package de.arbeitsagentur.opdt.keycloak.cassandra.user;

import de.arbeitsagentur.opdt.keycloak.cassandra.AbstractCassandraProvider;
import de.arbeitsagentur.opdt.keycloak.cassandra.cache.ThreadLocalCache;
import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.UserRepository;
import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.entities.FederatedIdentity;
import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.entities.User;
import java.time.Instant;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.StackUtil;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SubjectCredentialManager;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:de/arbeitsagentur/opdt/keycloak/cassandra/user/CassandraUserProvider.class */
public class CassandraUserProvider extends AbstractCassandraProvider implements UserProvider {
    private static final Logger log = Logger.getLogger(CassandraUserProvider.class);
    private final KeycloakSession session;
    private final UserRepository userRepository;

    public CassandraUserProvider(KeycloakSession keycloakSession, UserRepository userRepository) {
        this.session = keycloakSession;
        this.userRepository = userRepository;
    }

    private Function<User, UserModel> entityToAdapterFunc(RealmModel realmModel) {
        return user -> {
            if (user == null) {
                return null;
            }
            return new CassandraUserAdapter(realmModel, this.userRepository, user) { // from class: de.arbeitsagentur.opdt.keycloak.cassandra.user.CassandraUserProvider.1
                @Override // de.arbeitsagentur.opdt.keycloak.cassandra.user.CassandraUserAdapter
                public boolean checkEmailUniqueness(RealmModel realmModel2, String str) {
                    return CassandraUserProvider.this.getUserByEmail(realmModel2, str) != null;
                }

                @Override // de.arbeitsagentur.opdt.keycloak.cassandra.user.CassandraUserAdapter
                public boolean checkUsernameUniqueness(RealmModel realmModel2, String str) {
                    return CassandraUserProvider.this.getUserByUsername(realmModel2, str) != null;
                }

                @Override // de.arbeitsagentur.opdt.keycloak.cassandra.user.CassandraUserAdapter
                public SubjectCredentialManager credentialManager() {
                    return new CassandraCredentialManager(CassandraUserProvider.this.session, realmModel, CassandraUserProvider.this.userRepository, this, user);
                }
            };
        };
    }

    public UserModel addUser(RealmModel realmModel, String str) {
        return addUser(realmModel, null, str, true, true);
    }

    public UserModel addUser(RealmModel realmModel, String str, String str2, boolean z, boolean z2) {
        log.debugv("addUser realm={0} id={1} username={2}", realmModel, str, str2);
        if (getUserByUsername(realmModel, str2) != null) {
            throw new ModelDuplicateException("User with username '" + str2 + "' in realm " + realmModel.getName() + " already exists");
        }
        if (str != null && this.userRepository.findUserById(realmModel.getId(), str) != null) {
            throw new ModelDuplicateException("User exists: " + str);
        }
        User build = User.builder().id(str == null ? KeycloakModelUtils.generateId() : str).realmId(realmModel.getId()).createdTimestamp(Instant.now()).build();
        this.userRepository.createOrUpdateUser(realmModel.getId(), build);
        UserModel apply = entityToAdapterFunc(realmModel).apply(build);
        apply.setUsername(str2);
        if (z) {
            if (realmModel.getDefaultRole() != null) {
                apply.grantRole(realmModel.getDefaultRole());
            }
            Stream defaultGroupsStream = realmModel.getDefaultGroupsStream();
            Objects.requireNonNull(apply);
            defaultGroupsStream.forEach(apply::joinGroup);
        }
        if (z2) {
            Stream map = realmModel.getRequiredActionProvidersStream().filter((v0) -> {
                return v0.isEnabled();
            }).filter((v0) -> {
                return v0.isDefaultAction();
            }).map((v0) -> {
                return v0.getAlias();
            });
            Objects.requireNonNull(apply);
            map.forEach(apply::addRequiredAction);
        }
        return apply;
    }

    public void setNotBeforeForUser(RealmModel realmModel, UserModel userModel, int i) {
        getByIdOrThrow(realmModel, userModel).setSingleAttribute(CassandraUserAdapter.NOT_BEFORE, String.valueOf(i));
    }

    public int getNotBeforeOfUser(RealmModel realmModel, UserModel userModel) {
        String firstAttribute = getByIdOrThrow(realmModel, userModel).getFirstAttribute(CassandraUserAdapter.NOT_BEFORE);
        if (firstAttribute == null) {
            return 0;
        }
        return Integer.parseInt(firstAttribute);
    }

    public UserModel getServiceAccount(ClientModel clientModel) {
        return entityToAdapterFunc(clientModel.getRealm()).apply(this.userRepository.findUserByServiceAccountLink(clientModel.getRealm().getId(), clientModel.getId()));
    }

    public void removeImportedUsers(RealmModel realmModel, String str) {
        log.tracef("removeImportedUsers(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        this.userRepository.findUsersByFederationLink(realmModel.getId(), str).forEach(user -> {
            this.userRepository.deleteUser(realmModel.getId(), user.getId());
        });
    }

    public void unlinkUsers(RealmModel realmModel, String str) {
        log.tracef("unlinkUsers(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        this.userRepository.findUsersByFederationLink(realmModel.getId(), str).forEach(user -> {
            this.userRepository.deleteFederationLinkSearchIndex(realmModel.getId(), user);
        });
    }

    public void addConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
    }

    public UserConsentModel getConsentByClient(RealmModel realmModel, String str, String str2) {
        return null;
    }

    public Stream<UserConsentModel> getConsentsStream(RealmModel realmModel, String str) {
        return null;
    }

    public void updateConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
    }

    public boolean revokeConsentForClient(RealmModel realmModel, String str, String str2) {
        return false;
    }

    public void addFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        updateFederatedIdentity(realmModel, userModel, federatedIdentityModel);
    }

    private FederatedIdentity toFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        return FederatedIdentity.builder().userId(userModel.getId()).brokerUserId(federatedIdentityModel.getUserId()).brokerUserName(federatedIdentityModel.getUserName()).realmId(realmModel.getId()).identityProvider(federatedIdentityModel.getIdentityProvider()).token(federatedIdentityModel.getToken()).build();
    }

    private FederatedIdentityModel toModel(FederatedIdentity federatedIdentity) {
        if (federatedIdentity == null) {
            return null;
        }
        return new FederatedIdentityModel(federatedIdentity.getIdentityProvider(), federatedIdentity.getBrokerUserId(), federatedIdentity.getBrokerUserName(), federatedIdentity.getToken());
    }

    public boolean removeFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        return this.userRepository.deleteFederatedIdentity(userModel.getId(), str);
    }

    public void updateFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        if (userModel == null || userModel.getId() == null) {
            return;
        }
        this.userRepository.createOrUpdateFederatedIdentity(toFederatedIdentity(realmModel, userModel, federatedIdentityModel));
    }

    public Stream<FederatedIdentityModel> getFederatedIdentitiesStream(RealmModel realmModel, UserModel userModel) {
        return this.userRepository.findFederatedIdentities(userModel.getId()).stream().map(this::toModel);
    }

    public FederatedIdentityModel getFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        return toModel(this.userRepository.findFederatedIdentity(userModel.getId(), str));
    }

    public UserModel getUserByFederatedIdentity(RealmModel realmModel, FederatedIdentityModel federatedIdentityModel) {
        FederatedIdentity findFederatedIdentityByBrokerUserId = this.userRepository.findFederatedIdentityByBrokerUserId(federatedIdentityModel.getUserId(), federatedIdentityModel.getIdentityProvider());
        if (findFederatedIdentityByBrokerUserId == null) {
            return null;
        }
        return entityToAdapterFunc(realmModel).apply(this.userRepository.findUserById(realmModel.getId(), findFederatedIdentityByBrokerUserId.getUserId()));
    }

    public void grantToAllUsers(RealmModel realmModel, RoleModel roleModel) {
        for (User user : (List) this.userRepository.findAllUsers().stream().filter(user2 -> {
            return user2.getRealmId().equals(realmModel.getId());
        }).collect(Collectors.toList())) {
            if (roleModel.isClientRole()) {
                user.getClientRoles().getOrDefault(roleModel.getContainerId(), new HashSet()).add(roleModel.getId());
            } else {
                user.getRealmRoles().add(roleModel.getId());
            }
            this.userRepository.createOrUpdateUser(realmModel.getId(), user);
        }
    }

    public UserModel getUserById(RealmModel realmModel, String str) {
        log.debugv("getUserById realm={0} id={1}", realmModel, str);
        return entityToAdapterFunc(realmModel).apply(this.userRepository.findUserById(realmModel.getId(), str));
    }

    public UserModel getUserByUsername(RealmModel realmModel, String str) {
        log.debugv("getUserByUsername realm={0} username={1}", realmModel, str);
        return entityToAdapterFunc(realmModel).apply(KeycloakModelUtils.isUsernameCaseSensitive(realmModel) ? this.userRepository.findUserByUsername(realmModel.getId(), str) : this.userRepository.findUserByUsernameCaseInsensitive(realmModel.getId(), KeycloakModelUtils.toLowerCaseSafe(str)));
    }

    public UserModel getUserByEmail(RealmModel realmModel, String str) {
        log.debugv("getUserByEmail realm={0} email={1}", realmModel, str);
        User findUserByEmail = this.userRepository.findUserByEmail(realmModel.getId(), str);
        if (entityToAdapterFunc(realmModel).apply(findUserByEmail) == null) {
            return null;
        }
        return entityToAdapterFunc(realmModel).apply(findUserByEmail);
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, String str, Integer num, Integer num2) {
        log.tracef("searchForUserStream(%s, %s, %d, %d)%s", new Object[]{realmModel, str, num, num2, StackUtil.getShortStackTrace()});
        HashMap hashMap = new HashMap();
        hashMap.put("keycloak.session.realm.users.query.search", str);
        return searchForUserStream(realmModel, hashMap, num, num2);
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, Map<String, String> map, Integer num, Integer num2) {
        String str = map.get("keycloak.session.realm.users.query.search");
        log.debugf("Search with searchString %s", str);
        return str == null ? this.userRepository.findUserIdsByRealmId(realmModel.getId(), num.intValue(), num2.intValue()).stream().flatMap(str2 -> {
            return Optional.ofNullable(getUserById(realmModel, str2)).stream();
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getUsername();
        })) : Optional.ofNullable(this.userRepository.findUserByUsernameCaseInsensitive(realmModel.getId(), KeycloakModelUtils.toLowerCaseSafe(str))).map(entityToAdapterFunc(realmModel)).stream();
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel, Integer num, Integer num2) {
        return Stream.empty();
    }

    public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realmModel, String str, String str2) {
        log.debugf("Search with attribute %s:%s", str, str2);
        return this.userRepository.findAllUsers().stream().filter(user -> {
            return user.getRealmId().equals(realmModel.getId());
        }).filter(user2 -> {
            return user2.getAttribute(str).contains(str2);
        }).map(entityToAdapterFunc(realmModel)).sorted(Comparator.comparing((v0) -> {
            return v0.getUsername();
        }));
    }

    public int getUsersCount(RealmModel realmModel, boolean z) {
        log.debugv("getUsersCount realm={0} includeServiceAccount={1}", realmModel.getId(), Boolean.valueOf(z));
        return (int) this.userRepository.countUsersByRealmId(realmModel.getId(), z);
    }

    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        return this.userRepository.deleteUser(realmModel.getId(), userModel.getId());
    }

    public void preRemove(RealmModel realmModel) {
        log.tracef("preRemove[RealmModel](%s)%s", realmModel, StackUtil.getShortStackTrace());
    }

    public void preRemove(RealmModel realmModel, IdentityProviderModel identityProviderModel) {
        String alias = identityProviderModel.getAlias();
        log.tracef("preRemove[RealmModel realm, IdentityProviderModel provider](%s, %s)%s", realmModel, alias, StackUtil.getShortStackTrace());
        this.userRepository.findUsersByFederationLink(realmModel.getId(), alias).forEach(user -> {
            this.userRepository.deleteFederatedIdentity(realmModel.getId(), alias);
        });
    }

    public void preRemove(RealmModel realmModel, RoleModel roleModel) {
    }

    public void preRemove(RealmModel realmModel, GroupModel groupModel) {
    }

    public void preRemove(RealmModel realmModel, ClientModel clientModel) {
    }

    public void preRemove(ProtocolMapperModel protocolMapperModel) {
    }

    public void preRemove(ClientScopeModel clientScopeModel) {
    }

    public void preRemove(RealmModel realmModel, ComponentModel componentModel) {
    }

    private UserModel getByIdOrThrow(RealmModel realmModel, UserModel userModel) {
        UserModel userById = getUserById(realmModel, userModel.getId());
        if (userById == null) {
            throw new ModelException("Specified user doesn't exist.");
        }
        return userById;
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.AbstractCassandraProvider
    protected String getCacheName() {
        return ThreadLocalCache.USER_CACHE;
    }
}
