package org.keycloak.models.map.credential;

import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialInputUpdater;
import org.keycloak.credential.CredentialInputValidator;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.CredentialProviderFactory;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SubjectCredentialManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.map.user.MapUserCredentialEntity;
import org.keycloak.models.map.user.MapUserEntity;

/* loaded from: input_file:org/keycloak/models/map/credential/MapUserCredentialManager.class */
public class MapUserCredentialManager implements SubjectCredentialManager {
    private final UserModel user;
    private final KeycloakSession session;
    private final RealmModel realm;
    private final MapUserEntity entity;

    public MapUserCredentialManager(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, MapUserEntity mapUserEntity) {
        this.user = userModel;
        this.session = keycloakSession;
        this.realm = realmModel;
        this.entity = mapUserEntity;
    }

    public boolean isValid(List<CredentialInput> list) {
        if (!isValid(this.user)) {
            return false;
        }
        LinkedList linkedList = new LinkedList(list);
        this.entity.credentialManager().validateCredentials(linkedList);
        getCredentialProviders(this.session, CredentialInputValidator.class).forEach(credentialInputValidator -> {
            validate(this.realm, this.user, linkedList, credentialInputValidator);
        });
        return linkedList.isEmpty();
    }

    public boolean updateCredential(CredentialInput credentialInput) {
        return this.entity.credentialManager().updateCredential(credentialInput) || getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater -> {
            return credentialInputUpdater.supportsCredentialType(credentialInput.getType());
        }).anyMatch(credentialInputUpdater2 -> {
            return credentialInputUpdater2.updateCredential(this.realm, this.user, credentialInput);
        });
    }

    public void updateStoredCredential(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        this.entity.getCredential(credentialModel.getId()).ifPresent(mapUserCredentialEntity -> {
            mapUserCredentialEntity.setCreatedDate(credentialModel.getCreatedDate());
            mapUserCredentialEntity.setUserLabel(credentialModel.getUserLabel());
            mapUserCredentialEntity.setType(credentialModel.getType());
            mapUserCredentialEntity.setSecretData(credentialModel.getSecretData());
            mapUserCredentialEntity.setCredentialData(credentialModel.getCredentialData());
        });
    }

    public CredentialModel createStoredCredential(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        MapUserCredentialEntity fromModel = MapUserCredentialEntity.fromModel(credentialModel);
        if (this.entity.getCredential(credentialModel.getId()).isPresent()) {
            throw new ModelDuplicateException("A CredentialModel with given id already exists");
        }
        this.entity.addCredential(fromModel);
        return MapUserCredentialEntity.toModel(fromModel);
    }

    public boolean removeStoredCredentialById(String str) {
        throwExceptionIfInvalidUser(this.user);
        return this.entity.removeCredential(str).booleanValue();
    }

    public CredentialModel getStoredCredentialById(String str) {
        return (CredentialModel) this.entity.getCredential(str).map(MapUserCredentialEntity::toModel).orElse(null);
    }

    public Stream<CredentialModel> getStoredCredentialsStream() {
        return ((List) Optional.ofNullable(this.entity.getCredentials()).orElse(Collections.emptyList())).stream().map(MapUserCredentialEntity::toModel);
    }

    public Stream<CredentialModel> getStoredCredentialsByTypeStream(String str) {
        return getStoredCredentialsStream().filter(credentialModel -> {
            return Objects.equals(str, credentialModel.getType());
        });
    }

    public CredentialModel getStoredCredentialByNameAndType(String str, String str2) {
        return getStoredCredentialsStream().filter(credentialModel -> {
            return Objects.equals(str, credentialModel.getUserLabel());
        }).findFirst().orElse(null);
    }

    public boolean moveStoredCredentialTo(String str, String str2) {
        throwExceptionIfInvalidUser(this.user);
        return this.entity.moveCredential(str, str2).booleanValue();
    }

    public void updateCredentialLabel(String str, String str2) {
        throwExceptionIfInvalidUser(this.user);
        CredentialModel storedCredentialById = getStoredCredentialById(str);
        storedCredentialById.setUserLabel(str2);
        updateStoredCredential(storedCredentialById);
    }

    public void disableCredentialType(String str) {
        getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater -> {
            return credentialInputUpdater.supportsCredentialType(str);
        }).forEach(credentialInputUpdater2 -> {
            credentialInputUpdater2.disableCredentialType(this.realm, this.user, str);
        });
    }

    public Stream<String> getDisableableCredentialTypesStream() {
        return Stream.concat(this.entity.credentialManager().getDisableableCredentialTypesStream(), getCredentialProviders(this.session, CredentialInputUpdater.class).flatMap(credentialInputUpdater -> {
            return credentialInputUpdater.getDisableableCredentialTypesStream(this.realm, this.user);
        })).distinct();
    }

    public boolean isConfiguredFor(String str) {
        return this.entity.credentialManager().isConfiguredFor(str) || getCredentialProviders(this.session, CredentialInputValidator.class).anyMatch(credentialInputValidator -> {
            return credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(this.realm, this.user, str);
        });
    }

    @Deprecated
    public boolean isConfiguredLocally(String str) {
        throw new IllegalArgumentException("this is not supported for map storage");
    }

    @Deprecated
    public Stream<String> getConfiguredUserStorageCredentialTypesStream() {
        return Stream.empty();
    }

    @Deprecated
    public CredentialModel createCredentialThroughProvider(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        return (CredentialModel) this.session.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).map(providerFactory -> {
            return this.session.getProvider(CredentialProvider.class, providerFactory.getId());
        }).filter(credentialProvider -> {
            return Objects.equals(credentialProvider.getType(), credentialModel.getType());
        }).map(credentialProvider2 -> {
            return credentialProvider2.createCredential(this.realm, this.user, credentialProvider2.getCredentialFromModel(credentialModel));
        }).findFirst().orElse(null);
    }

    private boolean isValid(UserModel userModel) {
        Objects.requireNonNull(userModel);
        return userModel.getServiceAccountClientLink() == null;
    }

    private void validate(RealmModel realmModel, UserModel userModel, List<CredentialInput> list, CredentialInputValidator credentialInputValidator) {
        list.removeIf(credentialInput -> {
            return credentialInputValidator.supportsCredentialType(credentialInput.getType()) && credentialInputValidator.isValid(realmModel, userModel, credentialInput);
        });
    }

    private static <T> Stream<T> getCredentialProviders(KeycloakSession keycloakSession, Class<T> cls) {
        return (Stream<T>) keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).filter(providerFactory -> {
            return Types.supports(cls, providerFactory, CredentialProviderFactory.class);
        }).map(providerFactory2 -> {
            return keycloakSession.getProvider(CredentialProvider.class, providerFactory2.getId());
        });
    }

    private void throwExceptionIfInvalidUser(UserModel userModel) {
        if (!isValid(userModel)) {
            throw new RuntimeException("You can not manage credentials for this user");
        }
    }
}
