package org.keycloak.storage.ldap.mappers.membership;

import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.keycloak.storage.ldap.LDAPConfig;
import org.keycloak.storage.ldap.LDAPUtils;
import org.keycloak.storage.ldap.idm.model.LDAPDn;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.Condition;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder;

/* loaded from: input_file:org/keycloak/storage/ldap/mappers/membership/UserRolesRetrieveStrategy.class */
public interface UserRolesRetrieveStrategy {

    /* loaded from: input_file:org/keycloak/storage/ldap/mappers/membership/UserRolesRetrieveStrategy$GetRolesFromUserMemberOfAttribute.class */
    public static class GetRolesFromUserMemberOfAttribute implements UserRolesRetrieveStrategy {
        @Override // org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy
        public List<LDAPObject> getLDAPRoleMappings(CommonLDAPGroupMapper commonLDAPGroupMapper, LDAPObject lDAPObject, LDAPConfig lDAPConfig) {
            Set<String> attributeAsSet = lDAPObject.getAttributeAsSet(commonLDAPGroupMapper.getConfig().getMemberOfLdapAttribute());
            if (attributeAsSet == null) {
                return Collections.emptyList();
            }
            LinkedList linkedList = new LinkedList();
            LDAPDn fromString = LDAPDn.fromString(commonLDAPGroupMapper.getConfig().getLDAPGroupsDn());
            Iterator<String> it = attributeAsSet.iterator();
            while (it.hasNext()) {
                LDAPDn fromString2 = LDAPDn.fromString(it.next());
                if (fromString2.isDescendantOf(fromString)) {
                    LDAPObject lDAPObject2 = new LDAPObject();
                    lDAPObject2.setDn(fromString2);
                    LDAPDn.RDN firstRdn = fromString2.getFirstRdn();
                    String lDAPGroupNameLdapAttribute = commonLDAPGroupMapper.getConfig().getLDAPGroupNameLdapAttribute();
                    String attrValue = firstRdn.getAttrValue(lDAPGroupNameLdapAttribute);
                    if (attrValue != null) {
                        lDAPObject2.setRdnAttributeName(lDAPGroupNameLdapAttribute);
                        lDAPObject2.setSingleAttribute(lDAPGroupNameLdapAttribute, attrValue);
                        linkedList.add(lDAPObject2);
                    }
                }
            }
            return linkedList;
        }

        @Override // org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy
        public void beforeUserLDAPQuery(CommonLDAPGroupMapper commonLDAPGroupMapper, LDAPQuery lDAPQuery) {
            String memberOfLdapAttribute = commonLDAPGroupMapper.getConfig().getMemberOfLdapAttribute();
            lDAPQuery.addReturningLdapAttribute(memberOfLdapAttribute);
            lDAPQuery.addReturningReadOnlyLdapAttribute(memberOfLdapAttribute);
        }
    }

    /* loaded from: input_file:org/keycloak/storage/ldap/mappers/membership/UserRolesRetrieveStrategy$LoadRolesByMember.class */
    public static class LoadRolesByMember implements UserRolesRetrieveStrategy {
        @Override // org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy
        public List<LDAPObject> getLDAPRoleMappings(CommonLDAPGroupMapper commonLDAPGroupMapper, LDAPObject lDAPObject, LDAPConfig lDAPConfig) {
            LDAPQuery createLDAPGroupQuery = commonLDAPGroupMapper.createLDAPGroupQuery();
            try {
                createLDAPGroupQuery.addWhereCondition(getMembershipCondition(commonLDAPGroupMapper.getConfig().getMembershipLdapAttribute(), LDAPUtils.getMemberValueOfChildObject(lDAPObject, commonLDAPGroupMapper.getConfig().getMembershipTypeLdapAttribute(), commonLDAPGroupMapper.getConfig().getMembershipUserLdapAttribute(lDAPConfig))));
                List<LDAPObject> loadAllLDAPObjects = LDAPUtils.loadAllLDAPObjects(createLDAPGroupQuery, lDAPConfig);
                if (createLDAPGroupQuery != null) {
                    createLDAPGroupQuery.close();
                }
                return loadAllLDAPObjects;
            } catch (Throwable th) {
                if (createLDAPGroupQuery != null) {
                    try {
                        createLDAPGroupQuery.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }

        @Override // org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy
        public void beforeUserLDAPQuery(CommonLDAPGroupMapper commonLDAPGroupMapper, LDAPQuery lDAPQuery) {
        }

        protected Condition getMembershipCondition(String str, String str2) {
            return new LDAPQueryConditionsBuilder().equal(str, str2);
        }
    }

    /* loaded from: input_file:org/keycloak/storage/ldap/mappers/membership/UserRolesRetrieveStrategy$LoadRolesByMemberRecursively.class */
    public static class LoadRolesByMemberRecursively extends LoadRolesByMember {
        @Override // org.keycloak.storage.ldap.mappers.membership.UserRolesRetrieveStrategy.LoadRolesByMember
        protected Condition getMembershipCondition(String str, String str2) {
            return new LDAPQueryConditionsBuilder().equal(str + ":1.2.840.113556.1.4.1941:", str2);
        }
    }

    List<LDAPObject> getLDAPRoleMappings(CommonLDAPGroupMapper commonLDAPGroupMapper, LDAPObject lDAPObject, LDAPConfig lDAPConfig);

    void beforeUserLDAPQuery(CommonLDAPGroupMapper commonLDAPGroupMapper, LDAPQuery lDAPQuery);
}
