package org.keycloak.federation.ldap.idm.store.ldap;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.TreeSet;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.SearchResult;
import org.jboss.logging.Logger;
import org.keycloak.federation.ldap.LDAPConfig;
import org.keycloak.federation.ldap.idm.model.LDAPDn;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.idm.query.Condition;
import org.keycloak.federation.ldap.idm.query.internal.EqualCondition;
import org.keycloak.federation.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.federation.ldap.idm.store.IdentityStore;
import org.keycloak.models.ModelException;

/* loaded from: input_file:org/keycloak/federation/ldap/idm/store/ldap/LDAPIdentityStore.class */
public class LDAPIdentityStore implements IdentityStore {
    private static final Logger logger = Logger.getLogger(LDAPIdentityStore.class);
    private final LDAPConfig config;
    private final LDAPOperationManager operationManager;

    public LDAPIdentityStore(LDAPConfig lDAPConfig) {
        this.config = lDAPConfig;
        try {
            this.operationManager = new LDAPOperationManager(lDAPConfig);
        } catch (NamingException e) {
            throw new ModelException("Couldn't init operation manager", e);
        }
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public LDAPConfig getConfig() {
        return this.config;
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public void add(LDAPObject lDAPObject) {
        if (lDAPObject.getUuid() != null) {
            throw new ModelException("Can't add object with already assigned uuid");
        }
        String lDAPDn = lDAPObject.getDn().toString();
        this.operationManager.createSubContext(lDAPDn, extractAttributes(lDAPObject, true));
        lDAPObject.setUuid(getEntryIdentifier(lDAPObject));
        if (logger.isDebugEnabled()) {
            logger.debugf("Type with identifier [%s] and dn [%s] successfully added to LDAP store.", lDAPObject.getUuid(), lDAPDn);
        }
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public void update(LDAPObject lDAPObject) {
        NamingEnumeration<Attribute> all = extractAttributes(lDAPObject, false).getAll();
        String lDAPDn = lDAPObject.getDn().toString();
        this.operationManager.modifyAttributes(lDAPDn, all);
        if (logger.isDebugEnabled()) {
            logger.debugf("Type with identifier [%s] and DN [%s] successfully updated to LDAP store.", lDAPObject.getUuid(), lDAPDn);
        }
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public void remove(LDAPObject lDAPObject) {
        this.operationManager.removeEntry(lDAPObject.getDn().toString());
        if (logger.isDebugEnabled()) {
            logger.debugf("Type with identifier [%s] and DN [%s] successfully removed from LDAP store.", lDAPObject.getUuid(), lDAPObject.getDn().toString());
        }
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public List<LDAPObject> fetchQueryResults(LDAPQuery lDAPQuery) {
        if (lDAPQuery.getSorting() != null && !lDAPQuery.getSorting().isEmpty()) {
            throw new ModelException("LDAP Identity Store does not yet support sorted queries.");
        }
        ArrayList arrayList = new ArrayList();
        try {
            String searchDn = lDAPQuery.getSearchDn();
            for (Condition condition : lDAPQuery.getConditions()) {
                String uuidLDAPAttributeName = getConfig().getUuidLDAPAttributeName();
                if (condition instanceof EqualCondition) {
                    EqualCondition equalCondition = (EqualCondition) condition;
                    if (equalCondition.getParameterName().equalsIgnoreCase(uuidLDAPAttributeName)) {
                        SearchResult lookupById = this.operationManager.lookupById(searchDn, equalCondition.getValue().toString(), lDAPQuery.getReturningLdapAttributes());
                        if (lookupById != null) {
                            arrayList.add(populateAttributedType(lookupById, lDAPQuery));
                        }
                        return arrayList;
                    }
                }
            }
            StringBuilder createIdentityTypeSearchFilter = createIdentityTypeSearchFilter(lDAPQuery);
            for (SearchResult searchResult : (!getConfig().isPagination() || lDAPQuery.getLimit() <= 0) ? this.operationManager.search(searchDn, createIdentityTypeSearchFilter.toString(), lDAPQuery.getReturningLdapAttributes(), lDAPQuery.getSearchScope()) : this.operationManager.searchPaginated(searchDn, createIdentityTypeSearchFilter.toString(), lDAPQuery)) {
                if (!searchResult.getNameInNamespace().equalsIgnoreCase(searchDn)) {
                    arrayList.add(populateAttributedType(searchResult, lDAPQuery));
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new ModelException("Querying of LDAP failed " + lDAPQuery, e);
        }
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public int countQueryResults(LDAPQuery lDAPQuery) {
        int limit = lDAPQuery.getLimit();
        int offset = lDAPQuery.getOffset();
        lDAPQuery.setLimit(0);
        lDAPQuery.setOffset(0);
        int size = lDAPQuery.getResultList().size();
        lDAPQuery.setLimit(limit);
        lDAPQuery.setOffset(offset);
        return size;
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public void validatePassword(LDAPObject lDAPObject, String str) throws AuthenticationException {
        String lDAPDn = lDAPObject.getDn().toString();
        if (logger.isTraceEnabled()) {
            logger.tracef("Using DN [%s] for authentication of user", lDAPDn);
        }
        this.operationManager.authenticate(lDAPDn, str);
    }

    @Override // org.keycloak.federation.ldap.idm.store.IdentityStore
    public void updatePassword(LDAPObject lDAPObject, String str) {
        String lDAPDn = lDAPObject.getDn().toString();
        if (logger.isDebugEnabled()) {
            logger.debugf("Using DN [%s] for updating LDAP password of user", lDAPDn);
        }
        if (getConfig().isActiveDirectory()) {
            updateADPassword(lDAPDn, str);
            return;
        }
        ModificationItem[] modificationItemArr = new ModificationItem[1];
        try {
            Attribute basicAttribute = new BasicAttribute("userpassword", str);
            modificationItemArr[0] = new ModificationItem(2, basicAttribute);
            this.operationManager.modifyAttribute(lDAPDn, basicAttribute);
        } catch (Exception e) {
            throw new ModelException("Error updating password.", e);
        } catch (ModelException e2) {
            throw e2;
        }
    }

    private void updateADPassword(String str, String str2) {
        try {
            BasicAttribute basicAttribute = new BasicAttribute("unicodePwd", ("\"" + str2 + "\"").getBytes("UTF-16LE"));
            ArrayList arrayList = new ArrayList();
            arrayList.add(new ModificationItem(2, basicAttribute));
            this.operationManager.modifyAttributes(str, (ModificationItem[]) arrayList.toArray(new ModificationItem[0]));
        } catch (Exception e) {
            throw new ModelException(e);
        } catch (ModelException e2) {
            throw e2;
        }
    }

    protected StringBuilder createIdentityTypeSearchFilter(LDAPQuery lDAPQuery) {
        StringBuilder sb = new StringBuilder();
        Iterator<Condition> it = lDAPQuery.getConditions().iterator();
        while (it.hasNext()) {
            it.next().applyCondition(sb);
        }
        sb.insert(0, "(&");
        sb.append((CharSequence) getObjectClassesFilter(lDAPQuery.getObjectClasses()));
        sb.append(")");
        if (logger.isTraceEnabled()) {
            logger.tracef("Using filter for LDAP search: %s . Searching in DN: %s", sb, lDAPQuery.getSearchDn());
        }
        return sb;
    }

    private StringBuilder getObjectClassesFilter(Collection<String> collection) {
        StringBuilder sb = new StringBuilder();
        if (collection.isEmpty()) {
            sb.append("(").append("objectclass").append("=").append("*").append(")");
        } else {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                sb.append("(").append("objectclass").append("=").append(it.next()).append(")");
            }
        }
        return sb;
    }

    private LDAPObject populateAttributedType(SearchResult searchResult, LDAPQuery lDAPQuery) {
        Set<String> returningReadOnlyLdapAttributes = lDAPQuery.getReturningReadOnlyLdapAttributes();
        TreeSet treeSet = new TreeSet();
        Iterator<String> it = lDAPQuery.getReturningLdapAttributes().iterator();
        while (it.hasNext()) {
            treeSet.add(it.next().toLowerCase());
        }
        try {
            String nameInNamespace = searchResult.getNameInNamespace();
            Attributes attributes = searchResult.getAttributes();
            LDAPObject lDAPObject = new LDAPObject();
            LDAPDn fromString = LDAPDn.fromString(nameInNamespace);
            lDAPObject.setDn(fromString);
            lDAPObject.setRdnAttributeName(fromString.getFirstRdnAttrName());
            NamingEnumeration all = attributes.getAll();
            while (all.hasMore()) {
                Attribute attribute = (Attribute) all.next();
                try {
                    attribute.get();
                    String id = attribute.getID();
                    if (id.equalsIgnoreCase(getConfig().getUuidLDAPAttributeName())) {
                        lDAPObject.setUuid(this.operationManager.decodeEntryUUID(attribute.get()));
                    }
                    if (!id.equalsIgnoreCase(getConfig().getUuidLDAPAttributeName()) || treeSet.contains(id.toLowerCase())) {
                        LinkedHashSet linkedHashSet = new LinkedHashSet();
                        NamingEnumeration all2 = attribute.getAll();
                        while (all2.hasMoreElements()) {
                            linkedHashSet.add(all2.next().toString().trim());
                        }
                        if (id.equalsIgnoreCase("objectclass")) {
                            lDAPObject.setObjectClasses(linkedHashSet);
                        } else {
                            lDAPObject.setAttribute(id, linkedHashSet);
                            if (returningReadOnlyLdapAttributes.contains(id.toLowerCase())) {
                                lDAPObject.addReadOnlyAttributeName(id);
                            }
                        }
                    }
                } catch (NoSuchElementException e) {
                }
            }
            if (logger.isTraceEnabled()) {
                logger.tracef("Found ldap object and populated with the attributes. LDAP Object: %s", lDAPObject.toString());
            }
            return lDAPObject;
        } catch (Exception e2) {
            throw new ModelException("Could not populate attribute type " + searchResult.getNameInNamespace() + ".", e2);
        }
    }

    protected BasicAttributes extractAttributes(LDAPObject lDAPObject, boolean z) {
        BasicAttributes basicAttributes = new BasicAttributes();
        for (Map.Entry<String, Set<String>> entry : lDAPObject.getAttributes().entrySet()) {
            String key = entry.getKey();
            Set<String> value = entry.getValue();
            if (!lDAPObject.getReadOnlyAttributeNames().contains(key.toLowerCase()) && (z || !lDAPObject.getRdnAttributeName().equalsIgnoreCase(key))) {
                if (value == null) {
                    logger.warnf("Attribute '%s' is null on LDAP object '%s' . Using empty value to be saved to LDAP", key, lDAPObject.getDn().toString());
                    value = Collections.emptySet();
                }
                if (!z || !value.isEmpty()) {
                    BasicAttribute basicAttribute = new BasicAttribute(key);
                    for (String str : value) {
                        if (str == null || str.toString().trim().length() == 0) {
                            str = " ";
                        }
                        basicAttribute.add(str);
                    }
                    basicAttributes.put(basicAttribute);
                }
            }
        }
        if (z) {
            BasicAttribute basicAttribute2 = new BasicAttribute("objectclass");
            for (String str2 : lDAPObject.getObjectClasses()) {
                basicAttribute2.add(str2);
                if (str2.equalsIgnoreCase("groupOfNames") || str2.equalsIgnoreCase("groupOfEntries") || str2.equalsIgnoreCase("groupOfUniqueNames")) {
                    basicAttributes.put("member", "cn=empty-membership-placeholder");
                }
            }
            basicAttributes.put(basicAttribute2);
        }
        return basicAttributes;
    }

    protected String getEntryIdentifier(LDAPObject lDAPObject) {
        try {
            Attribute attribute = this.operationManager.search(lDAPObject.getDn().toString(), "(" + lDAPObject.getDn().getFirstRdn() + ")", Arrays.asList(getConfig().getUuidLDAPAttributeName()), 0).get(0).getAttributes().get(getConfig().getUuidLDAPAttributeName());
            if (attribute == null) {
                throw new ModelException("Could not retrieve identifier for entry [" + lDAPObject.getDn().toString() + "].");
            }
            return this.operationManager.decodeEntryUUID(attribute.get());
        } catch (NamingException e) {
            throw new ModelException("Could not retrieve identifier for entry [" + lDAPObject.getDn().toString() + "].");
        }
    }
}
