package org.keycloak.storage.ldap.mappers;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.UserModelDelegate;
import org.keycloak.models.utils.reflection.Property;
import org.keycloak.models.utils.reflection.PropertyCriteria;
import org.keycloak.models.utils.reflection.PropertyQueries;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.Condition;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;

/* loaded from: input_file:org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.class */
public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper {
    private static final Logger logger = Logger.getLogger(UserAttributeLDAPStorageMapper.class);
    private static final Map<String, Property<Object>> userModelProperties;
    public static final String USER_MODEL_ATTRIBUTE = "user.model.attribute";
    public static final String LDAP_ATTRIBUTE = "ldap.attribute";
    public static final String READ_ONLY = "read.only";
    public static final String ALWAYS_READ_VALUE_FROM_LDAP = "always.read.value.from.ldap";
    public static final String IS_MANDATORY_IN_LDAP = "is.mandatory.in.ldap";
    public static final String IS_BINARY_ATTRIBUTE = "is.binary.attribute";

    public UserAttributeLDAPStorageMapper(ComponentModel componentModel, LDAPStorageProvider lDAPStorageProvider) {
        super(componentModel, lDAPStorageProvider);
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public void onImportUserFromLDAP(LDAPObject lDAPObject, UserModel userModel, RealmModel realmModel, boolean z) {
        String str = (String) this.mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
        String str2 = (String) this.mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
        if (this.mapperModel.get(IS_BINARY_ATTRIBUTE, false)) {
            return;
        }
        Property<Object> property = userModelProperties.get(str.toLowerCase());
        if (property != null) {
            String attributeAsString = lDAPObject.getAttributeAsString(str2);
            checkDuplicateEmail(str, attributeAsString, realmModel, this.ldapProvider.getSession(), userModel);
            setPropertyOnUserModel(property, userModel, attributeAsString);
        } else {
            Set<String> attributeAsSet = lDAPObject.getAttributeAsSet(str2);
            if (attributeAsSet != null) {
                userModel.setAttribute(str, new ArrayList(attributeAsSet));
            } else {
                userModel.removeAttribute(str);
            }
        }
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public void onRegisterUserToLDAP(LDAPObject lDAPObject, UserModel userModel, RealmModel realmModel) {
        String str = (String) this.mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
        String str2 = (String) this.mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
        boolean parseBooleanParameter = parseBooleanParameter(this.mapperModel, IS_MANDATORY_IN_LDAP);
        Property<Object> property = userModelProperties.get(str.toLowerCase());
        if (property != null) {
            Object value = property.getValue(userModel);
            if (value != null) {
                lDAPObject.setSingleAttribute(str2, value.toString());
            } else if (parseBooleanParameter) {
                lDAPObject.setSingleAttribute(str2, " ");
            } else {
                lDAPObject.setAttribute(str2, new LinkedHashSet());
            }
        } else {
            List attribute = userModel.getAttribute(str);
            if (attribute.size() != 0) {
                lDAPObject.setAttribute(str2, new LinkedHashSet(attribute));
            } else if (parseBooleanParameter) {
                lDAPObject.setSingleAttribute(str2, " ");
            } else {
                lDAPObject.setAttribute(str2, new LinkedHashSet());
            }
        }
        if (isReadOnly()) {
            lDAPObject.addReadOnlyAttributeName(str2);
        }
    }

    protected void checkDuplicateEmail(String str, String str2, RealmModel realmModel, KeycloakSession keycloakSession, UserModel userModel) {
        String lowerCaseSafe;
        UserModel userByEmail;
        if (str2 == null || realmModel.isDuplicateEmailsAllowed() || !"email".equalsIgnoreCase(str) || (userByEmail = keycloakSession.userLocalStorage().getUserByEmail((lowerCaseSafe = KeycloakModelUtils.toLowerCaseSafe(str2)), realmModel)) == null || userByEmail.getId().equals(userModel.getId())) {
            return;
        }
        keycloakSession.getTransactionManager().setRollbackOnly();
        throw new ModelDuplicateException(String.format("Can't import user '%s' from LDAP because email '%s' already exists in Keycloak. Existing user with this email is '%s'", userModel.getUsername(), lowerCaseSafe, userByEmail.getUsername()), "email");
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public UserModel proxy(final LDAPObject lDAPObject, UserModel userModel, final RealmModel realmModel) {
        final String str = (String) this.mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
        final String str2 = (String) this.mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
        boolean parseBooleanParameter = parseBooleanParameter(this.mapperModel, ALWAYS_READ_VALUE_FROM_LDAP);
        final boolean parseBooleanParameter2 = parseBooleanParameter(this.mapperModel, IS_MANDATORY_IN_LDAP);
        final boolean parseBooleanParameter3 = parseBooleanParameter(this.mapperModel, IS_BINARY_ATTRIBUTE);
        if (this.ldapProvider.getEditMode() == UserStorageProvider.EditMode.WRITABLE && !isReadOnly()) {
            userModel = new TxAwareLDAPUserModelDelegate(userModel, this.ldapProvider, lDAPObject) { // from class: org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.2
                public void setSingleAttribute(String str3, String str4) {
                    if (setLDAPAttribute(str3, str4)) {
                        super.setSingleAttribute(str3, str4);
                    }
                }

                public void setAttribute(String str3, List<String> list) {
                    if (setLDAPAttribute(str3, list)) {
                        super.setAttribute(str3, list);
                    }
                }

                public void removeAttribute(String str3) {
                    if (setLDAPAttribute(str3, null)) {
                        super.removeAttribute(str3);
                    }
                }

                public void setEmail(String str3) {
                    UserAttributeLDAPStorageMapper.this.checkDuplicateEmail(str, str3, realmModel, UserAttributeLDAPStorageMapper.this.ldapProvider.getSession(), this);
                    setLDAPAttribute("email", str3);
                    super.setEmail(str3);
                }

                public void setLastName(String str3) {
                    setLDAPAttribute("lastName", str3);
                    super.setLastName(str3);
                }

                public void setFirstName(String str3) {
                    setLDAPAttribute("firstName", str3);
                    super.setFirstName(str3);
                }

                protected boolean setLDAPAttribute(String str3, Object obj) {
                    if (!str3.equalsIgnoreCase(str)) {
                        return true;
                    }
                    if (UserAttributeLDAPStorageMapper.logger.isTraceEnabled()) {
                        UserAttributeLDAPStorageMapper.logger.tracef("Pushing user attribute to LDAP. username: %s, Model attribute name: %s, LDAP attribute name: %s, Attribute value: %s", new Object[]{getUsername(), str3, str2, obj});
                    }
                    ensureTransactionStarted();
                    if (obj == null) {
                        if (parseBooleanParameter2) {
                            this.ldapUser.setSingleAttribute(str2, " ");
                        } else {
                            this.ldapUser.setAttribute(str2, new LinkedHashSet());
                        }
                    } else if (obj instanceof String) {
                        this.ldapUser.setSingleAttribute(str2, (String) obj);
                    } else {
                        List list = (List) obj;
                        if (list.isEmpty() && parseBooleanParameter2) {
                            this.ldapUser.setSingleAttribute(str2, " ");
                        } else {
                            this.ldapUser.setAttribute(str2, new LinkedHashSet(list));
                        }
                    }
                    if (!parseBooleanParameter3) {
                        return true;
                    }
                    UserAttributeLDAPStorageMapper.logger.debugf("Skip writing model attribute '%s' to DB for user '%s' as it is mapped to binary LDAP attribute.", str, getUsername());
                    return false;
                }
            };
        } else if (parseBooleanParameter3) {
            userModel = new UserModelDelegate(userModel) { // from class: org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.3
                public void setSingleAttribute(String str3, String str4) {
                    if (str3.equalsIgnoreCase(str)) {
                        logSkipDBWrite();
                    } else {
                        super.setSingleAttribute(str3, str4);
                    }
                }

                public void setAttribute(String str3, List<String> list) {
                    if (str3.equalsIgnoreCase(str)) {
                        logSkipDBWrite();
                    } else {
                        super.setAttribute(str3, list);
                    }
                }

                public void removeAttribute(String str3) {
                    if (str3.equalsIgnoreCase(str)) {
                        logSkipDBWrite();
                    } else {
                        super.removeAttribute(str3);
                    }
                }

                private void logSkipDBWrite() {
                    UserAttributeLDAPStorageMapper.logger.debugf("Skip writing model attribute '%s' to DB for user '%s' as it is mapped to binary LDAP attribute", str, getUsername());
                }
            };
        }
        if (parseBooleanParameter) {
            userModel = new UserModelDelegate(userModel) { // from class: org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.4
                public String getFirstAttribute(String str3) {
                    return str3.equalsIgnoreCase(str) ? lDAPObject.getAttributeAsString(str2) : super.getFirstAttribute(str3);
                }

                public List<String> getAttribute(String str3) {
                    if (!str3.equalsIgnoreCase(str)) {
                        return super.getAttribute(str3);
                    }
                    Set<String> attributeAsSet = lDAPObject.getAttributeAsSet(str2);
                    return attributeAsSet == null ? Collections.emptyList() : new ArrayList(attributeAsSet);
                }

                public Map<String, List<String>> getAttributes() {
                    HashMap hashMap = new HashMap(super.getAttributes());
                    if (UserAttributeLDAPStorageMapper.userModelProperties.get(str.toLowerCase()) != null) {
                        return hashMap;
                    }
                    Set<String> attributeAsSet = lDAPObject.getAttributeAsSet(str2);
                    if (attributeAsSet != null) {
                        hashMap.put(str, new ArrayList(attributeAsSet));
                    }
                    return hashMap;
                }

                public String getEmail() {
                    return "email".equalsIgnoreCase(str) ? lDAPObject.getAttributeAsString(str2) : super.getEmail();
                }

                public String getLastName() {
                    return "lastName".equalsIgnoreCase(str) ? lDAPObject.getAttributeAsString(str2) : super.getLastName();
                }

                public String getFirstName() {
                    return "firstName".equalsIgnoreCase(str) ? lDAPObject.getAttributeAsString(str2) : super.getFirstName();
                }
            };
        }
        return userModel;
    }

    @Override // org.keycloak.storage.ldap.mappers.LDAPStorageMapper
    public void beforeLDAPQuery(LDAPQuery lDAPQuery) {
        String str = (String) this.mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
        String str2 = (String) this.mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
        lDAPQuery.addReturningLdapAttribute(str2);
        if (isReadOnly()) {
            lDAPQuery.addReturningReadOnlyLdapAttribute(str2);
        }
        Iterator<Condition> it = lDAPQuery.getConditions().iterator();
        while (it.hasNext()) {
            it.next().updateParameterName(str, str2);
        }
    }

    private boolean isReadOnly() {
        return parseBooleanParameter(this.mapperModel, "read.only");
    }

    protected void setPropertyOnUserModel(Property<Object> property, UserModel userModel, String str) {
        if (str == null) {
            property.setValue(userModel, (Object) null);
            return;
        }
        Class javaClass = property.getJavaClass();
        if (String.class.equals(javaClass)) {
            property.setValue(userModel, str);
        } else if (Boolean.class.equals(javaClass) || Boolean.TYPE.equals(javaClass)) {
            property.setValue(userModel, Boolean.valueOf(str));
        } else {
            logger.warnf("Don't know how to set the property '%s' on user '%s' . Value of LDAP attribute is '%s' ", property.getName(), userModel.getUsername(), str.toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    static {
        Map resultList = PropertyQueries.createQuery(UserModel.class).addCriteria(new PropertyCriteria() { // from class: org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper.1
            public boolean methodMatches(Method method) {
                return !(method.getName().startsWith("get") || method.getName().startsWith("is")) || method.getParameterTypes().length <= 0;
            }
        }).getResultList();
        userModelProperties = new HashMap();
        for (Map.Entry entry : resultList.entrySet()) {
            userModelProperties.put(((String) entry.getKey()).toLowerCase(), entry.getValue());
        }
    }
}
