package org.keycloak.models.map.storage.ldap.store;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.TreeSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.AttributeInUseException;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.ModificationItem;
import javax.naming.directory.NoSuchAttributeException;
import javax.naming.directory.SchemaViolationException;
import javax.naming.directory.SearchResult;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.map.storage.ldap.config.LdapMapConfig;
import org.keycloak.models.map.storage.ldap.model.LdapMapDn;
import org.keycloak.models.map.storage.ldap.model.LdapMapObject;
import org.keycloak.models.map.storage.ldap.model.LdapMapQuery;
import org.keycloak.representations.idm.LDAPCapabilityRepresentation;

/* loaded from: input_file:org/keycloak/models/map/storage/ldap/store/LdapMapIdentityStore.class */
public class LdapMapIdentityStore implements AutoCloseable {
    private static final Logger logger = Logger.getLogger(LdapMapIdentityStore.class);
    private static final Pattern rangePattern = Pattern.compile("([^;]+);range=([0-9]+)-([0-9]+|\\*)");
    private final LdapMapConfig config;
    private final LdapMapOperationManager operationManager;

    public LdapMapIdentityStore(KeycloakSession keycloakSession, LdapMapConfig ldapMapConfig) {
        this.config = ldapMapConfig;
        this.operationManager = new LdapMapOperationManager(keycloakSession, ldapMapConfig);
    }

    public LdapMapConfig getConfig() {
        return this.config;
    }

    public void add(LdapMapObject ldapMapObject) {
        if (ldapMapObject.getId() != null) {
            throw new ModelException("Can't add object with already assigned uuid");
        }
        String ldapMapDn = ldapMapObject.getDn().toString();
        this.operationManager.createSubContext(ldapMapDn, extractAttributesForSaving(ldapMapObject, true));
        ldapMapObject.setId(getEntryIdentifier(ldapMapObject));
        if (logger.isDebugEnabled()) {
            logger.debugf("Type with identifier [%s] and dn [%s] successfully added to LDAP store.", ldapMapObject.getId(), ldapMapDn);
        }
    }

    public void addMemberToGroup(String str, String str2, String str3) {
        try {
            this.operationManager.modifyAttributesNaming(str, new ModificationItem[]{new ModificationItem(1, new BasicAttribute(str2, str3))}, null);
        } catch (AttributeInUseException e) {
            logger.debugf("Group %s already contains the member %s", str, str3);
        } catch (NamingException e2) {
            throw new ModelException("Could not modify attribute for DN [" + str + "]", e2);
        }
    }

    public void removeMemberFromGroup(String str, String str2, String str3) {
        ModificationItem modificationItem = new ModificationItem(3, new BasicAttribute(str2, str3));
        try {
            this.operationManager.modifyAttributesNaming(str, new ModificationItem[]{modificationItem}, null);
        } catch (SchemaViolationException e) {
            logger.infof("Schema violation in group %s removing member %s. Trying adding empty member attribute.", str, str3);
            try {
                this.operationManager.modifyAttributesNaming(str, new ModificationItem[]{modificationItem, new ModificationItem(1, new BasicAttribute(str2, "cn=empty-membership-placeholder"))}, null);
            } catch (NamingException e2) {
                throw new ModelException("Could not modify attribute for DN [" + str + "]", e2);
            }
        } catch (NamingException e3) {
            throw new ModelException("Could not modify attribute for DN [" + str + "]", e3);
        } catch (NoSuchAttributeException e4) {
            logger.debugf("Group %s does not contain the member %s", str, str3);
        }
    }

    public void update(LdapMapObject ldapMapObject) {
        checkRename(ldapMapObject);
        NamingEnumeration<Attribute> all = extractAttributesForSaving(ldapMapObject, false).getAll();
        String ldapMapDn = ldapMapObject.getDn().toString();
        this.operationManager.modifyAttributes(ldapMapDn, all);
        if (logger.isDebugEnabled()) {
            logger.debugf("Type with identifier [%s] and DN [%s] successfully updated to LDAP store.", ldapMapObject.getId(), ldapMapDn);
        }
    }

    protected void checkRename(LdapMapObject ldapMapObject) {
        String attributeAsString;
        LdapMapDn.RDN firstRdn = ldapMapObject.getDn().getFirstRdn();
        String ldapMapDn = ldapMapObject.getDn().toString();
        List<String> allKeys = firstRdn.getAllKeys();
        allKeys.retainAll(ldapMapObject.getRdnAttributeNames());
        List<String> allKeys2 = firstRdn.getAllKeys();
        allKeys2.removeAll(ldapMapObject.getRdnAttributeNames());
        ArrayList<String> arrayList = new ArrayList(ldapMapObject.getRdnAttributeNames());
        arrayList.removeAll(firstRdn.getAllKeys());
        boolean z = false;
        for (String str : allKeys) {
            if (!ldapMapObject.getReadOnlyAttributeNames().contains(str.toLowerCase()) && (attributeAsString = ldapMapObject.getAttributeAsString(str)) != null && !firstRdn.getAttrValue(str).equalsIgnoreCase(attributeAsString)) {
                z = true;
                firstRdn.setAttrValue(str, attributeAsString);
            }
        }
        for (String str2 : arrayList) {
            String attributeAsString2 = ldapMapObject.getAttributeAsString(str2);
            if (attributeAsString2 != null) {
                z = true;
                firstRdn.setAttrValue(str2, attributeAsString2);
            }
        }
        Iterator<String> it = allKeys2.iterator();
        while (it.hasNext()) {
            z |= firstRdn.removeAttrValue(it.next());
        }
        if (z) {
            LdapMapDn parentDn = ldapMapObject.getDn().getParentDn();
            parentDn.addFirst(firstRdn);
            String ldapMapDn2 = parentDn.toString();
            logger.debugf("Renaming LDAP Object. Old DN: [%s], New DN: [%s]", ldapMapDn, ldapMapDn2);
            ldapMapObject.setDn(LdapMapDn.fromString(this.operationManager.renameEntry(ldapMapDn, ldapMapDn2, true)));
        }
    }

    public void remove(LdapMapObject ldapMapObject) {
        this.operationManager.removeEntry(ldapMapObject.getDn().toString());
        if (logger.isDebugEnabled()) {
            logger.debugf("Type with identifier [%s] and DN [%s] successfully removed from LDAP store.", ldapMapObject.getId(), ldapMapObject.getDn().toString());
        }
    }

    public LdapMapObject fetchById(String str, LdapMapQuery ldapMapQuery) {
        SearchResult lookupById = this.operationManager.lookupById(ldapMapQuery.getSearchDn(), str, ldapMapQuery.getReturningLdapAttributes());
        if (lookupById != null) {
            return populateAttributedType(lookupById, ldapMapQuery);
        }
        return null;
    }

    public List<LdapMapObject> fetchQueryResults(LdapMapQuery ldapMapQuery) {
        ArrayList arrayList = new ArrayList();
        StringBuilder sb = null;
        try {
            String searchDn = ldapMapQuery.getSearchDn();
            sb = createIdentityTypeSearchFilter(ldapMapQuery);
            for (SearchResult searchResult : this.operationManager.search(searchDn, sb.toString(), ldapMapQuery.getReturningLdapAttributes(), ldapMapQuery.getSearchScope())) {
                if (ldapMapQuery.getSearchScope() != 2 || !searchResult.getNameInNamespace().equalsIgnoreCase(searchDn)) {
                    arrayList.add(populateAttributedType(searchResult, ldapMapQuery));
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new ModelException("Querying of LDAP failed " + ldapMapQuery + ", filter: " + ((Object) sb), e);
        }
    }

    public Set<LDAPCapabilityRepresentation> queryServerCapabilities() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        try {
            ArrayList<String> arrayList = new ArrayList();
            arrayList.add("supportedControl");
            arrayList.add("supportedExtension");
            arrayList.add("supportedFeatures");
            List<SearchResult> search = this.operationManager.search("", "(objectClass=*)", Collections.unmodifiableCollection(arrayList), 0);
            if (search.size() != 1) {
                throw new ModelException("Could not query root DSE: unexpected result size");
            }
            Attributes attributes = search.get(0).getAttributes();
            for (String str : arrayList) {
                Attribute attribute = attributes.get(str);
                if (null != attribute) {
                    LDAPCapabilityRepresentation.CapabilityType fromRootDseAttributeName = LDAPCapabilityRepresentation.CapabilityType.fromRootDseAttributeName(str);
                    NamingEnumeration all = attribute.getAll();
                    while (all.hasMoreElements()) {
                        LDAPCapabilityRepresentation lDAPCapabilityRepresentation = new LDAPCapabilityRepresentation(all.nextElement(), fromRootDseAttributeName);
                        logger.info("rootDSE query: " + lDAPCapabilityRepresentation);
                        linkedHashSet.add(lDAPCapabilityRepresentation);
                    }
                }
            }
            return linkedHashSet;
        } catch (NamingException e) {
            throw new ModelException("Failed to query root DSE: " + e.getMessage(), e);
        }
    }

    public void validatePassword(LdapMapObject ldapMapObject, String str) throws AuthenticationException {
        String ldapMapDn = ldapMapObject.getDn().toString();
        if (logger.isTraceEnabled()) {
            logger.tracef("Using DN [%s] for authentication of user", ldapMapDn);
        }
        this.operationManager.authenticate(ldapMapDn, str);
    }

    protected StringBuilder createIdentityTypeSearchFilter(LdapMapQuery ldapMapQuery) {
        StringBuilder sb = ldapMapQuery.getModelCriteriaBuilder().getPredicateFunc().get();
        sb.insert(0, "(&");
        sb.append((CharSequence) getObjectClassesFilter(ldapMapQuery.getObjectClasses()));
        sb.append(")");
        if (logger.isTraceEnabled()) {
            logger.tracef("Using filter for LDAP search: %s . Searching in DN: %s", sb, ldapMapQuery.getSearchDn());
        }
        return sb;
    }

    private StringBuilder getObjectClassesFilter(Collection<String> collection) {
        StringBuilder sb = new StringBuilder();
        if (collection.isEmpty()) {
            sb.append("(").append("objectclass").append("=").append("*").append(")");
        } else {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                sb.append("(").append("objectclass").append("=").append(it.next()).append(")");
            }
        }
        return sb;
    }

    private LdapMapObject populateAttributedType(SearchResult searchResult, LdapMapQuery ldapMapQuery) {
        Set<String> returningReadOnlyLdapAttributes = ldapMapQuery.getReturningReadOnlyLdapAttributes();
        TreeSet treeSet = new TreeSet();
        Iterator<String> it = ldapMapQuery.getReturningLdapAttributes().iterator();
        while (it.hasNext()) {
            treeSet.add(it.next().toLowerCase());
        }
        try {
            String nameInNamespace = searchResult.getNameInNamespace();
            Attributes attributes = searchResult.getAttributes();
            LdapMapObject ldapMapObject = new LdapMapObject();
            LdapMapDn fromString = LdapMapDn.fromString(nameInNamespace);
            ldapMapObject.setDn(fromString);
            ldapMapObject.setRdnAttributeNames(fromString.getFirstRdn().getAllKeys());
            NamingEnumeration all = attributes.getAll();
            while (all.hasMore()) {
                Attribute attribute = (Attribute) all.next();
                try {
                    attribute.get();
                    String id = attribute.getID();
                    Matcher matcher = rangePattern.matcher(id);
                    if (matcher.matches()) {
                        id = matcher.group(1);
                        if (!matcher.group(3).equals("*")) {
                            try {
                                ldapMapObject.addRangedAttribute(id, Integer.parseInt(matcher.group(3)));
                            } catch (NumberFormatException e) {
                                logger.warnf("Invalid ranged expresion for attribute: %s", matcher.group(0));
                            }
                        }
                    }
                    if (id.equalsIgnoreCase(getConfig().getUuidLDAPAttributeName())) {
                        ldapMapObject.setId(this.operationManager.decodeEntryUUID(attribute.get()));
                    }
                    if (!id.equalsIgnoreCase(getConfig().getUuidLDAPAttributeName()) || treeSet.contains(id.toLowerCase())) {
                        LinkedHashSet linkedHashSet = new LinkedHashSet();
                        NamingEnumeration all2 = attribute.getAll();
                        while (all2.hasMoreElements()) {
                            Object next = all2.next();
                            if (next instanceof byte[]) {
                                linkedHashSet.add(Base64.encodeBytes((byte[]) next));
                            } else {
                                linkedHashSet.add(next.toString().trim());
                            }
                        }
                        if (id.equalsIgnoreCase("objectclass")) {
                            ldapMapObject.setObjectClasses(linkedHashSet);
                        } else {
                            ldapMapObject.setAttribute(id, linkedHashSet);
                            if (returningReadOnlyLdapAttributes.contains(id.toLowerCase())) {
                                ldapMapObject.addReadOnlyAttributeName(id);
                            }
                        }
                    }
                } catch (NoSuchElementException e2) {
                }
            }
            if (logger.isTraceEnabled()) {
                logger.tracef("Found ldap object and populated with the attributes. LDAP Object: %s", ldapMapObject.toString());
            }
            return ldapMapObject;
        } catch (Exception e3) {
            throw new ModelException("Could not populate attribute type " + searchResult.getNameInNamespace() + ".", e3);
        }
    }

    protected BasicAttributes extractAttributesForSaving(LdapMapObject ldapMapObject, boolean z) {
        BasicAttributes basicAttributes = new BasicAttributes();
        Set set = (Set) ldapMapObject.getRdnAttributeNames().stream().map((v0) -> {
            return v0.toLowerCase();
        }).collect(Collectors.toSet());
        for (Map.Entry<String, Set<String>> entry : ldapMapObject.getAttributes().entrySet()) {
            String key = entry.getKey();
            Set<String> value = entry.getValue();
            if (value == null) {
                logger.warnf("Attribute '%s' is null on LDAP object '%s' . Using empty value to be saved to LDAP", key, ldapMapObject.getDn().toString());
                value = Collections.emptySet();
            }
            String lowerCase = key.toLowerCase();
            if (!z || !value.isEmpty()) {
                if (!ldapMapObject.getReadOnlyAttributeNames().contains(lowerCase) && (z || !set.contains(lowerCase))) {
                    if (getConfig().getBinaryAttributeNames().contains(key)) {
                        basicAttributes.put(createBinaryBasicAttribute(key, value));
                    } else {
                        basicAttributes.put(createBasicAttribute(key, value));
                    }
                }
            }
        }
        if (z) {
            BasicAttribute basicAttribute = new BasicAttribute("objectclass");
            Iterator<String> it = ldapMapObject.getObjectClasses().iterator();
            while (it.hasNext()) {
                basicAttribute.add(it.next());
            }
            basicAttributes.put(basicAttribute);
        }
        return basicAttributes;
    }

    private BasicAttribute createBasicAttribute(String str, Set<String> set) {
        BasicAttribute basicAttribute = new BasicAttribute(str);
        for (String str2 : set) {
            if (str2 == null || str2.trim().length() == 0) {
                str2 = " ";
            }
            basicAttribute.add(str2);
        }
        return basicAttribute;
    }

    private BasicAttribute createBinaryBasicAttribute(String str, Set<String> set) {
        BasicAttribute basicAttribute = new BasicAttribute(str);
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next == null || next.trim().length() == 0) {
                next = " ";
            }
            try {
                basicAttribute.add(Base64.decode(next));
            } catch (IOException e) {
                logger.warnf("Wasn't able to Base64 decode the attribute value. Ignoring attribute update. Attribute: %s, Attribute value: %s", str, set);
            }
        }
        return basicAttribute;
    }

    protected String getEntryIdentifier(LdapMapObject ldapMapObject) {
        try {
            Attribute attribute = this.operationManager.search(ldapMapObject.getDn().toString(), "(" + LdapMapEscapeStrategy.DEFAULT.escape(ldapMapObject.getDn().getFirstRdn().toString(false)) + ")", Collections.singletonList(getConfig().getUuidLDAPAttributeName()), 0).get(0).getAttributes().get(getConfig().getUuidLDAPAttributeName());
            if (attribute == null) {
                throw new ModelException("Could not retrieve identifier for entry [" + ldapMapObject.getDn().toString() + "].");
            }
            return this.operationManager.decodeEntryUUID(attribute.get());
        } catch (NamingException e) {
            throw new ModelException("Could not retrieve identifier for entry [" + ldapMapObject.getDn().toString() + "].");
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.operationManager.close();
    }
}
