package de.arbeitsagentur.opdt.keycloak.cassandra.user;

import de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter;
import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.UserRepository;
import de.arbeitsagentur.opdt.keycloak.cassandra.user.persistence.entities.User;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.Generated;
import org.jboss.logging.Logger;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SubjectCredentialManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RoleUtils;

/* loaded from: input_file:de/arbeitsagentur/opdt/keycloak/cassandra/user/CassandraUserAdapter.class */
public abstract class CassandraUserAdapter extends TransactionalModelAdapter<User> implements UserModel {

    @Generated
    private static final Logger log = Logger.getLogger(CassandraUserAdapter.class);
    public static final String NOT_BEFORE = "internal.notBefore";
    public static final String REALM_ATTRIBUTE_ENABLE_CHECK_FOR_DUPLICATES_ACROSS_USERNAME_AND_EMAIL = "enableCheckForDuplicatesAcrossUsernameAndEmail";
    private final KeycloakSession session;
    private final RealmModel realm;
    private final UserRepository userRepository;

    public CassandraUserAdapter(KeycloakSession keycloakSession, User user, RealmModel realmModel, UserRepository userRepository) {
        super(user);
        this.session = keycloakSession;
        this.realm = realmModel;
        this.userRepository = userRepository;
    }

    public RealmModel getRealm() {
        return this.realm;
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    public String getId() {
        return ((User) this.entity).getId();
    }

    public String getUsername() {
        return ((User) this.entity).getUsername();
    }

    public boolean hasUsername(String str) {
        if (str == null) {
            return false;
        }
        return KeycloakModelUtils.isUsernameCaseSensitive(this.realm) ? str.equals(((User) this.entity).getUsername()) : KeycloakModelUtils.toLowerCaseSafe(str).equals(((User) this.entity).getUsernameCaseInsensitive());
    }

    public void setUsername(String str) {
        if (str == null) {
            return;
        }
        if ((KeycloakModelUtils.isUsernameCaseSensitive(this.realm) ? str : KeycloakModelUtils.toLowerCaseSafe(str)).equals(KeycloakModelUtils.isUsernameCaseSensitive(this.realm) ? ((User) this.entity).getUsername() : ((User) this.entity).getUsernameCaseInsensitive())) {
            return;
        }
        if (checkUsernameUniqueness(this.realm, str)) {
            throw new ModelDuplicateException("A user with username " + str + " already exists");
        }
        if (usernameEqualsExistingEmail(this.realm, str)) {
            throw new ModelDuplicateException("Username cannot be set to " + str + " as this already used as email by another user");
        }
        User build = ((User) this.entity).toBuilder().build();
        ((User) this.entity).setUsername(str);
        ((User) this.entity).setUsernameCaseInsensitive(KeycloakModelUtils.toLowerCaseSafe(str));
        markUpdated(() -> {
            this.userRepository.deleteUsernameSearchIndex(this.realm.getId(), build);
        });
    }

    private boolean usernameEqualsExistingEmail(RealmModel realmModel, String str) {
        if (!isCheckForDuplicatesAcrossUsernameAndEmailEnabled(realmModel) || realmModel.isDuplicateEmailsAllowed() || str.equals(getEmail())) {
            return false;
        }
        return checkEmailUniqueness(realmModel, str);
    }

    public static boolean isCheckForDuplicatesAcrossUsernameAndEmailEnabled(RealmModel realmModel) {
        return realmModel.getAttribute(REALM_ATTRIBUTE_ENABLE_CHECK_FOR_DUPLICATES_ACROSS_USERNAME_AND_EMAIL, false).booleanValue();
    }

    public String getEmail() {
        return ((User) this.entity).getEmail();
    }

    public void setEmail(String str) {
        String lowerCaseSafe = KeycloakModelUtils.toLowerCaseSafe(str);
        if (lowerCaseSafe != null) {
            if (lowerCaseSafe.equals(getEmail())) {
                return;
            }
            if (ObjectUtil.isBlank(lowerCaseSafe)) {
                lowerCaseSafe = null;
            }
        }
        if (!this.realm.isDuplicateEmailsAllowed() && lowerCaseSafe != null && checkEmailUniqueness(this.realm, lowerCaseSafe)) {
            throw new ModelDuplicateException("A user with email " + lowerCaseSafe + " already exists");
        }
        if (lowerCaseSafe != null && emailEqualsExistingMail(this.realm, lowerCaseSafe)) {
            throw new ModelDuplicateException("Another user already uses the email " + lowerCaseSafe + " as username");
        }
        User build = ((User) this.entity).toBuilder().build();
        ((User) this.entity).setEmail(lowerCaseSafe);
        markUpdated(() -> {
            this.userRepository.deleteEmailSearchIndex(this.realm.getId(), build);
        });
    }

    private boolean emailEqualsExistingMail(RealmModel realmModel, String str) {
        if (!isCheckForDuplicatesAcrossUsernameAndEmailEnabled(realmModel) || realmModel.isDuplicateEmailsAllowed() || getUsername().equals(str)) {
            return false;
        }
        return checkUsernameUniqueness(realmModel, str);
    }

    public String getFirstName() {
        return ((User) this.entity).getFirstName();
    }

    public void setFirstName(String str) {
        ((User) this.entity).setFirstName(str);
        markUpdated();
    }

    public String getLastName() {
        return ((User) this.entity).getLastName();
    }

    public void setLastName(String str) {
        ((User) this.entity).setLastName(str);
        markUpdated();
    }

    public Long getCreatedTimestamp() {
        return Long.valueOf(((User) this.entity).getCreatedTimestamp().getEpochSecond() * 1000);
    }

    public void setCreatedTimestamp(Long l) {
    }

    public boolean isEnabled() {
        return ((User) this.entity).getEnabled() != null && ((User) this.entity).getEnabled().booleanValue();
    }

    public boolean isEmailVerified() {
        return ((User) this.entity).getEmailVerified() != null && ((User) this.entity).getEmailVerified().booleanValue();
    }

    public void setEmailVerified(boolean z) {
        ((User) this.entity).setEmailVerified(Boolean.valueOf(z));
        markUpdated();
    }

    public void setEnabled(boolean z) {
        ((User) this.entity).setEnabled(Boolean.valueOf(z));
        markUpdated();
    }

    public Map<String, List<String>> getAttributes() {
        log.debugv("get attributes: realm={0} userId={1}", this.realm.getId(), ((User) this.entity).getId());
        Map<String, List<String>> allAttributes = getAllAttributes();
        MultivaluedHashMap multivaluedHashMap = allAttributes == null ? new MultivaluedHashMap() : new MultivaluedHashMap(allAttributes);
        multivaluedHashMap.add("firstName", ((User) this.entity).getFirstName());
        multivaluedHashMap.add("lastName", ((User) this.entity).getLastName());
        multivaluedHashMap.add("email", ((User) this.entity).getEmail());
        multivaluedHashMap.add("username", ((User) this.entity).getUsername());
        return multivaluedHashMap;
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    public void setAttribute(String str, List<String> list) {
        if (setSpecialAttributeValue(str, (list == null || list.isEmpty()) ? null : list.get(0))) {
            return;
        }
        User build = ((User) this.entity).toBuilder().build();
        super.setAttribute(str, list);
        addPostUpdateTask(() -> {
            this.userRepository.deleteAttributeSearchIndex(this.realm.getId(), build, str);
        });
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    public void setSingleAttribute(String str, String str2) {
        if (setSpecialAttributeValue(str, str2)) {
            return;
        }
        User build = ((User) this.entity).toBuilder().build();
        super.setAttribute(str, str2);
        addPostUpdateTask(() -> {
            this.userRepository.deleteAttributeSearchIndex(this.realm.getId(), build, str);
        });
    }

    public String getFirstAttribute(String str) {
        return getSpecialAttributeValue(str).orElseGet(() -> {
            return getAttribute(str);
        });
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    public void removeAttribute(String str) {
        User build = ((User) this.entity).toBuilder().build();
        super.removeAttribute(str);
        addPostUpdateTask(() -> {
            this.userRepository.deleteAttributeSearchIndex(this.realm.getId(), build, str);
        });
    }

    public void grantRole(RoleModel roleModel) {
        log.debugv("grant role mapping: realm={0} userId={1} role={2}", this.realm.getId(), ((User) this.entity).getId(), roleModel.getName());
        if (roleModel.isClientRole()) {
            Set<String> orDefault = ((User) this.entity).getClientRoles().getOrDefault(roleModel.getContainerId(), new HashSet());
            orDefault.add(roleModel.getId());
            ((User) this.entity).getClientRoles().put(roleModel.getContainerId(), orDefault);
        } else {
            ((User) this.entity).getRealmRoles().add(roleModel.getId());
        }
        markUpdated();
    }

    public void deleteRoleMapping(RoleModel roleModel) {
        log.debugv("delete role mapping: realm={0} userId={1} role={2}", this.realm.getId(), ((User) this.entity).getId(), roleModel.getName());
        if (roleModel.isClientRole()) {
            Set<String> orDefault = ((User) this.entity).getClientRoles().getOrDefault(roleModel.getContainerId(), new HashSet());
            orDefault.remove(roleModel.getId());
            ((User) this.entity).getClientRoles().put(roleModel.getContainerId(), orDefault);
        } else {
            ((User) this.entity).getRealmRoles().remove(roleModel.getId());
        }
        markUpdated();
    }

    public void addRequiredAction(UserModel.RequiredAction requiredAction) {
        ((User) this.entity).getRequiredActions().add(requiredAction.name());
        markUpdated();
    }

    public void addRequiredAction(String str) {
        ((User) this.entity).getRequiredActions().add(str);
        markUpdated();
    }

    public void removeRequiredAction(UserModel.RequiredAction requiredAction) {
        ((User) this.entity).getRequiredActions().remove(requiredAction.name());
        markUpdated();
    }

    public void removeRequiredAction(String str) {
        ((User) this.entity).getRequiredActions().remove(str);
        markUpdated();
    }

    public String getFederationLink() {
        return ((User) this.entity).getFederationLink();
    }

    public void setFederationLink(String str) {
        User build = ((User) this.entity).toBuilder().build();
        ((User) this.entity).setFederationLink(str);
        markUpdated(() -> {
            this.userRepository.deleteFederationLinkSearchIndex(this.realm.getId(), build);
        });
    }

    public String getServiceAccountClientLink() {
        return ((User) this.entity).getServiceAccountClientLink();
    }

    public void setServiceAccountClientLink(String str) {
        User build = ((User) this.entity).toBuilder().build();
        ((User) this.entity).setServiceAccountClientLink(str);
        markUpdated(() -> {
            this.userRepository.deleteServiceAccountLinkSearchIndex(this.realm.getId(), build);
        });
    }

    public Stream<String> getAttributeStream(String str) {
        return ((List) getSpecialAttributeValue(str).map((v0) -> {
            return Collections.singletonList(v0);
        }).orElseGet(() -> {
            return ((User) this.entity).getAttribute(str);
        })).stream();
    }

    public Stream<String> getRequiredActionsStream() {
        return ((User) this.entity).getRequiredActions().stream();
    }

    public Stream<GroupModel> getGroupsStream() {
        Set<String> groupsMembership = ((User) this.entity).getGroupsMembership();
        return (groupsMembership == null || groupsMembership.isEmpty()) ? Stream.empty() : this.session.groups().getGroupsStream(this.realm, groupsMembership.stream());
    }

    public void joinGroup(GroupModel groupModel) {
        if (RoleUtils.isDirectMember(getGroupsStream(), groupModel)) {
            return;
        }
        ((User) this.entity).addGroupsMembership(groupModel.getId());
        markUpdated();
    }

    public void leaveGroup(GroupModel groupModel) {
        ((User) this.entity).removeGroupsMembership(groupModel.getId());
        markUpdated();
    }

    public boolean isMemberOf(GroupModel groupModel) {
        return RoleUtils.isMember(getGroupsStream(), groupModel);
    }

    public Stream<RoleModel> getRealmRoleMappingsStream() {
        return getRoleMappingsStream().filter(RoleUtils::isRealmRole);
    }

    public Stream<RoleModel> getClientRoleMappingsStream(ClientModel clientModel) {
        return getRoleMappingsStream().filter(roleModel -> {
            return RoleUtils.isClientRole(roleModel, clientModel);
        });
    }

    public boolean hasDirectRole(RoleModel roleModel) {
        return getRoleMappingsStream().map((v0) -> {
            return v0.getId();
        }).anyMatch(str -> {
            return str.equals(roleModel.getId());
        });
    }

    public boolean hasRole(RoleModel roleModel) {
        return RoleUtils.hasRole(getRoleMappingsStream(), roleModel) || RoleUtils.hasRoleFromGroup(getGroupsStream(), roleModel, true);
    }

    public Stream<RoleModel> getRoleMappingsStream() {
        log.debugv("get role mappings: realm={0} userId={1}", this.realm.getId(), ((User) this.entity).getId());
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(((User) this.entity).getRealmRoles());
        arrayList.addAll((Collection) ((User) this.entity).getClientRoles().entrySet().stream().flatMap(entry -> {
            return ((Set) entry.getValue()).stream();
        }).collect(Collectors.toSet()));
        Stream stream = arrayList.stream();
        RealmModel realmModel = this.realm;
        Objects.requireNonNull(realmModel);
        return stream.map(realmModel::getRoleById).filter((v0) -> {
            return Objects.nonNull(v0);
        });
    }

    public abstract boolean checkEmailUniqueness(RealmModel realmModel, String str);

    public abstract boolean checkUsernameUniqueness(RealmModel realmModel, String str);

    public abstract SubjectCredentialManager credentialManager();

    public boolean delete() {
        markDeleted();
        return this.userRepository.deleteUser(((User) this.entity).getRealmId(), ((User) this.entity).getId());
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    protected void flushChanges() {
        this.userRepository.insertOrUpdate((User) this.entity);
        if (((User) this.entity).getServiceAccountClientLink() == null || ((User) this.entity).isServiceAccount()) {
            return;
        }
        this.userRepository.makeUserServiceAccount((User) this.entity, this.realm.getId());
    }

    private Optional<String> getSpecialAttributeValue(String str) {
        return "firstName".equals(str) ? Optional.ofNullable(((User) this.entity).getFirstName()) : "lastName".equals(str) ? Optional.ofNullable(((User) this.entity).getLastName()) : "email".equals(str) ? Optional.ofNullable(((User) this.entity).getEmail()) : "username".equals(str) ? Optional.ofNullable(((User) this.entity).getUsername()) : Optional.empty();
    }

    private boolean setSpecialAttributeValue(String str, String str2) {
        if ("firstName".equals(str)) {
            ((User) this.entity).setFirstName(str2);
            return true;
        }
        if ("lastName".equals(str)) {
            ((User) this.entity).setLastName(str2);
            return true;
        }
        if ("email".equals(str)) {
            setEmail(str2);
            return true;
        }
        if (!"username".equals(str)) {
            return false;
        }
        setUsername(str2);
        return true;
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        return (obj instanceof CassandraUserAdapter) && ((CassandraUserAdapter) obj).canEqual(this) && super.equals(obj);
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof CassandraUserAdapter;
    }

    @Override // de.arbeitsagentur.opdt.keycloak.cassandra.transaction.TransactionalModelAdapter
    @Generated
    public int hashCode() {
        return super.hashCode();
    }
}
