package org.keycloak.picketlink.idm;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Date;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import org.picketlink.idm.IDMLog;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.ldap.internal.LDAPIdentityStore;
import org.picketlink.idm.ldap.internal.LDAPOperationManager;
import org.picketlink.idm.ldap.internal.LDAPPlainTextPasswordCredentialHandler;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.basic.BasicModel;
import org.picketlink.idm.model.basic.User;
import org.picketlink.idm.spi.IdentityContext;

/* loaded from: input_file:org/keycloak/picketlink/idm/LDAPKeycloakCredentialHandler.class */
public class LDAPKeycloakCredentialHandler extends LDAPPlainTextPasswordCredentialHandler {
    private static Method GET_BINDING_DN_METHOD = getMethodOnLDAPStore("getBindingDN", AttributedType.class);
    private static Method GET_OPERATION_MANAGER_METHOD = getMethodOnLDAPStore("getOperationManager", new Class[0]);
    private String userAccountControlAfterPasswordUpdate;

    public void setup(LDAPIdentityStore lDAPIdentityStore) {
        if (lDAPIdentityStore.getConfig().isActiveDirectory() || Boolean.getBoolean("keycloak.ldap.ad.skipUserAccountControlAfterPasswordUpdate")) {
            String property = System.getProperty("keycloak.ldap.ad.userAccountControlAfterPasswordUpdate");
            this.userAccountControlAfterPasswordUpdate = property != null ? property : "512";
            IDMLog.CREDENTIAL_LOGGER.info("Will use userAccountControl=" + this.userAccountControlAfterPasswordUpdate + " after password update of user in Active Directory");
        }
    }

    protected Account getAccount(IdentityContext identityContext, String str) {
        IdentityManager identityManager = getIdentityManager(identityContext);
        if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Trying to find account [%s] using default account type [%s]", str, User.class);
        }
        return BasicModel.getUser(identityManager, str);
    }

    public void update(IdentityContext identityContext, Account account, Password password, LDAPIdentityStore lDAPIdentityStore, Date date, Date date2) {
        super.update(identityContext, account, password, lDAPIdentityStore, date, date2);
        if (this.userAccountControlAfterPasswordUpdate != null) {
            BasicAttribute basicAttribute = new BasicAttribute("userAccountControl", this.userAccountControlAfterPasswordUpdate);
            new ModificationItem[1][0] = new ModificationItem(2, basicAttribute);
            try {
                ((LDAPOperationManager) GET_OPERATION_MANAGER_METHOD.invoke(lDAPIdentityStore, new Object[0])).modifyAttribute((String) GET_BINDING_DN_METHOD.invoke(lDAPIdentityStore, account), basicAttribute);
            } catch (IllegalAccessException e) {
                throw new RuntimeException(e);
            } catch (InvocationTargetException e2) {
                throw new RuntimeException(e2.getTargetException() != null ? e2.getTargetException() : e2);
            }
        }
    }

    private static Method getMethodOnLDAPStore(String str, Class... clsArr) {
        try {
            Method declaredMethod = LDAPIdentityStore.class.getDeclaredMethod(str, clsArr);
            declaredMethod.setAccessible(true);
            return declaredMethod;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
