package org.keycloak.models.map.storage.ldap.role;

import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.naming.NamingException;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RoleModel;
import org.keycloak.models.map.common.DeepCloner;
import org.keycloak.models.map.common.StreamUtils;
import org.keycloak.models.map.common.StringKeyConverter;
import org.keycloak.models.map.role.MapRoleEntity;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.models.map.storage.QueryParameters;
import org.keycloak.models.map.storage.chm.MapFieldPredicates;
import org.keycloak.models.map.storage.chm.MapModelCriteriaBuilder;
import org.keycloak.models.map.storage.ldap.LdapMapKeycloakTransaction;
import org.keycloak.models.map.storage.ldap.MapModelCriteriaBuilderAssumingEqualForField;
import org.keycloak.models.map.storage.ldap.config.LdapMapConfig;
import org.keycloak.models.map.storage.ldap.model.LdapMapDn;
import org.keycloak.models.map.storage.ldap.model.LdapMapObject;
import org.keycloak.models.map.storage.ldap.model.LdapMapQuery;
import org.keycloak.models.map.storage.ldap.role.config.LdapMapRoleMapperConfig;
import org.keycloak.models.map.storage.ldap.role.entity.LdapMapRoleEntityFieldDelegate;
import org.keycloak.models.map.storage.ldap.role.entity.LdapRoleEntity;
import org.keycloak.models.map.storage.ldap.store.LdapMapIdentityStore;
import org.keycloak.provider.Provider;

/* loaded from: input_file:org/keycloak/models/map/storage/ldap/role/LdapRoleMapKeycloakTransaction.class */
public class LdapRoleMapKeycloakTransaction extends LdapMapKeycloakTransaction<LdapMapRoleEntityFieldDelegate, MapRoleEntity, RoleModel> implements Provider {
    private final LdapMapRoleMapperConfig roleMapperConfig;
    private final LdapMapConfig ldapMapConfig;
    private final LdapMapIdentityStore identityStore;
    private final StringKeyConverter<String> keyConverter = new StringKeyConverter.StringKey();
    private final Set<String> deletedKeys = new HashSet();
    private final Map<String, String> dns = new HashMap();

    /* loaded from: input_file:org/keycloak/models/map/storage/ldap/role/LdapRoleMapKeycloakTransaction$LdapRoleMapKeycloakTransactionFunction.class */
    public interface LdapRoleMapKeycloakTransactionFunction<A, B, R> {
        R apply(A a, B b);
    }

    public LdapRoleMapKeycloakTransaction(KeycloakSession keycloakSession, Config.Scope scope) {
        this.roleMapperConfig = new LdapMapRoleMapperConfig(scope);
        this.ldapMapConfig = new LdapMapConfig(scope);
        this.identityStore = new LdapMapIdentityStore(keycloakSession, this.ldapMapConfig);
        keycloakSession.enlistForClose(this);
    }

    public String readIdByDn(String str) {
        String str2 = this.dns.get(str);
        if (str2 == null) {
            Iterator it = this.entities.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                LdapMapObject ldapMapObject = ((LdapMapRoleEntityFieldDelegate) ((Map.Entry) it.next()).getValue()).getLdapMapObject();
                if (ldapMapObject.getDn().toString().equals(str)) {
                    str2 = ldapMapObject.getId();
                    break;
                }
            }
        }
        if (str2 != null) {
            return str2;
        }
        LdapMapQuery ldapMapQuery = new LdapMapQuery();
        ldapMapQuery.setSearchScope(this.ldapMapConfig.getSearchScope());
        ldapMapQuery.setSearchDn(this.roleMapperConfig.getCommonRolesDn());
        ldapMapQuery.addObjectClasses(this.ldapMapConfig.getRoleObjectClasses());
        ldapMapQuery.addReturningLdapAttribute(this.roleMapperConfig.getRoleNameLdapAttribute());
        LdapMapDn.RDN firstRdn = LdapMapDn.fromString(str).getFirstRdn();
        ldapMapQuery.setModelCriteriaBuilder(new LdapRoleModelCriteriaBuilder(this.roleMapperConfig).compare(RoleModel.SearchableFields.NAME, ModelCriteriaBuilder.Operator.EQ, firstRdn.getAttrValue(firstRdn.getAllKeys().get(0))).withCustomFilter(this.roleMapperConfig.getCustomLdapFilter()));
        List<LdapMapObject> fetchQueryResults = this.identityStore.fetchQueryResults(ldapMapQuery);
        if (fetchQueryResults.size() != 1) {
            return null;
        }
        this.dns.put(str, fetchQueryResults.get(0).getId());
        return fetchQueryResults.get(0).getId();
    }

    private MapModelCriteriaBuilder<String, MapRoleEntity, RoleModel> createCriteriaBuilderMap() {
        return new MapModelCriteriaBuilderAssumingEqualForField(this.keyConverter, MapFieldPredicates.getPredicates(RoleModel.class), RoleModel.SearchableFields.REALM_ID);
    }

    public LdapMapRoleEntityFieldDelegate create(MapRoleEntity mapRoleEntity) {
        final LdapMapRoleEntityFieldDelegate ldapMapRoleEntityFieldDelegate = (LdapMapRoleEntityFieldDelegate) new DeepCloner.Builder().constructor(MapRoleEntity.class, deepCloner -> {
            return new LdapMapRoleEntityFieldDelegate(new LdapRoleEntity(deepCloner, this.roleMapperConfig, this, mapRoleEntity.getClientId()));
        }).build().from(mapRoleEntity);
        ldapMapRoleEntityFieldDelegate.setId(null);
        if (ldapMapRoleEntityFieldDelegate.getLdapMapObject().getId() == null && ldapMapRoleEntityFieldDelegate.getLdapMapObject().getAttributeAsSet(this.roleMapperConfig.getMembershipLdapAttribute()) == null) {
            ldapMapRoleEntityFieldDelegate.getLdapMapObject().setAttribute(this.roleMapperConfig.getMembershipLdapAttribute(), (Set) Stream.of(ldapMapRoleEntityFieldDelegate.getLdapMapObject().getDn().toString()).collect(Collectors.toSet()));
        }
        try {
            this.identityStore.add(ldapMapRoleEntityFieldDelegate.getLdapMapObject());
        } catch (ModelException e) {
            if (mapRoleEntity.getClientId() != null && (e.getCause() instanceof NamingException)) {
                final LdapMapObject ldapMapObject = new LdapMapObject();
                ldapMapObject.setObjectClasses(Arrays.asList("top", "organizationalUnit"));
                ldapMapObject.setRdnAttributeName("ou");
                ldapMapObject.setDn(LdapMapDn.fromString(this.roleMapperConfig.getRolesDn(ldapMapRoleEntityFieldDelegate.getClientId())));
                ldapMapObject.setSingleAttribute("ou", ldapMapRoleEntityFieldDelegate.getClientId());
                this.identityStore.add(ldapMapObject);
                this.tasksOnRollback.add(new LdapMapKeycloakTransaction.DeleteOperation() { // from class: org.keycloak.models.map.storage.ldap.role.LdapRoleMapKeycloakTransaction.1
                    @Override // org.keycloak.models.map.storage.ldap.LdapMapKeycloakTransaction.MapTaskWithValue
                    public void execute() {
                        LdapRoleMapKeycloakTransaction.this.identityStore.remove(ldapMapObject);
                    }
                });
                this.identityStore.add(ldapMapRoleEntityFieldDelegate.getLdapMapObject());
            }
        }
        this.entities.put(ldapMapRoleEntityFieldDelegate.getId(), ldapMapRoleEntityFieldDelegate);
        this.tasksOnRollback.add(new LdapMapKeycloakTransaction.DeleteOperation() { // from class: org.keycloak.models.map.storage.ldap.role.LdapRoleMapKeycloakTransaction.2
            @Override // org.keycloak.models.map.storage.ldap.LdapMapKeycloakTransaction.MapTaskWithValue
            public void execute() {
                LdapRoleMapKeycloakTransaction.this.identityStore.remove(ldapMapRoleEntityFieldDelegate.getLdapMapObject());
                LdapRoleMapKeycloakTransaction.this.entities.remove(ldapMapRoleEntityFieldDelegate.getId());
            }
        });
        return ldapMapRoleEntityFieldDelegate;
    }

    public boolean delete(String str) {
        final LdapMapRoleEntityFieldDelegate m6read = m6read(str);
        if (m6read == null) {
            throw new ModelException("unable to read entity with key " + str);
        }
        if (this.deletedKeys.contains(str)) {
            return true;
        }
        this.deletedKeys.add(str);
        this.tasksOnCommit.add(new LdapMapKeycloakTransaction.DeleteOperation() { // from class: org.keycloak.models.map.storage.ldap.role.LdapRoleMapKeycloakTransaction.3
            @Override // org.keycloak.models.map.storage.ldap.LdapMapKeycloakTransaction.MapTaskWithValue
            public void execute() {
                LdapRoleMapKeycloakTransaction.this.identityStore.remove(m6read.getLdapMapObject());
                LdapRoleMapKeycloakTransaction.this.entities.remove(m6read.getId());
            }
        });
        return true;
    }

    public LdapRoleEntity readLdap(String str) {
        LdapMapRoleEntityFieldDelegate m6read = m6read(str);
        if (m6read == null) {
            return null;
        }
        return m6read.m9getEntityFieldDelegate();
    }

    /* renamed from: read, reason: merged with bridge method [inline-methods] */
    public LdapMapRoleEntityFieldDelegate m6read(String str) {
        if (this.deletedKeys.contains(str)) {
            return null;
        }
        LdapMapRoleEntityFieldDelegate ldapMapRoleEntityFieldDelegate = (LdapMapRoleEntityFieldDelegate) this.entities.get(str);
        if (ldapMapRoleEntityFieldDelegate == null) {
            ldapMapRoleEntityFieldDelegate = lookupEntityById(str, null);
            if (ldapMapRoleEntityFieldDelegate == null) {
                LdapMapQuery ldapMapQuery = new LdapMapQuery();
                ldapMapQuery.setSearchScope(this.ldapMapConfig.getSearchScope());
                ldapMapQuery.setSearchDn(this.roleMapperConfig.getClientRolesDn().replaceAll(".*\\{0},", ""));
                LdapMapObject fetchById = this.identityStore.fetchById(str, ldapMapQuery);
                if (fetchById != null) {
                    LdapMapDn.RDN firstRdn = fetchById.getDn().getParentDn().getFirstRdn();
                    ldapMapRoleEntityFieldDelegate = lookupEntityById(str, firstRdn.getAttrValue(firstRdn.getAllKeys().get(0)));
                }
            }
            if (ldapMapRoleEntityFieldDelegate != null) {
                this.entities.put(str, ldapMapRoleEntityFieldDelegate);
            }
        }
        return ldapMapRoleEntityFieldDelegate;
    }

    private LdapMapRoleEntityFieldDelegate lookupEntityById(String str, String str2) {
        LdapMapObject fetchById = this.identityStore.fetchById(str, getLdapQuery(str2));
        if (fetchById != null) {
            return new LdapMapRoleEntityFieldDelegate(new LdapRoleEntity(fetchById, this.roleMapperConfig, this, str2));
        }
        return null;
    }

    public Stream<MapRoleEntity> read(QueryParameters<RoleModel> queryParameters) {
        Stream empty;
        LdapRoleModelCriteriaBuilder ldapRoleModelCriteriaBuilder = (LdapRoleModelCriteriaBuilder) queryParameters.getModelCriteriaBuilder().flashToModelCriteriaBuilder(createLdapModelCriteriaBuilder());
        Boolean isClientRole = ldapRoleModelCriteriaBuilder.isClientRole();
        String clientId = ldapRoleModelCriteriaBuilder.getClientId();
        LdapMapQuery ldapQuery = getLdapQuery(clientId);
        if (isClientRole == null) {
            ldapQuery.setSearchDn(this.roleMapperConfig.getCommonRolesDn());
        }
        ldapQuery.setModelCriteriaBuilder(ldapRoleModelCriteriaBuilder.withCustomFilter(this.roleMapperConfig.getCustomLdapFilter()));
        MapModelCriteriaBuilder flashToModelCriteriaBuilder = queryParameters.getModelCriteriaBuilder().flashToModelCriteriaBuilder(createCriteriaBuilderMap());
        Stream stream = ((List) this.entities.entrySet().stream().filter(entry -> {
            return flashToModelCriteriaBuilder.getKeyFilter().test(this.keyConverter.fromString((String) entry.getKey())) && !this.deletedKeys.contains(entry.getKey());
        }).map((v0) -> {
            return v0.getValue();
        }).filter(flashToModelCriteriaBuilder.getEntityFilter()).collect(Collectors.toList())).stream();
        try {
            empty = ((List) this.identityStore.fetchQueryResults(ldapQuery).stream().map(ldapMapObject -> {
                StreamUtils.Pair<Boolean, String> clientId2 = getClientId(ldapMapObject.getDn());
                if (clientId2 == null) {
                    return null;
                }
                LdapMapRoleEntityFieldDelegate ldapMapRoleEntityFieldDelegate = new LdapMapRoleEntityFieldDelegate(new LdapRoleEntity(ldapMapObject, this.roleMapperConfig, this, (String) clientId2.getV()));
                if (((LdapMapRoleEntityFieldDelegate) this.entities.get(ldapMapRoleEntityFieldDelegate.getId())) != null) {
                    return null;
                }
                this.entities.put(ldapMapRoleEntityFieldDelegate.getId(), ldapMapRoleEntityFieldDelegate);
                return ldapMapRoleEntityFieldDelegate;
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).filter(mapRoleEntity -> {
                return !this.deletedKeys.contains(mapRoleEntity.getId());
            }).filter(mapRoleEntity2 -> {
                return flashToModelCriteriaBuilder.getKeyFilter().test(mapRoleEntity2.getId());
            }).filter(mapRoleEntity3 -> {
                return flashToModelCriteriaBuilder.getEntityFilter().test(mapRoleEntity3);
            }).collect(Collectors.toList())).stream();
        } catch (ModelException e) {
            if (clientId == null || !(e.getCause() instanceof NamingException)) {
                throw e;
            }
            empty = Stream.empty();
        }
        Stream<MapRoleEntity> concat = Stream.concat(empty, stream);
        if (!queryParameters.getOrderBy().isEmpty()) {
            concat = concat.sorted(MapFieldPredicates.getComparator(queryParameters.getOrderBy().stream()));
        }
        if (queryParameters.getOffset() != null) {
            concat = concat.skip(queryParameters.getOffset().intValue());
        }
        if (queryParameters.getLimit() != null) {
            concat = concat.limit(queryParameters.getLimit().intValue());
        }
        return concat;
    }

    private StreamUtils.Pair<Boolean, String> getClientId(LdapMapDn ldapMapDn) {
        if (ldapMapDn.getParentDn().equals(LdapMapDn.fromString(this.roleMapperConfig.getRealmRolesDn()))) {
            return new StreamUtils.Pair<>(false, (Object) null);
        }
        String clientRolesDn = this.roleMapperConfig.getClientRolesDn();
        if (clientRolesDn == null) {
            return null;
        }
        if (!ldapMapDn.getParentDn().getParentDn().equals(LdapMapDn.fromString(clientRolesDn.replaceAll(".*\\{0},", "")))) {
            return null;
        }
        LdapMapDn.RDN firstRdn = ldapMapDn.getParentDn().getFirstRdn();
        return new StreamUtils.Pair<>(true, firstRdn.getAttrValue(firstRdn.getAllKeys().get(0)));
    }

    private LdapMapQuery getLdapQuery(String str) {
        LdapMapQuery ldapMapQuery = new LdapMapQuery();
        ldapMapQuery.setSearchScope(this.ldapMapConfig.getSearchScope());
        ldapMapQuery.setSearchDn(this.roleMapperConfig.getRolesDn(str));
        ldapMapQuery.addObjectClasses(this.ldapMapConfig.getRoleObjectClasses());
        ldapMapQuery.addReturningLdapAttribute(this.roleMapperConfig.getRoleNameLdapAttribute());
        ldapMapQuery.addReturningLdapAttribute("description");
        ldapMapQuery.addReturningLdapAttribute(this.roleMapperConfig.getMembershipLdapAttribute());
        Set<String> roleAttributes = this.roleMapperConfig.getRoleAttributes();
        Objects.requireNonNull(ldapMapQuery);
        roleAttributes.forEach(ldapMapQuery::addReturningLdapAttribute);
        return ldapMapQuery;
    }

    @Override // org.keycloak.models.map.storage.ldap.LdapMapKeycloakTransaction
    public void commit() {
        super.commit();
        Iterator<LdapMapKeycloakTransaction.MapTaskWithValue> it = this.tasksOnCommit.iterator();
        while (it.hasNext()) {
            it.next().execute();
        }
        this.entities.forEach((str, ldapMapRoleEntityFieldDelegate) -> {
            if (ldapMapRoleEntityFieldDelegate.isUpdated()) {
                this.identityStore.update(ldapMapRoleEntityFieldDelegate.getLdapMapObject());
            }
        });
        this.tasksOnCommit.clear();
        this.entities.clear();
        this.tasksOnRollback.clear();
    }

    @Override // org.keycloak.models.map.storage.ldap.LdapMapKeycloakTransaction
    public void rollback() {
        super.rollback();
        Iterator<LdapMapKeycloakTransaction.MapTaskWithValue> descendingIterator = this.tasksOnRollback.descendingIterator();
        while (descendingIterator.hasNext()) {
            descendingIterator.next().execute();
        }
    }

    protected LdapRoleModelCriteriaBuilder createLdapModelCriteriaBuilder() {
        return new LdapRoleModelCriteriaBuilder(this.roleMapperConfig);
    }

    public void close() {
        this.identityStore.close();
    }
}
