package org.keycloak.storage.jpa;

import jakarta.persistence.EntityManager;
import jakarta.persistence.LockModeType;
import jakarta.persistence.TypedQuery;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.UserCredentialStore;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.PaginationUtils;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.client.ClientStorageProvider;
import org.keycloak.storage.federated.UserFederatedStorageProvider;
import org.keycloak.storage.jpa.entity.BrokerLinkEntity;
import org.keycloak.storage.jpa.entity.FederatedUser;
import org.keycloak.storage.jpa.entity.FederatedUserAttributeEntity;
import org.keycloak.storage.jpa.entity.FederatedUserConsentClientScopeEntity;
import org.keycloak.storage.jpa.entity.FederatedUserConsentEntity;
import org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity;
import org.keycloak.storage.jpa.entity.FederatedUserGroupMembershipEntity;
import org.keycloak.storage.jpa.entity.FederatedUserRequiredActionEntity;
import org.keycloak.storage.jpa.entity.FederatedUserRoleMappingEntity;
import org.keycloak.utils.StreamsUtil;

/* loaded from: input_file:org/keycloak/storage/jpa/JpaUserFederatedStorageProvider.class */
public class JpaUserFederatedStorageProvider implements UserFederatedStorageProvider, UserCredentialStore {
    protected static final Logger logger = Logger.getLogger(JpaUserFederatedStorageProvider.class);
    private final KeycloakSession session;
    protected EntityManager em;

    public JpaUserFederatedStorageProvider(KeycloakSession keycloakSession, EntityManager entityManager) {
        this.session = keycloakSession;
        this.em = entityManager;
    }

    public void close() {
    }

    protected void createIndex(RealmModel realmModel, String str) {
        if (this.em.find(FederatedUser.class, str) == null) {
            FederatedUser federatedUser = new FederatedUser();
            federatedUser.setId(str);
            federatedUser.setRealmId(realmModel.getId());
            federatedUser.setStorageProviderId(new StorageId(str).getProviderId());
            this.em.persist(federatedUser);
        }
    }

    public void setAttribute(RealmModel realmModel, String str, String str2, List<String> list) {
        createIndex(realmModel, str);
        deleteAttribute(realmModel, str, str2);
        this.em.flush();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            persistAttributeValue(realmModel, str, str2, it.next());
        }
    }

    private void deleteAttribute(RealmModel realmModel, String str, String str2) {
        this.em.createNamedQuery("deleteUserFederatedAttributesByUserAndName").setParameter("userId", str).setParameter("realmId", realmModel.getId()).setParameter("name", str2).executeUpdate();
    }

    private void persistAttributeValue(RealmModel realmModel, String str, String str2, String str3) {
        FederatedUserAttributeEntity federatedUserAttributeEntity = new FederatedUserAttributeEntity();
        federatedUserAttributeEntity.setId(KeycloakModelUtils.generateId());
        federatedUserAttributeEntity.setName(str2);
        federatedUserAttributeEntity.setValue(str3);
        federatedUserAttributeEntity.setUserId(str);
        federatedUserAttributeEntity.setRealmId(realmModel.getId());
        federatedUserAttributeEntity.setStorageProviderId(new StorageId(str).getProviderId());
        this.em.persist(federatedUserAttributeEntity);
    }

    public void setSingleAttribute(RealmModel realmModel, String str, String str2, String str3) {
        createIndex(realmModel, str);
        deleteAttribute(realmModel, str, str2);
        this.em.flush();
        persistAttributeValue(realmModel, str, str2, str3);
    }

    public void removeAttribute(RealmModel realmModel, String str, String str2) {
        deleteAttribute(realmModel, str, str2);
        this.em.flush();
    }

    public MultivaluedHashMap<String, String> getAttributes(RealmModel realmModel, String str) {
        List<FederatedUserAttributeEntity> resultList = this.em.createNamedQuery("getFederatedAttributesByUser", FederatedUserAttributeEntity.class).setParameter("userId", str).setParameter("realmId", realmModel.getId()).getResultList();
        MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>();
        for (FederatedUserAttributeEntity federatedUserAttributeEntity : resultList) {
            multivaluedHashMap.add(federatedUserAttributeEntity.getName(), federatedUserAttributeEntity.getValue());
        }
        return multivaluedHashMap;
    }

    public Stream<String> getUsersByUserAttributeStream(RealmModel realmModel, String str, String str2) {
        return str2 != null && str2.length() > 2024 ? StreamsUtil.closing(this.em.createNamedQuery("getFederatedAttributesByNameAndLongValue", Object[].class).setParameter("realmId", realmModel.getId()).setParameter("name", str).setParameter("longValueHash", JpaHashUtils.hashForAttributeValue(str2)).getResultStream().filter(objArr -> {
            return JpaHashUtils.compareSourceValue((String) objArr[1], str2);
        }).map(objArr2 -> {
            return (String) objArr2[0];
        })) : StreamsUtil.closing(this.em.createNamedQuery("getFederatedAttributesByNameAndValue", String.class).setParameter("realmId", realmModel.getId()).setParameter("name", str).setParameter("value", str2).getResultStream());
    }

    public String getUserByFederatedIdentity(FederatedIdentityModel federatedIdentityModel, RealmModel realmModel) {
        List resultList = this.em.createNamedQuery("findUserByBrokerLinkAndRealm", String.class).setParameter("realmId", realmModel.getId()).setParameter("identityProvider", federatedIdentityModel.getIdentityProvider()).setParameter("brokerUserId", federatedIdentityModel.getUserId()).getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        if (resultList.size() > 1) {
            throw new IllegalStateException("More results found for identityProvider=" + federatedIdentityModel.getIdentityProvider() + ", userId=" + federatedIdentityModel.getUserId() + ", results=" + resultList);
        }
        return (String) resultList.get(0);
    }

    public void addFederatedIdentity(RealmModel realmModel, String str, FederatedIdentityModel federatedIdentityModel) {
        createIndex(realmModel, str);
        BrokerLinkEntity brokerLinkEntity = new BrokerLinkEntity();
        brokerLinkEntity.setRealmId(realmModel.getId());
        brokerLinkEntity.setUserId(str);
        brokerLinkEntity.setBrokerUserId(federatedIdentityModel.getUserId());
        brokerLinkEntity.setIdentityProvider(federatedIdentityModel.getIdentityProvider());
        brokerLinkEntity.setToken(federatedIdentityModel.getToken());
        brokerLinkEntity.setBrokerUserName(federatedIdentityModel.getUserName());
        brokerLinkEntity.setStorageProviderId(new StorageId(str).getProviderId());
        this.em.persist(brokerLinkEntity);
    }

    public boolean removeFederatedIdentity(RealmModel realmModel, String str, String str2) {
        BrokerLinkEntity brokerLinkEntity = getBrokerLinkEntity(realmModel, str, str2);
        if (brokerLinkEntity == null) {
            return false;
        }
        this.em.remove(brokerLinkEntity);
        return true;
    }

    public void preRemove(RealmModel realmModel, IdentityProviderModel identityProviderModel) {
        this.em.createNamedQuery("deleteBrokerLinkByIdentityProvider").setParameter("realmId", realmModel.getId()).setParameter("providerAlias", identityProviderModel.getAlias()).executeUpdate();
    }

    private BrokerLinkEntity getBrokerLinkEntity(RealmModel realmModel, String str, String str2) {
        List resultList = this.em.createNamedQuery("findBrokerLinkByUserAndProvider", BrokerLinkEntity.class).setParameter("userId", str).setParameter("realmId", realmModel.getId()).setParameter("identityProvider", str2).getResultList();
        if (resultList.size() > 0) {
            return (BrokerLinkEntity) resultList.get(0);
        }
        return null;
    }

    public void updateFederatedIdentity(RealmModel realmModel, String str, FederatedIdentityModel federatedIdentityModel) {
        createIndex(realmModel, str);
        BrokerLinkEntity brokerLinkEntity = getBrokerLinkEntity(realmModel, str, federatedIdentityModel.getIdentityProvider());
        if (brokerLinkEntity == null) {
            return;
        }
        brokerLinkEntity.setBrokerUserName(federatedIdentityModel.getUserName());
        brokerLinkEntity.setBrokerUserId(federatedIdentityModel.getUserId());
        brokerLinkEntity.setToken(federatedIdentityModel.getToken());
        this.em.persist(brokerLinkEntity);
        this.em.flush();
    }

    public Stream<FederatedIdentityModel> getFederatedIdentitiesStream(String str, RealmModel realmModel) {
        return StreamsUtil.closing(this.em.createNamedQuery("findBrokerLinkByUser", BrokerLinkEntity.class).setParameter("userId", str).getResultStream().map(brokerLinkEntity -> {
            return new FederatedIdentityModel(brokerLinkEntity.getIdentityProvider(), brokerLinkEntity.getBrokerUserId(), brokerLinkEntity.getBrokerUserName(), brokerLinkEntity.getToken());
        }).distinct());
    }

    public FederatedIdentityModel getFederatedIdentity(String str, String str2, RealmModel realmModel) {
        BrokerLinkEntity brokerLinkEntity = getBrokerLinkEntity(realmModel, str, str2);
        if (brokerLinkEntity == null) {
            return null;
        }
        return new FederatedIdentityModel(brokerLinkEntity.getIdentityProvider(), brokerLinkEntity.getBrokerUserId(), brokerLinkEntity.getBrokerUserName(), brokerLinkEntity.getToken());
    }

    public void addConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        createIndex(realmModel, str);
        String id = userConsentModel.getClient().getId();
        if (getGrantedConsentEntity(str, id, LockModeType.NONE) != null) {
            throw new ModelDuplicateException("Consent already exists for client [" + id + "] and user [" + str + "]");
        }
        FederatedUserConsentEntity federatedUserConsentEntity = new FederatedUserConsentEntity();
        federatedUserConsentEntity.setId(KeycloakModelUtils.generateId());
        federatedUserConsentEntity.setUserId(str);
        StorageId storageId = new StorageId(id);
        if (storageId.isLocal()) {
            federatedUserConsentEntity.setClientId(id);
        } else {
            federatedUserConsentEntity.setClientStorageProvider(storageId.getProviderId());
            federatedUserConsentEntity.setExternalClientId(storageId.getExternalId());
        }
        federatedUserConsentEntity.setRealmId(realmModel.getId());
        federatedUserConsentEntity.setStorageProviderId(new StorageId(str).getProviderId());
        long currentTimeMillis = Time.currentTimeMillis();
        federatedUserConsentEntity.setCreatedDate(Long.valueOf(currentTimeMillis));
        federatedUserConsentEntity.setLastUpdatedDate(Long.valueOf(currentTimeMillis));
        this.em.persist(federatedUserConsentEntity);
        this.em.flush();
        updateGrantedConsentEntity(federatedUserConsentEntity, userConsentModel);
    }

    public UserConsentModel getConsentByClient(RealmModel realmModel, String str, String str2) {
        return toConsentModel(realmModel, getGrantedConsentEntity(str, str2, LockModeType.NONE));
    }

    public Stream<UserConsentModel> getConsentsStream(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("userFederatedConsentsByUser", FederatedUserConsentEntity.class);
        createNamedQuery.setParameter("userId", str);
        return StreamsUtil.closing(createNamedQuery.getResultStream().map(federatedUserConsentEntity -> {
            return toConsentModel(realmModel, federatedUserConsentEntity);
        }));
    }

    public void updateConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        createIndex(realmModel, str);
        String id = userConsentModel.getClient().getId();
        FederatedUserConsentEntity grantedConsentEntity = getGrantedConsentEntity(str, id, LockModeType.PESSIMISTIC_WRITE);
        if (grantedConsentEntity == null) {
            throw new ModelException("Consent not found for client [" + id + "] and user [" + str + "]");
        }
        updateGrantedConsentEntity(grantedConsentEntity, userConsentModel);
    }

    public boolean revokeConsentForClient(RealmModel realmModel, String str, String str2) {
        FederatedUserConsentEntity grantedConsentEntity = getGrantedConsentEntity(str, str2, LockModeType.PESSIMISTIC_WRITE);
        if (grantedConsentEntity == null) {
            return false;
        }
        this.em.remove(grantedConsentEntity);
        this.em.flush();
        return true;
    }

    private FederatedUserConsentEntity getGrantedConsentEntity(String str, String str2, LockModeType lockModeType) {
        StorageId storageId = new StorageId(str2);
        TypedQuery createNamedQuery = this.em.createNamedQuery(storageId.isLocal() ? "userFederatedConsentByUserAndClient" : "userFederatedConsentByUserAndExternalClient", FederatedUserConsentEntity.class);
        createNamedQuery.setLockMode(lockModeType);
        createNamedQuery.setParameter("userId", str);
        if (storageId.isLocal()) {
            createNamedQuery.setParameter("clientId", str2);
        } else {
            createNamedQuery.setParameter("clientStorageProvider", storageId.getProviderId());
            createNamedQuery.setParameter("externalClientId", storageId.getExternalId());
        }
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() > 1) {
            throw new ModelException("More results found for user [" + str + "] and client [" + str2 + "]");
        }
        if (resultList.size() == 1) {
            return (FederatedUserConsentEntity) resultList.get(0);
        }
        return null;
    }

    private UserConsentModel toConsentModel(RealmModel realmModel, FederatedUserConsentEntity federatedUserConsentEntity) {
        if (federatedUserConsentEntity == null) {
            return null;
        }
        UserConsentModel userConsentModel = new UserConsentModel(realmModel.getClientById((federatedUserConsentEntity.getClientId() == null ? new StorageId(federatedUserConsentEntity.getClientStorageProvider(), federatedUserConsentEntity.getExternalClientId()) : new StorageId(federatedUserConsentEntity.getClientId())).getId()));
        userConsentModel.setCreatedDate(federatedUserConsentEntity.getCreatedDate());
        userConsentModel.setLastUpdatedDate(federatedUserConsentEntity.getLastUpdatedDate());
        Collection<FederatedUserConsentClientScopeEntity> grantedClientScopes = federatedUserConsentEntity.getGrantedClientScopes();
        if (grantedClientScopes != null) {
            for (FederatedUserConsentClientScopeEntity federatedUserConsentClientScopeEntity : grantedClientScopes) {
                ClientModel clientScopeById = realmModel.getClientScopeById(federatedUserConsentClientScopeEntity.getScopeId());
                if (clientScopeById == null) {
                    clientScopeById = realmModel.getClientById(federatedUserConsentClientScopeEntity.getScopeId());
                }
                if (clientScopeById != null) {
                    userConsentModel.addGrantedClientScope(clientScopeById);
                }
            }
        }
        return userConsentModel;
    }

    private void updateGrantedConsentEntity(FederatedUserConsentEntity federatedUserConsentEntity, UserConsentModel userConsentModel) {
        Collection<FederatedUserConsentClientScopeEntity> grantedClientScopes = federatedUserConsentEntity.getGrantedClientScopes();
        HashSet<FederatedUserConsentClientScopeEntity> hashSet = new HashSet(grantedClientScopes);
        for (ClientScopeModel clientScopeModel : userConsentModel.getGrantedClientScopes()) {
            FederatedUserConsentClientScopeEntity federatedUserConsentClientScopeEntity = new FederatedUserConsentClientScopeEntity();
            federatedUserConsentClientScopeEntity.setUserConsent(federatedUserConsentEntity);
            federatedUserConsentClientScopeEntity.setScopeId(clientScopeModel.getId());
            if (grantedClientScopes.contains(federatedUserConsentClientScopeEntity)) {
                hashSet.remove(federatedUserConsentClientScopeEntity);
            } else {
                this.em.persist(federatedUserConsentClientScopeEntity);
                this.em.flush();
                grantedClientScopes.add(federatedUserConsentClientScopeEntity);
            }
        }
        for (FederatedUserConsentClientScopeEntity federatedUserConsentClientScopeEntity2 : hashSet) {
            grantedClientScopes.remove(federatedUserConsentClientScopeEntity2);
            this.em.remove(federatedUserConsentClientScopeEntity2);
        }
        federatedUserConsentEntity.setLastUpdatedDate(Long.valueOf(Time.currentTimeMillis()));
        this.em.flush();
    }

    public void setNotBeforeForUser(RealmModel realmModel, String str, int i) {
        setSingleAttribute(realmModel, str, "fedNotBefore", String.valueOf(i));
    }

    public int getNotBeforeOfUser(RealmModel realmModel, String str) {
        String str2 = (String) getAttributes(realmModel, str).getFirst("fedNotBefore");
        if (str2 == null) {
            return 0;
        }
        return Integer.parseInt(str2);
    }

    public Stream<GroupModel> getGroupsStream(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("feduserGroupMembership", FederatedUserGroupMembershipEntity.class);
        createNamedQuery.setParameter("userId", str);
        Stream map = createNamedQuery.getResultStream().map((v0) -> {
            return v0.getGroupId();
        });
        Objects.requireNonNull(realmModel);
        return StreamsUtil.closing(map.map(realmModel::getGroupById));
    }

    public void joinGroup(RealmModel realmModel, String str, GroupModel groupModel) {
        createIndex(realmModel, str);
        FederatedUserGroupMembershipEntity federatedUserGroupMembershipEntity = new FederatedUserGroupMembershipEntity();
        federatedUserGroupMembershipEntity.setUserId(str);
        federatedUserGroupMembershipEntity.setStorageProviderId(new StorageId(str).getProviderId());
        federatedUserGroupMembershipEntity.setGroupId(groupModel.getId());
        federatedUserGroupMembershipEntity.setRealmId(realmModel.getId());
        this.em.persist(federatedUserGroupMembershipEntity);
    }

    public void leaveGroup(RealmModel realmModel, String str, GroupModel groupModel) {
        if (str == null || groupModel == null) {
            return;
        }
        TypedQuery createNamedQuery = this.em.createNamedQuery("feduserMemberOf", FederatedUserGroupMembershipEntity.class);
        createNamedQuery.setParameter("userId", str);
        createNamedQuery.setParameter("groupId", groupModel.getId());
        createNamedQuery.setLockMode(LockModeType.PESSIMISTIC_WRITE);
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() == 0) {
            return;
        }
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            this.em.remove((FederatedUserGroupMembershipEntity) it.next());
        }
        this.em.flush();
    }

    public Stream<String> getMembershipStream(RealmModel realmModel, GroupModel groupModel, Integer num, Integer num2) {
        return StreamsUtil.closing(PaginationUtils.paginateQuery(this.em.createNamedQuery("fedgroupMembership", String.class).setParameter("realmId", realmModel.getId()).setParameter("groupId", groupModel.getId()), num, num2).getResultStream());
    }

    public Stream<String> getRoleMembersStream(RealmModel realmModel, RoleModel roleModel, Integer num, Integer num2) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("fedRoleMembership", String.class);
        createNamedQuery.setParameter("roleId", roleModel.getId());
        createNamedQuery.setParameter("realmId", realmModel.getId());
        return StreamsUtil.closing(PaginationUtils.paginateQuery(createNamedQuery, num, num2).getResultStream());
    }

    public Stream<String> getRequiredActionsStream(RealmModel realmModel, String str) {
        return getRequiredActionEntitiesStream(realmModel, str, LockModeType.NONE).map((v0) -> {
            return v0.getAction();
        }).distinct();
    }

    private Stream<FederatedUserRequiredActionEntity> getRequiredActionEntitiesStream(RealmModel realmModel, String str, LockModeType lockModeType) {
        TypedQuery parameter = this.em.createNamedQuery("getFederatedUserRequiredActionsByUser", FederatedUserRequiredActionEntity.class).setParameter("userId", str).setParameter("realmId", realmModel.getId());
        parameter.setLockMode(lockModeType);
        return StreamsUtil.closing(parameter.getResultStream());
    }

    public void addRequiredAction(RealmModel realmModel, String str, String str2) {
        if (this.em.find(FederatedUserRequiredActionEntity.class, new FederatedUserRequiredActionEntity.Key(str, str2)) == null) {
            createIndex(realmModel, str);
            FederatedUserRequiredActionEntity federatedUserRequiredActionEntity = new FederatedUserRequiredActionEntity();
            federatedUserRequiredActionEntity.setUserId(str);
            federatedUserRequiredActionEntity.setRealmId(realmModel.getId());
            federatedUserRequiredActionEntity.setStorageProviderId(new StorageId(str).getProviderId());
            federatedUserRequiredActionEntity.setAction(str2);
            this.em.persist(federatedUserRequiredActionEntity);
        }
    }

    public void removeRequiredAction(RealmModel realmModel, String str, String str2) {
        List list = (List) getRequiredActionEntitiesStream(realmModel, str, LockModeType.PESSIMISTIC_WRITE).filter(federatedUserRequiredActionEntity -> {
            return Objects.equals(federatedUserRequiredActionEntity.getAction(), str2);
        }).collect(Collectors.toList());
        EntityManager entityManager = this.em;
        Objects.requireNonNull(entityManager);
        list.forEach((v1) -> {
            r1.remove(v1);
        });
        this.em.flush();
    }

    public void grantRole(RealmModel realmModel, String str, RoleModel roleModel) {
        createIndex(realmModel, str);
        FederatedUserRoleMappingEntity federatedUserRoleMappingEntity = new FederatedUserRoleMappingEntity();
        federatedUserRoleMappingEntity.setUserId(str);
        federatedUserRoleMappingEntity.setStorageProviderId(new StorageId(str).getProviderId());
        federatedUserRoleMappingEntity.setRealmId(realmModel.getId());
        federatedUserRoleMappingEntity.setRoleId(roleModel.getId());
        this.em.persist(federatedUserRoleMappingEntity);
    }

    public Stream<RoleModel> getRoleMappingsStream(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("feduserRoleMappings", FederatedUserRoleMappingEntity.class);
        createNamedQuery.setParameter("userId", str);
        Stream map = createNamedQuery.getResultStream().map((v0) -> {
            return v0.getRoleId();
        });
        Objects.requireNonNull(realmModel);
        return StreamsUtil.closing(map.map(realmModel::getRoleById));
    }

    public void deleteRoleMapping(RealmModel realmModel, String str, RoleModel roleModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("feduserRoleMappings", FederatedUserRoleMappingEntity.class);
        createNamedQuery.setParameter("userId", str);
        List<FederatedUserRoleMappingEntity> resultList = createNamedQuery.getResultList();
        createNamedQuery.setLockMode(LockModeType.PESSIMISTIC_WRITE);
        for (FederatedUserRoleMappingEntity federatedUserRoleMappingEntity : resultList) {
            if (federatedUserRoleMappingEntity.getRoleId().equals(roleModel.getId())) {
                this.em.remove(federatedUserRoleMappingEntity);
            }
        }
        this.em.flush();
    }

    public void updateCredential(RealmModel realmModel, String str, CredentialModel credentialModel) {
        FederatedUserCredentialEntity federatedUserCredentialEntity = (FederatedUserCredentialEntity) this.em.find(FederatedUserCredentialEntity.class, credentialModel.getId());
        if (checkCredentialEntity(federatedUserCredentialEntity, str)) {
            createIndex(realmModel, str);
            federatedUserCredentialEntity.setCreatedDate(credentialModel.getCreatedDate());
            federatedUserCredentialEntity.setType(credentialModel.getType());
            federatedUserCredentialEntity.setCredentialData(credentialModel.getCredentialData());
            federatedUserCredentialEntity.setSecretData(credentialModel.getSecretData());
            federatedUserCredentialEntity.setUserLabel(credentialModel.getUserLabel());
        }
    }

    public CredentialModel createCredential(RealmModel realmModel, String str, CredentialModel credentialModel) {
        createIndex(realmModel, str);
        FederatedUserCredentialEntity federatedUserCredentialEntity = new FederatedUserCredentialEntity();
        federatedUserCredentialEntity.setId(credentialModel.getId() == null ? KeycloakModelUtils.generateId() : credentialModel.getId());
        federatedUserCredentialEntity.setCreatedDate(credentialModel.getCreatedDate());
        federatedUserCredentialEntity.setType(credentialModel.getType());
        federatedUserCredentialEntity.setCredentialData(credentialModel.getCredentialData());
        federatedUserCredentialEntity.setSecretData(credentialModel.getSecretData());
        federatedUserCredentialEntity.setUserLabel(credentialModel.getUserLabel());
        federatedUserCredentialEntity.setUserId(str);
        federatedUserCredentialEntity.setRealmId(realmModel.getId());
        federatedUserCredentialEntity.setStorageProviderId(new StorageId(str).getProviderId());
        List list = (List) getStoredCredentialEntitiesStream(str).collect(Collectors.toList());
        federatedUserCredentialEntity.setPriority(list.isEmpty() ? 10 : ((FederatedUserCredentialEntity) list.get(list.size() - 1)).getPriority() + 10);
        this.em.persist(federatedUserCredentialEntity);
        return toModel(federatedUserCredentialEntity);
    }

    public boolean removeStoredCredential(RealmModel realmModel, String str, String str2) {
        FederatedUserCredentialEntity federatedUserCredentialEntity = (FederatedUserCredentialEntity) this.em.find(FederatedUserCredentialEntity.class, str2, LockModeType.PESSIMISTIC_WRITE);
        if (!checkCredentialEntity(federatedUserCredentialEntity, str)) {
            return false;
        }
        int priority = federatedUserCredentialEntity.getPriority();
        getStoredCredentialEntitiesStream(str).filter(federatedUserCredentialEntity2 -> {
            return federatedUserCredentialEntity2.getPriority() > priority;
        }).forEach(federatedUserCredentialEntity3 -> {
            federatedUserCredentialEntity3.setPriority(federatedUserCredentialEntity3.getPriority() - 10);
        });
        this.em.remove(federatedUserCredentialEntity);
        return true;
    }

    public CredentialModel getStoredCredentialById(RealmModel realmModel, String str, String str2) {
        FederatedUserCredentialEntity federatedUserCredentialEntity = (FederatedUserCredentialEntity) this.em.find(FederatedUserCredentialEntity.class, str2);
        if (checkCredentialEntity(federatedUserCredentialEntity, str)) {
            return toModel(federatedUserCredentialEntity);
        }
        return null;
    }

    private boolean checkCredentialEntity(FederatedUserCredentialEntity federatedUserCredentialEntity, String str) {
        return (federatedUserCredentialEntity == null || federatedUserCredentialEntity.getUserId() == null || !federatedUserCredentialEntity.getUserId().equals(str)) ? false : true;
    }

    protected CredentialModel toModel(FederatedUserCredentialEntity federatedUserCredentialEntity) {
        CredentialModel credentialModel = new CredentialModel();
        credentialModel.setId(federatedUserCredentialEntity.getId());
        credentialModel.setType(federatedUserCredentialEntity.getType());
        credentialModel.setCreatedDate(federatedUserCredentialEntity.getCreatedDate());
        credentialModel.setUserLabel(federatedUserCredentialEntity.getUserLabel());
        if (federatedUserCredentialEntity.getSalt() != null) {
            federatedUserCredentialEntity.setSecretData(federatedUserCredentialEntity.getSecretData().replace("__SALT__", Base64.encodeBytes(federatedUserCredentialEntity.getSalt())));
            federatedUserCredentialEntity.setSalt(null);
        }
        credentialModel.setSecretData(federatedUserCredentialEntity.getSecretData());
        credentialModel.setCredentialData(federatedUserCredentialEntity.getCredentialData());
        return credentialModel;
    }

    public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realmModel, String str) {
        return getStoredCredentialEntitiesStream(str).map(this::toModel);
    }

    private Stream<FederatedUserCredentialEntity> getStoredCredentialEntitiesStream(String str) {
        return StreamsUtil.closing(this.em.createNamedQuery("federatedUserCredentialByUser", FederatedUserCredentialEntity.class).setParameter("userId", str).getResultStream());
    }

    public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realmModel, String str, String str2) {
        return StreamsUtil.closing(this.em.createNamedQuery("federatedUserCredentialByUserAndType", FederatedUserCredentialEntity.class).setParameter("type", str2).setParameter("userId", str).getResultStream().map(this::toModel));
    }

    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, String str, String str2, String str3) {
        List resultList = this.em.createNamedQuery("federatedUserCredentialByNameAndType", FederatedUserCredentialEntity.class).setParameter("type", str3).setParameter("userLabel", str2).setParameter("userId", str).getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        return toModel((FederatedUserCredentialEntity) resultList.get(0));
    }

    public Stream<String> getStoredUsersStream(RealmModel realmModel, Integer num, Integer num2) {
        return StreamsUtil.closing(PaginationUtils.paginateQuery(this.em.createNamedQuery("getFederatedUserIds", String.class).setParameter("realmId", realmModel.getId()), num, num2).getResultStream());
    }

    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        updateCredential(realmModel, userModel.getId(), credentialModel);
    }

    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        return createCredential(realmModel, userModel.getId(), credentialModel);
    }

    public boolean removeStoredCredential(RealmModel realmModel, UserModel userModel, String str) {
        return removeStoredCredential(realmModel, userModel.getId(), str);
    }

    public CredentialModel getStoredCredentialById(RealmModel realmModel, UserModel userModel, String str) {
        return getStoredCredentialById(realmModel, userModel.getId(), str);
    }

    public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realmModel, UserModel userModel) {
        return getStoredCredentialsStream(realmModel, userModel.getId());
    }

    public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realmModel, UserModel userModel, String str) {
        return getStoredCredentialsByTypeStream(realmModel, userModel.getId(), str);
    }

    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, UserModel userModel, String str, String str2) {
        return getStoredCredentialByNameAndType(realmModel, userModel.getId(), str, str2);
    }

    public boolean moveCredentialTo(RealmModel realmModel, UserModel userModel, String str, String str2) {
        List<FederatedUserCredentialEntity> list = (List) getStoredCredentialEntitiesStream(userModel.getId()).collect(Collectors.toList());
        int i = -1;
        int i2 = -1;
        FederatedUserCredentialEntity federatedUserCredentialEntity = null;
        int i3 = 0;
        for (FederatedUserCredentialEntity federatedUserCredentialEntity2 : list) {
            if (str.equals(federatedUserCredentialEntity2.getId())) {
                i = i3;
                federatedUserCredentialEntity = federatedUserCredentialEntity2;
            } else if (str2 != null && str2.equals(federatedUserCredentialEntity2.getId())) {
                i2 = i3;
            }
            i3++;
        }
        if (i == -1) {
            logger.warnf("Not found credential with id [%s] of user [%s]", str, userModel.getUsername());
            return false;
        }
        if (str2 != null && i2 == -1) {
            logger.warnf("Can't move up credential with id [%s] of user [%s]", str, userModel.getUsername());
            return false;
        }
        int i4 = str2 == null ? 0 : i2 + 1;
        list.add(i4, federatedUserCredentialEntity);
        list.remove(i4 < i ? i + 1 : i);
        int i5 = 0;
        for (FederatedUserCredentialEntity federatedUserCredentialEntity3 : list) {
            i5 += 10;
            if (federatedUserCredentialEntity3.getPriority() != i5) {
                federatedUserCredentialEntity3.setPriority(i5);
                logger.tracef("Priority of credential [%s] of user [%s] changed to [%d]", federatedUserCredentialEntity3.getId(), userModel.getUsername(), Integer.valueOf(i5));
            }
        }
        return true;
    }

    public int getStoredUsersCount(RealmModel realmModel) {
        return ((Number) this.em.createNamedQuery("getFederatedUserCount").setParameter("realmId", realmModel.getId()).getSingleResult()).intValue();
    }

    public void preRemove(RealmModel realmModel) {
        this.em.createNamedQuery("deleteFederatedUserConsentClientScopesByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserConsentsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserRoleMappingsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserRequiredActionsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteBrokerLinkByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserCredentialsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserFederatedAttributesByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserGroupMembershipByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUsersByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
    }

    public void preRemove(RealmModel realmModel, RoleModel roleModel) {
        this.em.createNamedQuery("deleteFederatedUserRoleMappingsByRole").setParameter("roleId", roleModel.getId()).executeUpdate();
    }

    public void preRemove(RealmModel realmModel, GroupModel groupModel) {
        this.em.createNamedQuery("deleteFederatedUserGroupMembershipsByGroup").setParameter("groupId", groupModel.getId()).executeUpdate();
    }

    public void preRemove(RealmModel realmModel, ClientModel clientModel) {
        StorageId storageId = new StorageId(clientModel.getId());
        if (storageId.isLocal()) {
            this.em.createNamedQuery("deleteFederatedUserConsentClientScopesByClient").setParameter("clientId", clientModel.getId()).executeUpdate();
            this.em.createNamedQuery("deleteFederatedUserConsentsByClient").setParameter("clientId", clientModel.getId()).executeUpdate();
        } else {
            this.em.createNamedQuery("deleteFederatedUserConsentClientScopesByExternalClient").setParameter("clientStorageProvider", storageId.getProviderId()).setParameter("externalClientId", storageId.getExternalId()).executeUpdate();
            this.em.createNamedQuery("deleteFederatedUserConsentsByExternalClient").setParameter("clientStorageProvider", storageId.getProviderId()).setParameter("externalClientId", storageId.getExternalId()).executeUpdate();
        }
    }

    public void preRemove(ProtocolMapperModel protocolMapperModel) {
    }

    public void preRemove(ClientScopeModel clientScopeModel) {
        this.em.createNamedQuery("deleteFederatedUserConsentClientScopesByClientScope").setParameter("scopeId", clientScopeModel.getId()).executeUpdate();
    }

    public void preRemove(RealmModel realmModel, UserModel userModel) {
        this.em.createNamedQuery("deleteBrokerLinkByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserFederatedAttributesByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserConsentClientScopesByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserConsentsByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserCredentialByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserGroupMembershipsByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserRequiredActionsByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserRoleMappingsByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserByUser").setParameter("userId", userModel.getId()).setParameter("realmId", realmModel.getId()).executeUpdate();
    }

    public void preRemove(RealmModel realmModel, ComponentModel componentModel) {
        if (!componentModel.getProviderType().equals(UserStorageProvider.class.getName())) {
            if (componentModel.getProviderType().equals(ClientStorageProvider.class.getName())) {
                this.em.createNamedQuery("deleteFederatedUserConsentClientScopesByClientStorageProvider").setParameter("clientStorageProvider", componentModel.getId()).executeUpdate();
                this.em.createNamedQuery("deleteFederatedUserConsentsByClientStorageProvider").setParameter("clientStorageProvider", componentModel.getId()).executeUpdate();
                return;
            }
            return;
        }
        this.em.createNamedQuery("deleteBrokerLinkByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedAttributesByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserConsentClientScopesByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserConsentsByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserCredentialsByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserGroupMembershipByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserRequiredActionsByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUserRoleMappingsByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedUsersByStorageProvider").setParameter("storageProviderId", componentModel.getId()).executeUpdate();
    }
}
