package org.keycloak.picketlink.ldap;

import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import org.jboss.logging.Logger;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.picketlink.idm.KeycloakEventBridge;
import org.keycloak.picketlink.idm.LDAPKeycloakCredentialHandler;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
import org.picketlink.idm.config.LDAPMappingConfigurationBuilder;
import org.picketlink.idm.config.LDAPStoreConfigurationBuilder;
import org.picketlink.idm.internal.DefaultPartitionManager;
import org.picketlink.idm.model.basic.User;

/* loaded from: input_file:org/keycloak/picketlink/ldap/PartitionManagerRegistry.class */
public class PartitionManagerRegistry {
    private static final Logger logger = Logger.getLogger(PartitionManagerRegistry.class);
    private Map<String, PartitionManagerContext> partitionManagers = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/picketlink/ldap/PartitionManagerRegistry$PartitionManagerContext.class */
    public class PartitionManagerContext {
        private Map<String, String> config;
        private PartitionManager partitionManager;

        private PartitionManagerContext(Map<String, String> map, PartitionManager partitionManager) {
            this.config = map;
            this.partitionManager = partitionManager;
        }
    }

    public PartitionManager getPartitionManager(UserFederationProviderModel userFederationProviderModel) {
        PartitionManagerContext partitionManagerContext = this.partitionManagers.get(userFederationProviderModel.getId());
        Map<String, String> config = userFederationProviderModel.getConfig();
        if (partitionManagerContext == null || !config.equals(partitionManagerContext.config)) {
            logLDAPConfig(userFederationProviderModel.getId(), config);
            partitionManagerContext = new PartitionManagerContext(config, createPartitionManager(config));
            this.partitionManagers.put(userFederationProviderModel.getId(), partitionManagerContext);
        }
        return partitionManagerContext.partitionManager;
    }

    private void logLDAPConfig(String str, Map<String, String> map) {
        HashMap hashMap = new HashMap(map);
        hashMap.remove("bindCredential");
        logger.infof("Creating new LDAP based partition manager for the Federation provider: " + str + ", LDAP Configuration: " + hashMap, new Object[0]);
    }

    public static PartitionManager createPartitionManager(Map<String, String> map) {
        IdentityConfigurationBuilder identityConfigurationBuilder = new IdentityConfigurationBuilder();
        Properties properties = new Properties();
        if (map.containsKey("connectionPooling")) {
            properties.put("com.sun.jndi.ldap.connect.pool", map.get("connectionPooling"));
        }
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.authentication", "none simple");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.initsize", "1");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.maxsize", "1000");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.prefsize", "5");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.timeout", "300000");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.protocol", "plain");
        checkSystemProperty("com.sun.jndi.ldap.connect.pool.debug", "off");
        String str = map.get("vendor");
        boolean z = str != null && str.equals("ad");
        String str2 = map.get("usernameLDAPAttribute");
        if (str2 == null) {
            str2 = z ? "cn" : "uid";
        }
        String str3 = z ? "givenName" : "cn";
        String str4 = z ? "whenCreated" : "createTimeStamp";
        String str5 = z ? "whenChanged" : "modifyTimeStamp";
        String[] userObjectClasses = getUserObjectClasses(map);
        LDAPStoreConfigurationBuilder pagination = identityConfigurationBuilder.named("SIMPLE_LDAP_STORE_CONFIG").stores().ldap().connectionProperties(properties).addCredentialHandler(LDAPKeycloakCredentialHandler.class).baseDN(map.get("baseDn")).bindDN(map.get("bindDn")).bindCredential(map.get("bindCredential")).url(map.get("connectionUrl")).activeDirectory(z).supportAllFeatures().pagination(map.containsKey("pagination") ? Boolean.parseBoolean(map.get("pagination")) : false);
        if (str != null && str.equals("rhds")) {
            pagination.uniqueIdentifierAttributeName("nsuniqueid");
        }
        LDAPMappingConfigurationBuilder readOnlyAttribute = pagination.mapping(User.class).baseDN(map.get("userDnSuffix")).objectClasses(userObjectClasses).attribute("loginName", str2, true).attribute("firstName", str3).attribute("lastName", "sn").attribute("email", "mail").readOnlyAttribute("createdDate", str4).readOnlyAttribute("modifyDate", str5);
        if (z && str2.equals("sAMAccountName")) {
            readOnlyAttribute.bindingAttribute("fullName", "cn");
            logger.infof("Using 'cn' attribute for DN of user and 'sAMAccountName' for username", new Object[0]);
        }
        return new DefaultPartitionManager(identityConfigurationBuilder.buildAll(), new KeycloakEventBridge(z && "true".equals(map.get("userAccountControlsAfterPasswordUpdate"))), (Collection) null);
    }

    private static void checkSystemProperty(String str, String str2) {
        if (System.getProperty(str) == null) {
            System.setProperty(str, str2);
        }
    }

    private static String[] getUserObjectClasses(Map<String, String> map) {
        String str = map.get("userObjectClasses");
        String[] split = ((str == null || str.length() <= 0) ? "inetOrgPerson, organizationalPerson" : str.trim()).split(",");
        String[] strArr = new String[split.length];
        for (int i = 0; i < split.length; i++) {
            strArr[i] = split[i].trim();
        }
        return strArr;
    }
}
