package org.keycloak.picketlink.idm;

import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import org.jboss.logging.Logger;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.event.CredentialUpdatedEvent;
import org.picketlink.idm.event.EventBridge;
import org.picketlink.idm.ldap.internal.LDAPIdentityStore;
import org.picketlink.idm.ldap.internal.LDAPOperationManager;
import org.picketlink.idm.model.basic.User;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;
import org.picketlink.idm.spi.StoreSelector;

/* loaded from: input_file:WEB-INF/lib/keycloak-picketlink-ldap-1.0.4.Final.jar:org/keycloak/picketlink/idm/KeycloakEventBridge.class */
public class KeycloakEventBridge implements EventBridge {
    private static final Logger logger = Logger.getLogger((Class<?>) KeycloakEventBridge.class);
    private final boolean updateUserAccountAfterPasswordUpdate;

    public KeycloakEventBridge(boolean z) {
        this.updateUserAccountAfterPasswordUpdate = z;
        if (z) {
            logger.info("userAccountControl attribute will be updated in Active Directory after user registration");
        }
    }

    @Override // org.picketlink.idm.event.EventBridge
    public void raiseEvent(Object obj) {
        if (this.updateUserAccountAfterPasswordUpdate && (obj instanceof CredentialUpdatedEvent)) {
            CredentialUpdatedEvent credentialUpdatedEvent = (CredentialUpdatedEvent) obj;
            PartitionManager partitionMananger = credentialUpdatedEvent.getPartitionMananger();
            CredentialStore storeForCredentialOperation = ((StoreSelector) partitionMananger).getStoreForCredentialOperation((IdentityContext) partitionMananger.createIdentityManager(), credentialUpdatedEvent.getCredential().getClass());
            if (!(storeForCredentialOperation instanceof LDAPIdentityStore)) {
                logger.debug("Store for credential updates is not LDAPIdentityStore. Ignored");
                return;
            }
            LDAPIdentityStore lDAPIdentityStore = (LDAPIdentityStore) storeForCredentialOperation;
            LDAPOperationManager operationManager = lDAPIdentityStore.getOperationManager();
            User user = (User) credentialUpdatedEvent.getAccount();
            String bindingDN = lDAPIdentityStore.getBindingDN(user, true);
            BasicAttribute basicAttribute = new BasicAttribute("userAccountControl", "512");
            new ModificationItem[1][0] = new ModificationItem(2, basicAttribute);
            operationManager.modifyAttribute(bindingDN, basicAttribute);
            logger.debug("Attribute userAccountControls switched to 512 after password update of user " + user.getLoginName());
        }
    }
}
