package org.keycloak.federation.ldap.mappers.membership.group;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.keycloak.federation.ldap.LDAPConfig;
import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.mappers.AbstractLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.AbstractLDAPFederationMapperFactory;
import org.keycloak.federation.ldap.mappers.membership.CommonLDAPGroupMapperConfig;
import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.federation.ldap.mappers.membership.MembershipType;
import org.keycloak.federation.ldap.mappers.membership.UserRolesRetrieveStrategy;
import org.keycloak.mappers.FederationConfigValidationException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.representations.idm.UserFederationMapperSyncConfigRepresentation;

/* loaded from: input_file:org/keycloak/federation/ldap/mappers/membership/group/GroupLDAPFederationMapperFactory.class */
public class GroupLDAPFederationMapperFactory extends AbstractLDAPFederationMapperFactory {
    public static final String PROVIDER_ID = "group-ldap-mapper";
    protected static final List<ProviderConfigProperty> configProperties = new ArrayList();
    protected static final Map<String, UserRolesRetrieveStrategy> userGroupsStrategies = new LinkedHashMap();

    public String getHelpText() {
        return "Used to map group mappings of groups from some LDAP DN to Keycloak group mappings";
    }

    public String getDisplayCategory() {
        return AbstractLDAPFederationMapperFactory.GROUP_MAPPER_CATEGORY;
    }

    public String getDisplayType() {
        return "Group mappings";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    public Map<String, String> getDefaultConfig(UserFederationProviderModel userFederationProviderModel) {
        HashMap hashMap = new HashMap();
        LDAPConfig lDAPConfig = new LDAPConfig(userFederationProviderModel.getConfig());
        hashMap.put(GroupMapperConfig.GROUP_NAME_LDAP_ATTRIBUTE, "cn");
        hashMap.put(GroupMapperConfig.GROUP_OBJECT_CLASSES, lDAPConfig.isActiveDirectory() ? "group" : "groupOfNames");
        hashMap.put(GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "true");
        hashMap.put(CommonLDAPGroupMapperConfig.MEMBERSHIP_LDAP_ATTRIBUTE, "member");
        hashMap.put(CommonLDAPGroupMapperConfig.MEMBERSHIP_ATTRIBUTE_TYPE, MembershipType.DN.toString());
        hashMap.put(CommonLDAPGroupMapperConfig.MODE, lDAPConfig.getEditMode() == UserFederationProvider.EditMode.WRITABLE ? LDAPGroupMapperMode.LDAP_ONLY.toString() : LDAPGroupMapperMode.READ_ONLY.toString());
        hashMap.put(CommonLDAPGroupMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, GroupMapperConfig.LOAD_GROUPS_BY_MEMBER_ATTRIBUTE);
        hashMap.put(GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "false");
        return hashMap;
    }

    public String getId() {
        return PROVIDER_ID;
    }

    @Override // org.keycloak.federation.ldap.mappers.AbstractLDAPFederationMapperFactory
    public UserFederationMapperSyncConfigRepresentation getSyncConfig() {
        return new UserFederationMapperSyncConfigRepresentation(true, "sync-ldap-groups-to-keycloak", true, "sync-keycloak-groups-to-ldap");
    }

    public void validateConfig(RealmModel realmModel, UserFederationProviderModel userFederationProviderModel, UserFederationMapperModel userFederationMapperModel) throws FederationConfigValidationException {
        checkMandatoryConfigAttribute(GroupMapperConfig.GROUPS_DN, "LDAP Groups DN", userFederationMapperModel);
        checkMandatoryConfigAttribute(CommonLDAPGroupMapperConfig.MODE, "Mode", userFederationMapperModel);
        String str = (String) userFederationMapperModel.getConfig().get(CommonLDAPGroupMapperConfig.MEMBERSHIP_ATTRIBUTE_TYPE);
        MembershipType membershipType = str == null ? MembershipType.DN : (MembershipType) Enum.valueOf(MembershipType.class, str);
        if (Boolean.parseBoolean((String) userFederationMapperModel.getConfig().get(GroupMapperConfig.PRESERVE_GROUP_INHERITANCE)) && membershipType != MembershipType.DN) {
            throw new FederationConfigValidationException("ldapErrorCantPreserveGroupInheritanceWithUIDMembershipType");
        }
        LDAPUtils.validateCustomLdapFilter((String) userFederationMapperModel.getConfig().get(GroupMapperConfig.GROUPS_LDAP_FILTER));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.federation.ldap.mappers.AbstractLDAPFederationMapperFactory
    public AbstractLDAPFederationMapper createMapper(UserFederationMapperModel userFederationMapperModel, LDAPFederationProvider lDAPFederationProvider, RealmModel realmModel) {
        return new GroupLDAPFederationMapper(userFederationMapperModel, lDAPFederationProvider, realmModel, this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserRolesRetrieveStrategy getUserGroupsRetrieveStrategy(String str) {
        return userGroupsStrategies.get(str);
    }

    static {
        userGroupsStrategies.put(GroupMapperConfig.LOAD_GROUPS_BY_MEMBER_ATTRIBUTE, new UserRolesRetrieveStrategy.LoadRolesByMember());
        userGroupsStrategies.put(GroupMapperConfig.GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE, new UserRolesRetrieveStrategy.GetRolesFromUserMemberOfAttribute());
        userGroupsStrategies.put(GroupMapperConfig.LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY, new UserRolesRetrieveStrategy.LoadRolesByMemberRecursively());
        configProperties.add(createConfigProperty(GroupMapperConfig.GROUPS_DN, "LDAP Groups DN", "LDAP DN where are groups of this tree saved. For example 'ou=groups,dc=example,dc=org' ", "String", null));
        configProperties.add(createConfigProperty(GroupMapperConfig.GROUP_NAME_LDAP_ATTRIBUTE, "Group Name LDAP Attribute", "Name of LDAP attribute, which is used in group objects for name and RDN of group. Usually it will be 'cn' . In this case typical group/role object may have DN like 'cn=Group1,ou=groups,dc=example,dc=org' ", "String", null));
        configProperties.add(createConfigProperty(GroupMapperConfig.GROUP_OBJECT_CLASSES, "Group Object Classes", "Object class (or classes) of the group object. It's divided by comma if more classes needed. In typical LDAP deployment it could be 'groupOfNames' . In Active Directory it's usually 'group' ", "String", null));
        configProperties.add(createConfigProperty(GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "Preserve Group Inheritance", "Flag whether group inheritance from LDAP should be propagated to Keycloak. If false, then all LDAP groups will be mapped as flat top-level groups in Keycloak. Otherwise group inheritance is preserved into Keycloak, but the group sync might fail if LDAP structure contains recursions or multiple parent groups per child groups", "boolean", null));
        configProperties.add(createConfigProperty(CommonLDAPGroupMapperConfig.MEMBERSHIP_LDAP_ATTRIBUTE, "Membership LDAP Attribute", "Name of LDAP attribute on group, which is used for membership mappings. Usually it will be 'member' ", "String", null));
        LinkedList linkedList = new LinkedList();
        for (MembershipType membershipType : MembershipType.values()) {
            linkedList.add(membershipType.toString());
        }
        configProperties.add(createConfigProperty(CommonLDAPGroupMapperConfig.MEMBERSHIP_ATTRIBUTE_TYPE, "Membership Attribute Type", "DN means that LDAP group has it's members declared in form of their full DN. For example 'member: uid=john,ou=users,dc=example,dc=com' . UID means that LDAP group has it's members declared in form of pure user uids. For example 'memberUid: john' .", "List", linkedList));
        configProperties.add(createConfigProperty(GroupMapperConfig.GROUPS_LDAP_FILTER, "LDAP Filter", "LDAP Filter adds additional custom filter to the whole query for retrieve LDAP groups. Leave this empty if no additional filtering is needed and you want to retrieve all groups from LDAP. Otherwise make sure that filter starts with '(' and ends with ')'", "String", null));
        LinkedList linkedList2 = new LinkedList();
        for (LDAPGroupMapperMode lDAPGroupMapperMode : LDAPGroupMapperMode.values()) {
            linkedList2.add(lDAPGroupMapperMode.toString());
        }
        configProperties.add(createConfigProperty(CommonLDAPGroupMapperConfig.MODE, "Mode", "LDAP_ONLY means that all group mappings of users are retrieved from LDAP and saved into LDAP. READ_ONLY is Read-only LDAP mode where group mappings are retrieved from both LDAP and DB and merged together. New group joins are not saved to LDAP but to DB. IMPORT is Read-only LDAP mode where group mappings are retrieved from LDAP just at the time when user is imported from LDAP and then they are saved to local keycloak DB.", "List", linkedList2));
        configProperties.add(createConfigProperty(CommonLDAPGroupMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, "User Groups Retrieve Strategy", "Specify how to retrieve groups of user. LOAD_GROUPS_BY_MEMBER_ATTRIBUTE means that roles of user will be retrieved by sending LDAP query to retrieve all groups where 'member' is our user. GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE means that groups of user will be retrieved from 'memberOf' attribute of our user. LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY is applicable just in Active Directory and it means that groups of user will be retrieved recursively with usage of LDAP_MATCHING_RULE_IN_CHAIN Ldap extension.", "List", new LinkedList(userGroupsStrategies.keySet())));
        configProperties.add(createConfigProperty(GroupMapperConfig.MAPPED_GROUP_ATTRIBUTES, "Mapped Group Attributes", "List of names of attributes divided by comma. This points to the list of attributes on LDAP group, which will be mapped as attributes of Group in Keycloak. Leave this empty if no additional group attributes are required to be mapped in Keycloak. ", "String", null));
        configProperties.add(createConfigProperty(GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "Drop non-existing groups during sync", "If this flag is true, then during sync of groups from LDAP to Keycloak, we will keep just those Keycloak groups, which still exists in LDAP. Rest will be deleted", "boolean", null));
    }
}
