package org.keycloak.federation.ldap;

import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderFactory;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.picketlink.PartitionManagerProvider;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.basic.User;
import org.picketlink.idm.query.Condition;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.query.IdentityQueryBuilder;

/* loaded from: input_file:org/keycloak/federation/ldap/LDAPFederationProviderFactory.class */
public class LDAPFederationProviderFactory implements UserFederationProviderFactory {
    private static final Logger logger = Logger.getLogger(LDAPFederationProviderFactory.class);
    public static final String PROVIDER_NAME = "ldap";

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public UserFederationProvider m4create(KeycloakSession keycloakSession) {
        throw new IllegalAccessError("Illegal to call this method");
    }

    /* renamed from: getInstance, reason: merged with bridge method [inline-methods] */
    public LDAPFederationProvider m3getInstance(KeycloakSession keycloakSession, UserFederationProviderModel userFederationProviderModel) {
        return new LDAPFederationProvider(this, keycloakSession, userFederationProviderModel, keycloakSession.getProvider(PartitionManagerProvider.class).getPartitionManager(userFederationProviderModel));
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public String getId() {
        return PROVIDER_NAME;
    }

    public Set<String> getConfigurationOptions() {
        return Collections.emptySet();
    }

    public void syncAllUsers(KeycloakSessionFactory keycloakSessionFactory, String str, UserFederationProviderModel userFederationProviderModel) {
        logger.infof("Sync all users from LDAP to local store: realm: %s, federation provider: %s, current time: " + new Date(), str, userFederationProviderModel.getDisplayName());
        syncImpl(keycloakSessionFactory, keycloakSessionFactory.create().getProvider(PartitionManagerProvider.class).getPartitionManager(userFederationProviderModel).createIdentityManager().createIdentityQuery(User.class), str, userFederationProviderModel);
    }

    public void syncChangedUsers(KeycloakSessionFactory keycloakSessionFactory, String str, UserFederationProviderModel userFederationProviderModel, Date date) {
        logger.infof("Sync changed users from LDAP to local store: realm: %s, federation provider: %s, current time: " + new Date() + ", last sync time: " + date, str, userFederationProviderModel.getDisplayName());
        IdentityManager createIdentityManager = keycloakSessionFactory.create().getProvider(PartitionManagerProvider.class).getPartitionManager(userFederationProviderModel).createIdentityManager();
        IdentityQueryBuilder queryBuilder = createIdentityManager.getQueryBuilder();
        syncImpl(keycloakSessionFactory, queryBuilder.createIdentityQuery(User.class).where(new Condition[]{queryBuilder.greaterThanOrEqualTo(IdentityType.CREATED_DATE, date)}), str, userFederationProviderModel);
        IdentityQueryBuilder queryBuilder2 = createIdentityManager.getQueryBuilder();
        syncImpl(keycloakSessionFactory, queryBuilder2.createIdentityQuery(User.class).where(new Condition[]{queryBuilder2.greaterThanOrEqualTo(LDAPUtils.MODIFY_DATE, date)}), str, userFederationProviderModel);
    }

    protected void syncImpl(KeycloakSessionFactory keycloakSessionFactory, IdentityQuery<User> identityQuery, final String str, final UserFederationProviderModel userFederationProviderModel) {
        if (!Boolean.parseBoolean((String) userFederationProviderModel.getConfig().get("pagination"))) {
            final List resultList = identityQuery.getResultList();
            KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.federation.ldap.LDAPFederationProviderFactory.2
                public void run(KeycloakSession keycloakSession) {
                    LDAPFederationProviderFactory.this.importPicketlinkUsers(keycloakSession, str, userFederationProviderModel, resultList);
                }
            });
            return;
        }
        String str2 = (String) userFederationProviderModel.getConfig().get("batchSizeForSync");
        int parseInt = str2 != null ? Integer.parseInt(str2) : 1000;
        boolean z = true;
        while (z) {
            identityQuery.setLimit(parseInt);
            final List resultList2 = identityQuery.getResultList();
            z = identityQuery.getPaginationContext() != null;
            KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.federation.ldap.LDAPFederationProviderFactory.1
                public void run(KeycloakSession keycloakSession) {
                    LDAPFederationProviderFactory.this.importPicketlinkUsers(keycloakSession, str, userFederationProviderModel, resultList2);
                }
            });
        }
    }

    protected void importPicketlinkUsers(KeycloakSession keycloakSession, String str, UserFederationProviderModel userFederationProviderModel, List<User> list) {
        m3getInstance(keycloakSession, userFederationProviderModel).importPicketlinkUsers(keycloakSession.realms().getRealm(str), list, userFederationProviderModel);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SPNEGOAuthenticator createSPNEGOAuthenticator(String str, CommonKerberosConfig commonKerberosConfig) {
        return new SPNEGOAuthenticator(commonKerberosConfig, createKerberosSubjectAuthenticator(commonKerberosConfig), str);
    }

    protected KerberosServerSubjectAuthenticator createKerberosSubjectAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        return new KerberosServerSubjectAuthenticator(commonKerberosConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KerberosUsernamePasswordAuthenticator createKerberosUsernamePasswordAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        return new KerberosUsernamePasswordAuthenticator(commonKerberosConfig);
    }
}
