package org.keycloak.testsuite.util;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Objects;
import java.util.function.Consumer;
import java.util.stream.Stream;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.UserModelDelegate;
import org.keycloak.storage.UserStoragePrivateUtil;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.LDAPUtils;
import org.keycloak.storage.ldap.idm.model.LDAPDn;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore;
import org.keycloak.storage.ldap.mappers.LDAPOperationDecorator;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory;

/* loaded from: input_file:org/keycloak/testsuite/util/LDAPTestUtils.class */
public class LDAPTestUtils {
    public static UserModel addLocalUser(KeycloakSession keycloakSession, RealmModel realmModel, String str, String str2, String str3) {
        UserModel addUser = UserStoragePrivateUtil.userLocalStorage(keycloakSession).addUser(realmModel, str);
        addUser.setEmail(str2);
        addUser.setEnabled(true);
        addUser.credentialManager().updateCredential(UserCredentialModel.password(str3));
        return addUser;
    }

    public static void addLdapUser(KeycloakSession keycloakSession, RealmModel realmModel, LDAPStorageProvider lDAPStorageProvider, String str, String str2, Consumer<UserModel> consumer) {
        UserModel addUser = lDAPStorageProvider.addUser(realmModel, str);
        consumer.accept(addUser);
        if (str2 == null) {
            return;
        }
        addUser.credentialManager().updateCredential(UserCredentialModel.password(str));
    }

    public static LDAPObject addLDAPUser(LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel, String str, String str2, String str3, String str4, String str5, String... strArr) {
        return addLDAPUser(lDAPStorageProvider, realmModel, str, str2, str3, str4, str5, new MultivaluedHashMap(), strArr);
    }

    public static LDAPObject addLDAPUser(LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel, final String str, final String str2, final String str3, final String str4, final String str5, final MultivaluedHashMap<String, String> multivaluedHashMap, final String... strArr) {
        return LDAPUtils.addUserToLDAP(lDAPStorageProvider, realmModel, new UserModelDelegate(null) { // from class: org.keycloak.testsuite.util.LDAPTestUtils.1
            public String getUsername() {
                return str;
            }

            public String getEmail() {
                return str4;
            }

            public String getFirstName() {
                return str2;
            }

            public String getLastName() {
                return str3;
            }

            public String getFirstAttribute(String str6) {
                return "lastName".equals(str6) ? str3 : "firstName".equals(str6) ? str2 : "email".equals(str6) ? str4 : "username".equals(str6) ? str : multivaluedHashMap.containsKey(str6) ? (String) multivaluedHashMap.getFirst(str6) : super.getFirstAttribute(str6);
            }

            public Stream<String> getAttributeStream(String str6) {
                return "lastName".equals(str6) ? Stream.of(str3) : "firstName".equals(str6) ? Stream.of(str2) : "email".equals(str6) ? Stream.of(str4) : "username".equals(str6) ? Stream.of(str) : (!"postal_code".equals(str6) || strArr == null || strArr.length <= 0) ? (!"street".equals(str6) || str5 == null) ? multivaluedHashMap.containsKey(str6) ? multivaluedHashMap.getList(str6).stream() : Stream.empty() : Stream.of(str5) : Stream.of((Object[]) strArr);
            }
        });
    }

    public static LDAPObject addLdapOU(LDAPStorageProvider lDAPStorageProvider, String str) {
        LDAPObject lDAPObject = new LDAPObject();
        lDAPObject.setRdnAttributeName("ou");
        lDAPObject.setObjectClasses(Collections.singletonList("organizationalUnit"));
        lDAPObject.setSingleAttribute("ou", str);
        LDAPDn fromString = LDAPDn.fromString(lDAPStorageProvider.getLdapIdentityStore().getConfig().getUsersDn());
        fromString.addFirst("ou", str);
        lDAPObject.setDn(fromString);
        lDAPStorageProvider.getLdapIdentityStore().add(lDAPObject);
        return lDAPObject;
    }

    public static void updateLDAPPassword(LDAPStorageProvider lDAPStorageProvider, LDAPObject lDAPObject, String str) {
        lDAPStorageProvider.getLdapIdentityStore().updatePassword(lDAPObject, str, (LDAPOperationDecorator) null);
        if (lDAPStorageProvider.getLdapIdentityStore().getConfig().isActiveDirectory()) {
            lDAPObject.setSingleAttribute("userAccountControl", "512");
            lDAPStorageProvider.getLdapIdentityStore().update(lDAPObject);
        }
    }

    public static ComponentModel getLdapProviderModel(RealmModel realmModel) {
        return (ComponentModel) realmModel.getComponentsStream(realmModel.getId(), UserStorageProvider.class.getName()).filter(componentModel -> {
            return Objects.equals(componentModel.getProviderId(), "ldap");
        }).findFirst().orElse(null);
    }

    public static ComponentModel getLdapProviderModel(RealmModel realmModel, String str) {
        return (ComponentModel) realmModel.getComponentsStream(realmModel.getId(), UserStorageProvider.class.getName()).filter(componentModel -> {
            return Objects.equals(componentModel.getProviderId(), "ldap");
        }).filter(componentModel2 -> {
            return str == null || componentModel2.getName().equals(str);
        }).findFirst().orElse(null);
    }

    public static LDAPStorageProvider getLdapProvider(KeycloakSession keycloakSession, ComponentModel componentModel) {
        return keycloakSession.getProvider(UserStorageProvider.class, componentModel);
    }

    public static void addZipCodeLDAPMapper(RealmModel realmModel, ComponentModel componentModel) {
        addUserAttributeMapper(realmModel, componentModel, "zipCodeMapper", "postal_code", "postalCode");
    }

    public static void addPostalAddressLDAPMapper(RealmModel realmModel, ComponentModel componentModel) {
        addUserAttributeMapper(realmModel, componentModel, "postalAddressMapper", "postalAddress", "postalAddress");
    }

    public static ComponentModel addUserAttributeMapper(RealmModel realmModel, ComponentModel componentModel, String str, String str2, String str3) {
        return realmModel.addComponentModel(KeycloakModelUtils.createComponentModel(str, componentModel.getId(), "user-attribute-ldap-mapper", LDAPStorageMapper.class.getName(), new String[]{"user.model.attribute", str2, "ldap.attribute", str3, "read.only", "false", "always.read.value.from.ldap", "false", "is.mandatory.in.ldap", "false"}));
    }

    public static void addOrUpdateRoleLDAPMappers(RealmModel realmModel, ComponentModel componentModel, LDAPGroupMapperMode lDAPGroupMapperMode) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, "realmRolesMapper");
        if (subcomponentByName != null) {
            subcomponentByName.getConfig().putSingle("mode", lDAPGroupMapperMode.toString());
            realmModel.updateComponent(subcomponentByName);
        } else {
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("realmRolesMapper", componentModel.getId(), "role-ldap-mapper", LDAPStorageMapper.class.getName(), new String[]{"roles.dn", "ou=RealmRoles," + ((String) componentModel.getConfig().getFirst("baseDn")), "use.realm.roles.mapping", "true", "mode", lDAPGroupMapperMode.toString()}));
        }
        ComponentModel subcomponentByName2 = getSubcomponentByName(realmModel, componentModel, "financeRolesMapper");
        if (subcomponentByName2 != null) {
            subcomponentByName2.getConfig().putSingle("mode", lDAPGroupMapperMode.toString());
            realmModel.updateComponent(subcomponentByName2);
        } else {
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("financeRolesMapper", componentModel.getId(), "role-ldap-mapper", LDAPStorageMapper.class.getName(), new String[]{"roles.dn", "ou=FinanceRoles," + ((String) componentModel.getConfig().getFirst("baseDn")), "use.realm.roles.mapping", "false", "client.id", "finance", "mode", lDAPGroupMapperMode.toString()}));
        }
    }

    public static ComponentModel getSubcomponentByName(RealmModel realmModel, ComponentModel componentModel, String str) {
        return (ComponentModel) realmModel.getComponentsStream(componentModel.getId(), LDAPStorageMapper.class.getName()).filter(componentModel2 -> {
            return Objects.equals(str, componentModel2.getName());
        }).findFirst().orElse(null);
    }

    public static void addOrUpdateHardcodedGroupMapper(RealmModel realmModel, ComponentModel componentModel, String... strArr) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, "hardcodedGroupsMapper");
        if (subcomponentByName != null) {
            updateGroupMapperConfigOptions(subcomponentByName, strArr);
            realmModel.updateComponent(subcomponentByName);
        } else {
            ComponentModel createComponentModel = KeycloakModelUtils.createComponentModel("hardcodedGroupsMapper", componentModel.getId(), "hardcoded-ldap-group-mapper", LDAPStorageMapper.class.getName(), new String[]{"group", "parent_group/hardcoded_group"});
            updateConfigOptions(createComponentModel, strArr);
            realmModel.addComponentModel(createComponentModel);
        }
    }

    public static void addOrUpdateGroupMapper(RealmModel realmModel, ComponentModel componentModel, LDAPGroupMapperMode lDAPGroupMapperMode, String str, String... strArr) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, "groupsMapper");
        if (subcomponentByName != null) {
            subcomponentByName.getConfig().putSingle("mode", lDAPGroupMapperMode.toString());
            updateGroupMapperConfigOptions(subcomponentByName, strArr);
            realmModel.updateComponent(subcomponentByName);
        } else {
            ComponentModel createComponentModel = KeycloakModelUtils.createComponentModel("groupsMapper", componentModel.getId(), "group-ldap-mapper", LDAPStorageMapper.class.getName(), new String[]{"groups.dn", "ou=Groups," + ((String) componentModel.getConfig().getFirst("baseDn")), "mapped.group.attributes", str, "preserve.group.inheritance", "true", "mode", lDAPGroupMapperMode.toString(), "groups.path", "/"});
            updateGroupMapperConfigOptions(createComponentModel, strArr);
            realmModel.addComponentModel(createComponentModel);
        }
    }

    public static void addOrUpdateHardcodedRoleMapper(RealmModel realmModel, ComponentModel componentModel, String... strArr) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, "hardcodedRolesMapper");
        if (subcomponentByName != null) {
            updateConfigOptions(subcomponentByName, strArr);
            realmModel.updateComponent(subcomponentByName);
        } else {
            ComponentModel createComponentModel = KeycloakModelUtils.createComponentModel("hardcodedRolesMapper", componentModel.getId(), "hardcoded-ldap-role-mapper", LDAPStorageMapper.class.getName(), new String[]{"role", "hardcoded_role"});
            updateConfigOptions(createComponentModel, strArr);
            realmModel.addComponentModel(createComponentModel);
        }
    }

    public static void addOrUpdateRoleMapper(RealmModel realmModel, ComponentModel componentModel, LDAPGroupMapperMode lDAPGroupMapperMode, String... strArr) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, "rolesMapper");
        if (subcomponentByName != null) {
            subcomponentByName.getConfig().putSingle("mode", lDAPGroupMapperMode.toString());
            updateGroupMapperConfigOptions(subcomponentByName, strArr);
            realmModel.updateComponent(subcomponentByName);
        } else {
            ComponentModel createComponentModel = KeycloakModelUtils.createComponentModel("rolesMapper", componentModel.getId(), "role-ldap-mapper", LDAPStorageMapper.class.getName(), new String[]{"roles.dn", "ou=Groups," + ((String) componentModel.getConfig().getFirst("baseDn")), "use.realm.roles.mapping", "true", "mode", lDAPGroupMapperMode.toString()});
            updateGroupMapperConfigOptions(createComponentModel, strArr);
            realmModel.addComponentModel(createComponentModel);
        }
    }

    public static void updateConfigOptions(ComponentModel componentModel, String... strArr) {
        for (int i = 0; i < strArr.length; i += 2) {
            componentModel.getConfig().putSingle(strArr[i], strArr[i + 1]);
        }
    }

    @Deprecated
    public static void updateGroupMapperConfigOptions(ComponentModel componentModel, String... strArr) {
        updateConfigOptions(componentModel, strArr);
    }

    public static void syncRolesFromLDAP(RealmModel realmModel, LDAPStorageProvider lDAPStorageProvider, ComponentModel componentModel) {
        getRoleMapper(getSubcomponentByName(realmModel, componentModel, "realmRolesMapper"), lDAPStorageProvider, realmModel).syncDataFromFederationProviderToKeycloak(realmModel);
        getRoleMapper(getSubcomponentByName(realmModel, componentModel, "financeRolesMapper"), lDAPStorageProvider, realmModel).syncDataFromFederationProviderToKeycloak(realmModel);
    }

    public static void removeAllLDAPUsers(LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel) {
        LDAPIdentityStore ldapIdentityStore = lDAPStorageProvider.getLdapIdentityStore();
        LDAPQuery createQueryForUserSearch = LDAPUtils.createQueryForUserSearch(lDAPStorageProvider, realmModel);
        try {
            Iterator it = createQueryForUserSearch.getResultList().iterator();
            while (it.hasNext()) {
                ldapIdentityStore.remove((LDAPObject) it.next());
            }
            if (createQueryForUserSearch != null) {
                createQueryForUserSearch.close();
            }
        } catch (Throwable th) {
            if (createQueryForUserSearch != null) {
                try {
                    createQueryForUserSearch.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static void removeLDAPUserByUsername(LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel, LDAPConfig lDAPConfig, String str) {
        LDAPIdentityStore ldapIdentityStore = lDAPStorageProvider.getLdapIdentityStore();
        LDAPQuery createQueryForUserSearch = LDAPUtils.createQueryForUserSearch(lDAPStorageProvider, realmModel);
        try {
            for (LDAPObject lDAPObject : createQueryForUserSearch.getResultList()) {
                if (str.equals(LDAPUtils.getUsername(lDAPObject, lDAPConfig))) {
                    ldapIdentityStore.remove(lDAPObject);
                }
            }
            if (createQueryForUserSearch != null) {
                createQueryForUserSearch.close();
            }
        } catch (Throwable th) {
            if (createQueryForUserSearch != null) {
                try {
                    createQueryForUserSearch.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static void removeAllLDAPRoles(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, String str) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, str);
        LDAPStorageProvider ldapProvider = getLdapProvider(keycloakSession, componentModel);
        LDAPQuery createRoleQuery = getRoleMapper(subcomponentByName, ldapProvider, realmModel).createRoleQuery(false);
        try {
            Iterator it = createRoleQuery.getResultList().iterator();
            while (it.hasNext()) {
                ldapProvider.getLdapIdentityStore().remove((LDAPObject) it.next());
            }
            if (createRoleQuery != null) {
                createRoleQuery.close();
            }
        } catch (Throwable th) {
            if (createRoleQuery != null) {
                try {
                    createRoleQuery.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static void removeAllLDAPGroups(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, String str) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, str);
        LDAPStorageProvider ldapProvider = getLdapProvider(keycloakSession, componentModel);
        LDAPQuery createGroupQuery = "group-ldap-mapper".equals(subcomponentByName.getProviderId()) ? getGroupMapper(subcomponentByName, ldapProvider, realmModel).createGroupQuery(false) : getRoleMapper(subcomponentByName, ldapProvider, realmModel).createRoleQuery(false);
        try {
            Iterator it = createGroupQuery.getResultList().iterator();
            while (it.hasNext()) {
                ldapProvider.getLdapIdentityStore().remove((LDAPObject) it.next());
            }
            if (createGroupQuery != null) {
                createGroupQuery.close();
            }
        } catch (Throwable th) {
            if (createGroupQuery != null) {
                try {
                    createGroupQuery.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static void createLDAPRole(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, String str, String str2) {
        getRoleMapper(getSubcomponentByName(realmModel, componentModel, str), getLdapProvider(keycloakSession, componentModel), realmModel).createLDAPRole(str2);
    }

    public static LDAPObject createLDAPGroup(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, String str, String... strArr) {
        return createLDAPGroup("groupsMapper", keycloakSession, realmModel, componentModel, str, strArr);
    }

    public static LDAPObject createLDAPGroup(String str, KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, String str2, String... strArr) {
        ComponentModel subcomponentByName = getSubcomponentByName(realmModel, componentModel, str);
        LDAPStorageProvider ldapProvider = getLdapProvider(keycloakSession, componentModel);
        HashMap hashMap = new HashMap();
        for (int i = 0; i < strArr.length; i += 2) {
            hashMap.put(strArr[i], Collections.singleton(strArr[i + 1]));
        }
        return "group-ldap-mapper".equals(subcomponentByName.getProviderId()) ? getGroupMapper(subcomponentByName, ldapProvider, realmModel).createLDAPGroup(str2, hashMap) : getRoleMapper(subcomponentByName, ldapProvider, realmModel).createLDAPRole(str2);
    }

    public static LDAPObject updateLDAPGroup(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, LDAPObject lDAPObject) {
        return getGroupMapper(getSubcomponentByName(realmModel, componentModel, "groupsMapper"), getLdapProvider(keycloakSession, componentModel), realmModel).updateLDAPGroup(lDAPObject);
    }

    public static GroupLDAPStorageMapper getGroupMapper(ComponentModel componentModel, LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel) {
        return new GroupLDAPStorageMapper(componentModel, lDAPStorageProvider, new GroupLDAPStorageMapperFactory());
    }

    public static RoleLDAPStorageMapper getRoleMapper(ComponentModel componentModel, LDAPStorageProvider lDAPStorageProvider, RealmModel realmModel) {
        return new RoleLDAPStorageMapper(componentModel, lDAPStorageProvider, new RoleLDAPStorageMapperFactory());
    }

    public static String getGroupDescriptionLDAPAttrName(LDAPStorageProvider lDAPStorageProvider) {
        return lDAPStorageProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description";
    }
}
