package de.arbeitsagentur.opdt.keycloak.cassandra.user;

import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.UserRepository;
import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.entities.CredentialValue;
import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.entities.User;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import lombok.Generated;
import org.jboss.logging.Logger;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialInputUpdater;
import org.keycloak.credential.CredentialInputValidator;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.CredentialProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SubjectCredentialManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:de/arbeitsagentur/opdt/keycloak/cassandra/user/CassandraCredentialManager.class */
public class CassandraCredentialManager implements SubjectCredentialManager {

    @Generated
    private static final Logger log = Logger.getLogger(CassandraCredentialManager.class);
    private static final int PRIORITY_DIFFERENCE = 10;
    private final KeycloakSession session;
    private final RealmModel realm;
    private final UserRepository userRepository;
    private final UserModel user;
    private final User userEntity;

    public boolean isValid(List<CredentialInput> list) {
        if (!isValid(this.user)) {
            return false;
        }
        LinkedList linkedList = new LinkedList(list);
        getCredentialProviders(this.session, CredentialInputValidator.class).forEach(credentialInputValidator -> {
            validate(this.realm, this.user, linkedList, credentialInputValidator);
        });
        return linkedList.isEmpty();
    }

    public boolean updateCredential(CredentialInput credentialInput) {
        return getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater -> {
            return credentialInputUpdater.supportsCredentialType(credentialInput.getType());
        }).anyMatch(credentialInputUpdater2 -> {
            return credentialInputUpdater2.updateCredential(this.realm, this.user, credentialInput);
        });
    }

    public void updateStoredCredential(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        CredentialValue fromModel = fromModel(credentialModel);
        this.userEntity.getCredentials().remove(fromModel);
        this.userEntity.getCredentials().add(fromModel);
        this.userRepository.insertOrUpdate(this.userEntity);
    }

    public CredentialModel createStoredCredential(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        if (this.userEntity.hasCredential(credentialModel.getId())) {
            throw new ModelDuplicateException("A CredentialModel with given id already exists");
        }
        CredentialValue fromModel = fromModel(credentialModel);
        List<CredentialValue> sortedCredentials = this.userEntity.getSortedCredentials();
        fromModel.setPriority(sortedCredentials.isEmpty() ? PRIORITY_DIFFERENCE : sortedCredentials.get(sortedCredentials.size() - 1).getPriority() + PRIORITY_DIFFERENCE);
        this.userEntity.getCredentials().remove(fromModel);
        this.userEntity.getCredentials().add(fromModel);
        this.userRepository.insertOrUpdate(this.userEntity);
        return toModel(fromModel);
    }

    public boolean removeStoredCredentialById(String str) {
        throwExceptionIfInvalidUser(this.user);
        if (!this.userEntity.getCredentials().remove(CredentialValue.builder().id(str).build())) {
            return false;
        }
        this.userRepository.insertOrUpdate(this.userEntity);
        return true;
    }

    public CredentialModel getStoredCredentialById(String str) {
        CredentialValue orElse = this.userEntity.getCredentials().stream().filter(credentialValue -> {
            return credentialValue.getId().equals(str);
        }).findFirst().orElse(null);
        if (orElse == null) {
            return null;
        }
        return toModel(orElse);
    }

    public Stream<CredentialModel> getStoredCredentialsStream() {
        return this.userEntity.getSortedCredentials().stream().map(this::toModel);
    }

    public Stream<CredentialModel> getStoredCredentialsByTypeStream(String str) {
        return getStoredCredentialsStream().filter(credentialModel -> {
            return Objects.equals(str, credentialModel.getType());
        });
    }

    public CredentialModel getStoredCredentialByNameAndType(String str, String str2) {
        return getStoredCredentialsStream().filter(credentialModel -> {
            return Objects.equals(str, credentialModel.getUserLabel());
        }).findFirst().orElse(null);
    }

    public boolean moveStoredCredentialTo(String str, String str2) {
        throwExceptionIfInvalidUser(this.user);
        List<CredentialValue> sortedCredentials = this.userEntity.getSortedCredentials();
        int i = -1;
        int i2 = -1;
        CredentialValue credentialValue = null;
        int i3 = 0;
        for (CredentialValue credentialValue2 : sortedCredentials) {
            if (str.equals(credentialValue2.getId())) {
                i = i3;
                credentialValue = credentialValue2;
            } else if (str2 != null && str2.equals(credentialValue2.getId())) {
                i2 = i3;
            }
            i3++;
        }
        if (i == -1) {
            log.debugf("Not found credential with id [%s] of user [%s]", str, this.user.getUsername());
            return false;
        }
        if (str2 != null && i2 == -1) {
            log.debugf("Can't move up credential with id [%s] of user [%s]", str, this.user.getUsername());
            return false;
        }
        int i4 = str2 == null ? 0 : i2 + 1;
        if (i4 == i) {
            return true;
        }
        sortedCredentials.add(i4, credentialValue);
        sortedCredentials.remove(i4 < i ? i + 1 : i);
        int i5 = 0;
        for (CredentialValue credentialValue3 : sortedCredentials) {
            i5 += PRIORITY_DIFFERENCE;
            if (credentialValue3.getPriority() != i5) {
                credentialValue3.setPriority(i5);
                log.tracef("Priority of credential [%s] of user [%s] changed to [%d]", credentialValue3.getId(), this.user.getUsername(), Integer.valueOf(i5));
                this.userEntity.getCredentials().remove(credentialValue3);
                this.userEntity.getCredentials().add(credentialValue3);
                this.userRepository.insertOrUpdate(this.userEntity);
            }
        }
        return true;
    }

    public void updateCredentialLabel(String str, String str2) {
        throwExceptionIfInvalidUser(this.user);
        CredentialModel storedCredentialById = getStoredCredentialById(str);
        storedCredentialById.setUserLabel(str2);
        updateStoredCredential(storedCredentialById);
    }

    public void disableCredentialType(String str) {
        getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater -> {
            return credentialInputUpdater.supportsCredentialType(str);
        }).forEach(credentialInputUpdater2 -> {
            credentialInputUpdater2.disableCredentialType(this.realm, this.user, str);
        });
    }

    public Stream<String> getDisableableCredentialTypesStream() {
        return getCredentialProviders(this.session, CredentialInputUpdater.class).flatMap(credentialInputUpdater -> {
            return credentialInputUpdater.getDisableableCredentialTypesStream(this.realm, this.user);
        }).distinct();
    }

    public boolean isConfiguredFor(String str) {
        return getCredentialProviders(this.session, CredentialInputValidator.class).anyMatch(credentialInputValidator -> {
            return credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(this.realm, this.user, str);
        });
    }

    @Deprecated
    public boolean isConfiguredLocally(String str) {
        throw new IllegalArgumentException("this is not supported for map storage");
    }

    @Deprecated
    public Stream<String> getConfiguredUserStorageCredentialTypesStream() {
        return Stream.empty();
    }

    @Deprecated
    public CredentialModel createCredentialThroughProvider(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        return (CredentialModel) this.session.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).map(providerFactory -> {
            return this.session.getProvider(CredentialProvider.class, providerFactory.getId());
        }).filter(credentialProvider -> {
            return Objects.equals(credentialProvider.getType(), credentialModel.getType());
        }).map(credentialProvider2 -> {
            return credentialProvider2.createCredential(this.realm, this.user, credentialProvider2.getCredentialFromModel(credentialModel));
        }).findFirst().orElse(null);
    }

    private boolean isValid(UserModel userModel) {
        Objects.requireNonNull(userModel);
        return userModel.getServiceAccountClientLink() == null;
    }

    private void validate(RealmModel realmModel, UserModel userModel, List<CredentialInput> list, CredentialInputValidator credentialInputValidator) {
        list.removeIf(credentialInput -> {
            return credentialInputValidator.supportsCredentialType(credentialInput.getType()) && credentialInputValidator.isValid(realmModel, userModel, credentialInput);
        });
    }

    private static <T> Stream<T> getCredentialProviders(KeycloakSession keycloakSession, Class<T> cls) {
        return (Stream<T>) keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).filter(providerFactory -> {
            return Types.supports(cls, providerFactory, CredentialProviderFactory.class);
        }).map(providerFactory2 -> {
            return keycloakSession.getProvider(CredentialProvider.class, providerFactory2.getId());
        });
    }

    private void throwExceptionIfInvalidUser(UserModel userModel) {
        if (!isValid(userModel)) {
            throw new RuntimeException("You can not manage credentials for this user");
        }
    }

    private CredentialValue fromModel(CredentialModel credentialModel) {
        return CredentialValue.builder().id(credentialModel.getId() == null ? KeycloakModelUtils.generateId() : credentialModel.getId()).created(credentialModel.getCreatedDate().longValue()).userLabel(credentialModel.getUserLabel()).type(credentialModel.getType()).secretData(credentialModel.getSecretData()).credentialData(credentialModel.getCredentialData()).build();
    }

    private CredentialModel toModel(CredentialValue credentialValue) {
        CredentialModel credentialModel = new CredentialModel();
        credentialModel.setId(credentialValue.getId());
        credentialModel.setCreatedDate(Long.valueOf(credentialValue.getCreated()));
        credentialModel.setUserLabel(credentialValue.getUserLabel());
        credentialModel.setType(credentialValue.getType());
        credentialModel.setSecretData(credentialValue.getSecretData());
        credentialModel.setCredentialData(credentialValue.getCredentialData());
        return credentialModel;
    }

    @Generated
    public CassandraCredentialManager(KeycloakSession keycloakSession, RealmModel realmModel, UserRepository userRepository, UserModel userModel, User user) {
        this.session = keycloakSession;
        this.realm = realmModel;
        this.userRepository = userRepository;
        this.user = userModel;
        this.userEntity = user;
    }
}
