package org.keycloak.testsuite.rest.resource;

import jakarta.ws.rs.Consumes;
import jakarta.ws.rs.DELETE;
import jakarta.ws.rs.POST;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import java.util.Map;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.storage.CacheableStorageProviderModel;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.LDAPUtils;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.storage.ldap.mappers.membership.MembershipType;
import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory;
import org.keycloak.testsuite.util.LDAPTestUtils;

/* loaded from: input_file:org/keycloak/testsuite/rest/resource/TestLDAPResource.class */
public class TestLDAPResource {
    private final KeycloakSession session;
    private final RealmModel realm;

    public TestLDAPResource(KeycloakSession keycloakSession, RealmModel realmModel) {
        this.session = keycloakSession;
        this.realm = realmModel;
    }

    @Produces({"application/json"})
    @POST
    @Path("/create-ldap-provider")
    @Consumes({"application/json"})
    public String createLDAPProvider(Map<String, String> map, @QueryParam("import") boolean z) {
        MultivaluedHashMap<String, String> componentConfig = toComponentConfig(map);
        componentConfig.putSingle("syncRegistrations", "true");
        componentConfig.putSingle("editMode", UserStorageProvider.EditMode.WRITABLE.toString());
        componentConfig.putSingle("connectionPooling", "true");
        UserStorageProviderModel userStorageProviderModel = new UserStorageProviderModel();
        userStorageProviderModel.setLastSync(0);
        userStorageProviderModel.setChangedSyncPeriod(-1);
        userStorageProviderModel.setFullSyncPeriod(-1);
        userStorageProviderModel.setName("test-ldap");
        userStorageProviderModel.setPriority(0);
        userStorageProviderModel.setProviderId("ldap");
        userStorageProviderModel.setConfig(componentConfig);
        userStorageProviderModel.setImportEnabled(z);
        userStorageProviderModel.setCachePolicy(CacheableStorageProviderModel.CachePolicy.MAX_LIFESPAN);
        userStorageProviderModel.setMaxLifespan(600000L);
        return this.realm.addComponentModel(userStorageProviderModel).getId();
    }

    private static MultivaluedHashMap<String, String> toComponentConfig(Map<String, String> map) {
        MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            multivaluedHashMap.add(entry.getKey(), entry.getValue());
        }
        return multivaluedHashMap;
    }

    @Produces({"application/json"})
    @POST
    @Path("/configure-groups")
    @Consumes({"application/json"})
    public void prepareGroupsLDAPTest() {
        LDAPTestUtils.addLocalUser(this.session, this.realm, "mary", "mary@test.com", "password-app");
        LDAPTestUtils.addLocalUser(this.session, this.realm, "john", "john@test.com", "password-app");
        ComponentModel ldapProviderModel = LDAPTestUtils.getLdapProviderModel(this.realm);
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(this.session, ldapProviderModel);
        String groupDescriptionLDAPAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ldapProvider);
        LDAPTestUtils.addOrUpdateGroupMapper(this.realm, ldapProviderModel, LDAPGroupMapperMode.LDAP_ONLY, groupDescriptionLDAPAttrName, new String[0]);
        LDAPTestUtils.removeAllLDAPGroups(this.session, this.realm, ldapProviderModel, "groupsMapper");
        LDAPObject createLDAPGroup = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "group1", groupDescriptionLDAPAttrName, "group1 - description");
        LDAPObject createLDAPGroup2 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "group11", new String[0]);
        LDAPObject createLDAPGroup3 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "group12", groupDescriptionLDAPAttrName, "group12 - description");
        LDAPObject createLDAPGroup4 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "defaultGroup1", groupDescriptionLDAPAttrName, "Default Group1 - description");
        LDAPObject createLDAPGroup5 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "defaultGroup11", new String[0]);
        LDAPObject createLDAPGroup6 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "defaultGroup12", groupDescriptionLDAPAttrName, "Default Group12 - description");
        LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "Team 2016/2017", groupDescriptionLDAPAttrName, "A group with slashes in the name");
        LDAPObject createLDAPGroup7 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "Team Child 2018/2019", groupDescriptionLDAPAttrName, "A child group with slashes in the name");
        LDAPObject createLDAPGroup8 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "Team SubChild 2020/2021", groupDescriptionLDAPAttrName, "A sub child group with slashes in the name");
        LDAPObject createLDAPGroup9 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "defaultGroup13", groupDescriptionLDAPAttrName, "Default Group13 - description");
        LDAPObject createLDAPGroup10 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "Team SubChild 2022/2023/A/B/C/D/E", groupDescriptionLDAPAttrName, "A sub child group with slashes in the name");
        LDAPObject createLDAPGroup11 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "defaultGroup14", groupDescriptionLDAPAttrName, "Default Group14 - description");
        LDAPObject createLDAPGroup12 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "Team Root 2024/2025/A/B/C/D", groupDescriptionLDAPAttrName, "A sub child group with slashes in the name");
        LDAPObject createLDAPGroup13 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "defaultGroup15", groupDescriptionLDAPAttrName, "Default Group15 - description");
        LDAPObject createLDAPGroup14 = LDAPTestUtils.createLDAPGroup(this.session, this.realm, ldapProviderModel, "Team SubChild 2026/2027", groupDescriptionLDAPAttrName, "A sub child group with slashes in the name");
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup, createLDAPGroup2);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup, createLDAPGroup3);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup4, createLDAPGroup5);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup4, createLDAPGroup6);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup4, createLDAPGroup7);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup7, createLDAPGroup8);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup9, createLDAPGroup10);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup10, createLDAPGroup11);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup12, createLDAPGroup13);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup13, createLDAPGroup14);
        new GroupLDAPStorageMapperFactory().create(this.session, LDAPTestUtils.getSubcomponentByName(this.realm, ldapProviderModel, "groupsMapper")).syncDataFromFederationProviderToKeycloak(this.realm);
        this.realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(this.session, this.realm, "/defaultGroup1/defaultGroup11"));
        this.realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(this.session, this.realm, "/defaultGroup1/defaultGroup12"));
        LDAPTestUtils.removeAllLDAPUsers(ldapProvider, this.realm);
        LDAPTestUtils.updateLDAPPassword(ldapProvider, LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"), "Password1");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678"), "Password1");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910"), "Password1");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910"), "Password1");
    }

    @Produces({"application/json"})
    @POST
    @Path("/configure-roles")
    @Consumes({"application/json"})
    public void prepareRolesLDAPTest() {
        ComponentModel ldapProviderModel = LDAPTestUtils.getLdapProviderModel(this.realm);
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(this.session, ldapProviderModel);
        LDAPTestUtils.addOrUpdateRoleMapper(this.realm, ldapProviderModel, LDAPGroupMapperMode.LDAP_ONLY, new String[0]);
        LDAPTestUtils.removeAllLDAPGroups(this.session, this.realm, ldapProviderModel, "rolesMapper");
        LDAPTestUtils.removeAllLDAPUsers(ldapProvider, this.realm);
        LDAPObject addLDAPUser = LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, addLDAPUser, "Password1");
        LDAPObject addLDAPUser2 = LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, addLDAPUser2, "Password1");
        LDAPObject addLDAPUser3 = LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, addLDAPUser3, "Password1");
        LDAPTestUtils.updateLDAPPassword(ldapProvider, LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910"), "Password1");
        LDAPObject createLDAPGroup = LDAPTestUtils.createLDAPGroup("rolesMapper", this.session, this.realm, ldapProviderModel, "group1", new String[0]);
        LDAPObject createLDAPGroup2 = LDAPTestUtils.createLDAPGroup("rolesMapper", this.session, this.realm, ldapProviderModel, "group2", new String[0]);
        LDAPTestUtils.createLDAPGroup("rolesMapper", this.session, this.realm, ldapProviderModel, "group3", new String[0]);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup, addLDAPUser);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup, addLDAPUser2);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup, addLDAPUser3);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup2, addLDAPUser);
        LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", "not-used", createLDAPGroup2, addLDAPUser2);
        new RoleLDAPStorageMapperFactory().create(this.session, LDAPTestUtils.getSubcomponentByName(this.realm, ldapProviderModel, "rolesMapper")).syncDataFromFederationProviderToKeycloak(this.realm);
    }

    @Produces({"application/json"})
    @POST
    @Path("/configure-hardcoded-roles")
    @Consumes({"application/json"})
    public void prepareHardcodedRolesLDAPTest() {
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(this.session, LDAPTestUtils.getLdapProviderModel(this.realm));
        UserStorageProviderModel model = ldapProvider.getModel();
        model.setCachePolicy(CacheableStorageProviderModel.CachePolicy.NO_CACHE);
        model.setImportEnabled(false);
        model.getConfig().putSingle("editMode", UserStorageProvider.EditMode.READ_ONLY.name());
        this.realm.updateComponent(model);
        this.realm.addRole("hardcoded_role").addCompositeRole(this.realm.getClientByClientId("admin-cli").addRole("client_role"));
        LDAPTestUtils.addOrUpdateHardcodedRoleMapper(this.realm, model, new String[0]);
        LDAPTestUtils.removeAllLDAPUsers(ldapProvider, this.realm);
        LDAPTestUtils.updateLDAPPassword(ldapProvider, LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"), "Password1");
    }

    @Produces({"application/json"})
    @POST
    @Path("/configure-hardcoded-groups")
    @Consumes({"application/json"})
    public void prepareHardcodedGroupsLDAPTest() {
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(this.session, LDAPTestUtils.getLdapProviderModel(this.realm));
        UserStorageProviderModel model = ldapProvider.getModel();
        model.setCachePolicy(CacheableStorageProviderModel.CachePolicy.NO_CACHE);
        model.setImportEnabled(false);
        model.getConfig().putSingle("editMode", UserStorageProvider.EditMode.READ_ONLY.name());
        this.realm.updateComponent(model);
        RoleModel addRole = this.realm.getClientByClientId("admin-cli").addRole("client_role");
        GroupModel createGroup = this.realm.createGroup("parent_group");
        createGroup.grantRole(addRole);
        createGroup.addChild(this.realm.createGroup("hardcoded_group"));
        LDAPTestUtils.addOrUpdateHardcodedGroupMapper(this.realm, model, new String[0]);
        LDAPTestUtils.removeAllLDAPUsers(ldapProvider, this.realm);
        LDAPTestUtils.updateLDAPPassword(ldapProvider, LDAPTestUtils.addLDAPUser(ldapProvider, this.realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"), "Password1");
    }

    @DELETE
    @Path("/remove-ldap-user")
    @Consumes({"application/json"})
    public void removeLDAPUser(@QueryParam("username") String str) {
        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(this.session, new UserStorageProviderModel(LDAPTestUtils.getLdapProviderModel(this.realm)));
        LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, this.realm, ldapProvider.getLdapIdentityStore().getConfig(), str);
    }
}
