package org.gcube.keycloak.storage.ldap.mappers;

import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.reflection.Property;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.LDAPUtils;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.mappers.AbstractLDAPStorageMapper;

/* loaded from: input_file:org/gcube/keycloak/storage/ldap/mappers/UserAttributeTemplatedLDAPStorageMapper.class */
public class UserAttributeTemplatedLDAPStorageMapper extends AbstractLDAPStorageMapper {
    public static final String TEMPLATE_ATTRIBUTE = "template.string";
    public static final String USER_MODEL_ATTRIBUTE = "user.model.attribute";
    public static final String LDAP_ATTRIBUTE = "ldap.attribute";
    public static final String READ_ONLY = "read.only";
    public static final String ALWAYS_READ_VALUE_FROM_LDAP = "always.read.value.from.ldap";
    public static final String IS_MANDATORY_IN_LDAP = "is.mandatory.in.ldap";
    public static final String VALUE = "VALUE";
    public static final String ATTRIBUTE_VALUE = "${VALUE}";
    private static final Logger logger = Logger.getLogger(UserAttributeTemplatedLDAPStorageMapper.class);
    private static final Map<String, Property<Object>> userModelProperties = LDAPUtils.getUserModelProperties();
    public static Pattern substitution = Pattern.compile("\\$\\{([^}]+)\\}");

    public UserAttributeTemplatedLDAPStorageMapper(ComponentModel componentModel, LDAPStorageProvider lDAPStorageProvider) {
        super(componentModel, lDAPStorageProvider);
    }

    public void onImportUserFromLDAP(LDAPObject lDAPObject, UserModel userModel, RealmModel realmModel, boolean z) {
        String userModelAttribute = getUserModelAttribute();
        String ldapAttributeName = getLdapAttributeName();
        Property<Object> property = userModelProperties.get(userModelAttribute.toLowerCase());
        if (property != null) {
            String attributeAsString = lDAPObject.getAttributeAsString(ldapAttributeName);
            checkDuplicateEmail(userModelAttribute, attributeAsString, realmModel, this.ldapProvider.getSession(), userModel);
            setPropertyOnUserModel(property, userModel, attributeAsString);
        } else {
            Set attributeAsSet = lDAPObject.getAttributeAsSet(ldapAttributeName);
            if (attributeAsSet != null) {
                userModel.setAttribute(userModelAttribute, new ArrayList(attributeAsSet));
            } else {
                userModel.removeAttribute(userModelAttribute);
            }
        }
    }

    protected String computeAttributeValue(String str, String str2) {
        Matcher matcher = substitution.matcher(str);
        StringBuffer stringBuffer = new StringBuffer();
        while (matcher.find()) {
            String group = matcher.group(1);
            if (group.equals(VALUE)) {
                matcher.appendReplacement(stringBuffer, str2);
            } else {
                matcher.appendReplacement(stringBuffer, group);
            }
        }
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }

    public void onRegisterUserToLDAP(LDAPObject lDAPObject, UserModel userModel, RealmModel realmModel) {
        String template = getTemplate();
        String userModelAttribute = getUserModelAttribute();
        String ldapAttributeName = getLdapAttributeName();
        boolean parseBooleanParameter = parseBooleanParameter(this.mapperModel, IS_MANDATORY_IN_LDAP);
        Property<Object> property = userModelProperties.get(userModelAttribute.toLowerCase());
        if (property != null) {
            Object value = property.getValue(userModel);
            if (value != null) {
                lDAPObject.setSingleAttribute(ldapAttributeName, computeAttributeValue(template, value.toString()));
            } else if (parseBooleanParameter) {
                lDAPObject.setSingleAttribute(ldapAttributeName, " ");
            } else {
                lDAPObject.setAttribute(ldapAttributeName, new LinkedHashSet());
            }
        } else {
            List list = (List) userModel.getAttributeStream(userModelAttribute).collect(Collectors.toList());
            if (list.size() != 0) {
                logger.trace("Computing value from template for all the elements in the list");
                lDAPObject.setAttribute(ldapAttributeName, new LinkedHashSet((List) list.stream().map(str -> {
                    return computeAttributeValue(template, str);
                }).collect(Collectors.toList())));
            } else if (parseBooleanParameter) {
                lDAPObject.setSingleAttribute(ldapAttributeName, " ");
            } else {
                lDAPObject.setAttribute(ldapAttributeName, new LinkedHashSet());
            }
        }
        if (isReadOnly()) {
            lDAPObject.addReadOnlyAttributeName(ldapAttributeName);
        }
    }

    protected void checkDuplicateEmail(String str, String str2, RealmModel realmModel, KeycloakSession keycloakSession, UserModel userModel) {
        String lowerCaseSafe;
        UserModel userByEmail;
        if (str2 == null || realmModel.isDuplicateEmailsAllowed() || !"email".equalsIgnoreCase(str) || (userByEmail = keycloakSession.userLocalStorage().getUserByEmail(realmModel, (lowerCaseSafe = KeycloakModelUtils.toLowerCaseSafe(str2)))) == null || userByEmail.getId().equals(userModel.getId())) {
            return;
        }
        keycloakSession.getTransactionManager().setRollbackOnly();
        throw new ModelDuplicateException(String.format("Can't import user '%s' from LDAP because email '%s' already exists in Keycloak. Existing user with this email is '%s'", userModel.getUsername(), lowerCaseSafe, userByEmail.getUsername()), "email");
    }

    protected void checkDuplicateUsername(String str, String str2, RealmModel realmModel, KeycloakSession keycloakSession, UserModel userModel) {
        if ("username".equalsIgnoreCase(str)) {
            if (str2 == null || str2.isEmpty()) {
                throw new ModelException("Cannot set an empty username");
            }
            boolean z = !str2.equals(userModel.getUsername());
            if (!realmModel.isEditUsernameAllowed() || !z) {
                if (z) {
                    throw new ModelException("Cannot change username if the realm is not configured to allow edit the usernames");
                }
            } else {
                UserModel userByUsername = keycloakSession.users().getUserByUsername(realmModel, str2);
                if (userByUsername != null && !userByUsername.getId().equals(userModel.getId())) {
                    throw new ModelDuplicateException(String.format("Cannot change the username to '%s' because the username already exists in keycloak", str2), "username");
                }
            }
        }
    }

    public UserModel proxy(LDAPObject lDAPObject, UserModel userModel, RealmModel realmModel) {
        lDAPObject.addReadOnlyAttributeName(this.mapperModel.get(LDAP_ATTRIBUTE));
        return userModel;
    }

    public void beforeLDAPQuery(LDAPQuery lDAPQuery) {
        String ldapAttributeName = getLdapAttributeName();
        lDAPQuery.addReturningLdapAttribute(ldapAttributeName);
        if (isReadOnly()) {
            lDAPQuery.addReturningReadOnlyLdapAttribute(ldapAttributeName);
        }
    }

    private String getTemplate() {
        return (String) this.mapperModel.getConfig().getFirst(TEMPLATE_ATTRIBUTE);
    }

    private String getUserModelAttribute() {
        return (String) this.mapperModel.getConfig().getFirst(USER_MODEL_ATTRIBUTE);
    }

    String getLdapAttributeName() {
        return (String) this.mapperModel.getConfig().getFirst(LDAP_ATTRIBUTE);
    }

    private boolean isReadOnly() {
        return parseBooleanParameter(this.mapperModel, READ_ONLY);
    }

    protected void setPropertyOnUserModel(Property<Object> property, UserModel userModel, String str) {
        if (str == null) {
            property.setValue(userModel, (Object) null);
            return;
        }
        Class javaClass = property.getJavaClass();
        if (String.class.equals(javaClass)) {
            property.setValue(userModel, str);
        } else if (Boolean.class.equals(javaClass) || Boolean.TYPE.equals(javaClass)) {
            property.setValue(userModel, Boolean.valueOf(str));
        } else {
            logger.warnf("Don't know how to set the property '%s' on user '%s' . Value of LDAP attribute is '%s' ", property.getName(), userModel.getUsername(), str.toString());
        }
    }
}
