldap/PartitionManagerRegistry$PartitionManagerContext.class */
    private class PartitionManagerContext {
        private Map<String, String> config;
        private PartitionManager partitionManager;

        private PartitionManagerContext(Map<String, String> map, PartitionManager partitionManager) {
            this.config = map;
            this.partitionManager = partitionManager;
        }
    }

    public PartitionManager getPartitionManager(UserFederationProviderModel userFederationProviderModel) {
        PartitionManagerContext partitionManagerContext = this.partitionManagers.get(userFederationProviderModel.getId());
        Map<String, String> config = userFederationProviderModel.getConfig();
        if (partitionManagerContext == null || !config.equals(partitionManagerContext.config)) {
            logLDAPConfig(userFederationProviderModel.getId(), config);
            partitionManagerContext = new PartitionManagerContext(config, createPartitionManager(config));
            this.partitionManagers.put(userFederationProviderModel.getId(), partitionManagerContext);
        }
        return partitionManagerContext.partitionManager;
    }

    private void logLDAPConfig(String str, Map<String, String> map) {
        HashMap hashMap = new HashMap(map);
        hashMap.remove(LDAPConstants.BIND_CREDENTIAL);
        logger.infof("Creating new LDAP based partition manager for the Federation provider: " + str + ", LDAP Configuration: " + hashMap, new Object[0]);
    }

    public static PartitionManager createPartitionManager(Map<String, String> map) {
        IdentityConfigurationBuilder identityConfigurationBuilder = new IdentityConfigurationBuilder();
        Properties properties = new Properties();
        if (map.containsKey(LDAPConstants.CONNECTION_POOLING)) {
            properties.put("com.sun.jndi.ldap.connect.pool", map.get(LDAPConstants.CONNECTION_POOLING));
        }
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.authentication", "none simple");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.initsize", "1");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.maxsize", "1000");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.prefsize", "5");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.timeout", "300000");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.debug", "off");
        String str = map.get(LDAPConstants.VENDOR);
        boolean z = str != null && str.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY);
        String str2 = map.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE);
        if (str2 == null) {
            str2 = z ? org.picketlink.common.constants.LDAPConstants.CN : org.picketlink.common.constants.LDAPConstants.UID;
        }
        String str3 = z ? "givenName" : org.picketlink.common.constants.LDAPConstants.CN;
        String str4 = z ? "whenCreated" : org.picketlink.common.constants.LDAPConstants.CREATE_TIMESTAMP;
        String str5 = z ? "whenChanged" : org.picketlink.common.constants.LDAPConstants.MODIFY_TIMESTAMP;
        String[] userObjectClasses = getUserObjectClasses(map);
        LDAPStoreConfigurationBuilder pagination = identityConfigurationBuilder.named("SIMPLE_LDAP_STORE_CONFIG").stores().ldap().connectionProperties(properties).addCredentialHandler(LDAPKeycloakCredentialHandler.class).baseDN(map.get(LDAPConstants.BASE_DN)).bindDN(map.get(LDAPConstants.BIND_DN)).bindCredential(map.get(LDAPConstants.BIND_CREDENTIAL)).url(map.get(LDAPConstants.CONNECTION_URL)).activeDirectory(z).supportAllFeatures().pagination(map.containsKey(LDAPConstants.PAGINATION) ? Boolean.parseBoolean(map.get(LDAPConstants.PAGINATION)) : false);
        if (str != null && str.equals(LDAPConstants.VENDOR_RHDS)) {
            pagination.uniqueIdentifierAttributeName("nsuniqueid");
        } else if (LDAPConstants.VENDOR_TIVOLI.equals(str)) {
            pagination.uniqueIdentifierAttributeName("uniqueidentifier");
        }
        LDAPMappingConfigurationBuilder readOnlyAttribute = pagination.mapping(User.class).baseDN(map.get(LDAPConstants.USER_DN_SUFFIX)).objectClasses(userObjectClasses).attribute("loginName", str2, true).attribute("firstName", str3).attribute("lastName", org.picketlink.common.constants.LDAPConstants.SN).attribute("email", org.picketlink.common.constants.LDAPConstants.EMAIL).readOnlyAttribute("createdDate", str4).readOnlyAttribute("modifyDate", str5);
        if (z && str2.equals("sAMAccountName")) {
            readOnlyAttribute.bindingAttribute("fullName", org.picketlink.common.constants.LDAPConstants.CN);
            logger.infof("Using 'cn' attribute for DN of user and 'sAMAccountName' for username", new Object[0]);
        }
        return new DefaultPartitionManager(identityConfigurationBuilder.buildAll(), new KeycloakEventBridge(z && SamlProtocol.ATTRIBUTE_TRUE_VALUE.equals(map.get(LDAPConstants.USER_ACCOUNT_CONTROLS_AFTER_PASSWORD_UPDATE))), null);
    }

    private static void checkSystemProperty(String str, String str2) {
        if (System.getProperty(str) == null) {
            System.setProperty(str, str2);
        }
    }

    private static String[] getUserObjectClasses(Map<String, String> map) {
        String str = map.get(LDAPConstants.USER_OBJECT_CLASSES);
        String[] split = ((str == null || str.length() <= 0) ? "inetOrgPerson, organizationalPerson" : str.trim()).split(org.picketlink.common.constants.LDAPConstants.COMMA);
        String[] strArr = new String[split.length];
        for (int i = 0; i < split.length; i++) {
            strArr[i] = split[i].trim();
        }
        return strArr;
    }
}
