package org.keycloak.storage.ldap.mappers;

import java.util.List;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.LDAPStorageProvider;

/* loaded from: input_file:org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapperFactory.class */
public class UserAttributeLDAPStorageMapperFactory extends AbstractLDAPStorageMapperFactory implements LDAPConfigDecorator {
    public static final String PROVIDER_ID = "user-attribute-ldap-mapper";
    protected static final List<ProviderConfigProperty> configProperties = getConfigProps(null);

    private static List<ProviderConfigProperty> getConfigProps(ComponentModel componentModel) {
        String str = "false";
        if (componentModel != null) {
            str = new LDAPConfig(componentModel.getConfig()).getEditMode() == UserStorageProvider.EditMode.WRITABLE ? "false" : "true";
        }
        return ProviderConfigurationBuilder.create().property().name(UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE).label("User Model Attribute").helpText("Name of mapped UserModel property or UserModel attribute in Keycloak DB. For example 'firstName', 'lastName, 'email', 'street' etc.").type("String").add().property().name(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE).label("LDAP Attribute").helpText("Name of mapped attribute on LDAP object. For example 'cn', 'sn, 'mail', 'street' etc.").type("String").add().property().name("read.only").label("Read Only").helpText("Read-only attribute is imported from LDAP to Keycloak DB, but it's not saved back to LDAP when user is updated in Keycloak.").type("boolean").defaultValue(str).add().property().name(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP).label("Always Read Value From LDAP").helpText("If on, then during reading of the user will be value of attribute from LDAP always used instead of the value from Keycloak DB").type("boolean").defaultValue("false").add().property().name(UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP).label("Is Mandatory In LDAP").helpText("If true, attribute is mandatory in LDAP. Hence if there is no value in Keycloak DB, the empty value will be set to be propagated to LDAP").type("boolean").defaultValue("false").add().property().name(UserAttributeLDAPStorageMapper.IS_BINARY_ATTRIBUTE).label("Is Binary Attribute").helpText("Should be true for binary LDAP attributes").type("boolean").defaultValue("false").add().build();
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapperFactory
    public String getHelpText() {
        return "Used to map single attribute from LDAP user to attribute of UserModel in Keycloak DB";
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapperFactory
    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapperFactory
    public String getId() {
        return PROVIDER_ID;
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapperFactory
    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        checkMandatoryConfigAttribute(UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "User Model Attribute", componentModel);
        checkMandatoryConfigAttribute(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, "LDAP Attribute", componentModel);
        boolean z = componentModel.get(UserAttributeLDAPStorageMapper.IS_BINARY_ATTRIBUTE, false);
        boolean z2 = componentModel.get(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, false);
        if (z && !z2) {
            throw new ComponentValidationException("With Binary attribute enabled, the ''Always read value from LDAP'' must be enabled too", new Object[0]);
        }
    }

    @Override // org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapperFactory
    protected AbstractLDAPStorageMapper createMapper(ComponentModel componentModel, LDAPStorageProvider lDAPStorageProvider) {
        return new UserAttributeLDAPStorageMapper(componentModel, lDAPStorageProvider);
    }

    public List<ProviderConfigProperty> getConfigProperties(RealmModel realmModel, ComponentModel componentModel) {
        return getConfigProps(componentModel);
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPConfigDecorator
    public void updateLDAPConfig(LDAPConfig lDAPConfig, ComponentModel componentModel) {
        if (componentModel.get(UserAttributeLDAPStorageMapper.IS_BINARY_ATTRIBUTE, false)) {
            lDAPConfig.addBinaryAttribute((String) componentModel.getConfig().getFirst(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE));
        }
    }
}
