package org.keycloak.organization.jpa;

import jakarta.persistence.EntityManager;
import jakarta.persistence.NoResultException;
import jakarta.persistence.TypedQuery;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.From;
import jakarta.persistence.criteria.Join;
import jakarta.persistence.criteria.Order;
import jakarta.persistence.criteria.Predicate;
import jakarta.persistence.criteria.Root;
import java.util.ArrayList;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.models.GroupModel;
import org.keycloak.models.GroupProvider;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.MembershipMetadata;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ModelValidationException;
import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.jpa.PaginationUtils;
import org.keycloak.models.jpa.entities.GroupEntity;
import org.keycloak.models.jpa.entities.OrganizationEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserGroupMembershipEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ReadOnlyUserModelDelegate;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.organization.utils.Organizations;
import org.keycloak.representations.idm.MembershipType;
import org.keycloak.storage.StorageId;
import org.keycloak.utils.ReservedCharValidator;
import org.keycloak.utils.StreamsUtil;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/organization/jpa/JpaOrganizationProvider.class */
public class JpaOrganizationProvider implements OrganizationProvider {
    private final EntityManager em;
    private final GroupProvider groupProvider;
    private final UserProvider userProvider;
    private final KeycloakSession session;

    public JpaOrganizationProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        this.em = ((JpaConnectionProvider) keycloakSession.getProvider(JpaConnectionProvider.class)).getEntityManager();
        this.groupProvider = keycloakSession.groups();
        this.userProvider = keycloakSession.users();
    }

    public OrganizationModel create(String str, String str2, String str3) {
        if (StringUtil.isBlank(str2)) {
            throw new ModelValidationException("Name can not be null");
        }
        if (StringUtil.isBlank(str3)) {
            try {
                ReservedCharValidator.validateNoSpace(str2);
                str3 = str2;
            } catch (ReservedCharValidator.ReservedCharException e) {
                throw new ModelValidationException("Name contains a reserved character and cannot be used as alias");
            }
        }
        if (getByName(str2) != null) {
            throw new ModelDuplicateException("A organization with the same name already exists.");
        }
        if (getAllStream(Map.of("alias", str3), -1, -1).findAny().isPresent()) {
            throw new ModelDuplicateException("A organization with the same alias already exists");
        }
        OrganizationEntity organizationEntity = new OrganizationEntity();
        organizationEntity.setId(str != null ? str : KeycloakModelUtils.generateId());
        organizationEntity.setRealmId(getRealm().getId());
        OrganizationAdapter organizationAdapter = new OrganizationAdapter(this.session, getRealm(), organizationEntity, this);
        try {
            this.session.getContext().setOrganization(organizationAdapter);
            organizationAdapter.setGroupId(createOrganizationGroup(organizationAdapter.getId()).getId());
            organizationAdapter.setName(str2);
            organizationAdapter.setAlias(str3);
            organizationAdapter.setEnabled(true);
            this.em.persist(organizationAdapter.getEntity());
            this.session.getContext().setOrganization((OrganizationModel) null);
            return organizationAdapter;
        } catch (Throwable th) {
            this.session.getContext().setOrganization((OrganizationModel) null);
            throw th;
        }
    }

    public boolean remove(OrganizationModel organizationModel) {
        OrganizationEntity entity = getEntity(organizationModel.getId());
        try {
            this.session.getContext().setOrganization(organizationModel);
            RealmModel realm = this.session.realms().getRealm(getRealm().getId());
            if (realm != null) {
                GroupModel organizationGroup = getOrganizationGroup(entity);
                if (organizationGroup != null) {
                    OrganizationProvider provider = this.session.getProvider(OrganizationProvider.class);
                    this.userProvider.getGroupMembersStream(realm, organizationGroup).forEach(userModel -> {
                        provider.removeMember(organizationModel, userModel);
                    });
                    this.groupProvider.removeGroup(realm, organizationGroup);
                }
                organizationModel.getIdentityProviders().forEach(identityProviderModel -> {
                    removeIdentityProvider(organizationModel, identityProviderModel);
                });
            }
            this.em.remove(entity);
            this.session.getContext().setOrganization((OrganizationModel) null);
            return true;
        } catch (Throwable th) {
            this.session.getContext().setOrganization((OrganizationModel) null);
            throw th;
        }
    }

    public void removeAll() {
        getAllStream().forEach(this::remove);
    }

    public boolean addManagedMember(OrganizationModel organizationModel, UserModel userModel) {
        return addMember(organizationModel, userModel, new MembershipMetadata(MembershipType.MANAGED));
    }

    public boolean addMember(OrganizationModel organizationModel, UserModel userModel) {
        return addMember(organizationModel, userModel, new MembershipMetadata(MembershipType.UNMANAGED));
    }

    private boolean addMember(OrganizationModel organizationModel, UserModel userModel, MembershipMetadata membershipMetadata) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        throwExceptionIfObjectIsNull(userModel, "User");
        OrganizationEntity entity = getEntity(organizationModel.getId());
        OrganizationModel resolveOrganization = Organizations.resolveOrganization(this.session);
        if (this.session.users().getUserById(this.session.realms().getRealm(entity.getRealmId()), userModel.getId()) == null) {
            return false;
        }
        if (resolveOrganization == null) {
            this.session.getContext().setOrganization(organizationModel);
        }
        try {
            GroupModel organizationGroup = getOrganizationGroup(entity);
            if (userModel.isMemberOf(organizationGroup)) {
                return false;
            }
            userModel.joinGroup(organizationGroup, membershipMetadata);
            OrganizationModel.OrganizationMemberJoinEvent.fire(organizationModel, userModel, this.session);
            if (resolveOrganization != null) {
                return true;
            }
            this.session.getContext().setOrganization((OrganizationModel) null);
            return true;
        } finally {
            if (resolveOrganization == null) {
                this.session.getContext().setOrganization((OrganizationModel) null);
            }
        }
    }

    public OrganizationModel getById(String str) {
        OrganizationEntity entity = getEntity(str, false);
        if (entity == null) {
            return null;
        }
        return new OrganizationAdapter(this.session, getRealm(), entity, this);
    }

    public OrganizationModel getByDomainName(String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getByDomainName", OrganizationEntity.class);
        RealmModel realm = getRealm();
        createNamedQuery.setParameter("realmId", realm.getId());
        createNamedQuery.setParameter("name", str.toLowerCase());
        try {
            return new OrganizationAdapter(this.session, realm, (OrganizationEntity) createNamedQuery.getSingleResult(), this);
        } catch (NoResultException e) {
            return null;
        }
    }

    public Stream<OrganizationModel> getAllStream(String str, Boolean bool, Integer num, Integer num2) {
        TypedQuery createNamedQuery;
        if (StringUtil.isBlank(str)) {
            createNamedQuery = this.em.createNamedQuery("getByRealm", OrganizationEntity.class);
        } else if (Boolean.TRUE.equals(bool)) {
            createNamedQuery = this.em.createNamedQuery("getByNameOrDomain", OrganizationEntity.class);
            createNamedQuery.setParameter("search", str);
        } else {
            createNamedQuery = this.em.createNamedQuery("getByNameOrDomainContained", OrganizationEntity.class);
            createNamedQuery.setParameter("search", str.toLowerCase());
        }
        RealmModel realm = getRealm();
        createNamedQuery.setParameter("realmId", realm.getId());
        return StreamsUtil.closing(PaginationUtils.paginateQuery(createNamedQuery, num, num2).getResultStream().map(organizationEntity -> {
            return new OrganizationAdapter(this.session, realm, organizationEntity, this);
        }));
    }

    public Stream<OrganizationModel> getAllStream(Map<String, String> map, Integer num, Integer num2) {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(OrganizationEntity.class);
        Root from = createQuery.from(OrganizationEntity.class);
        Root from2 = createQuery.from(GroupEntity.class);
        ArrayList arrayList = new ArrayList();
        RealmModel realm = getRealm();
        arrayList.add(criteriaBuilder.equal(from.get("realmId"), realm.getId()));
        arrayList.add(criteriaBuilder.equal(from.get("groupId"), from2.get("id")));
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (!StringUtil.isBlank(entry.getKey())) {
                if ("alias".equals(entry.getKey())) {
                    arrayList.add(criteriaBuilder.equal(from.get("alias"), entry.getValue()));
                } else {
                    Join join = from2.join("attributes");
                    arrayList.add(criteriaBuilder.and(criteriaBuilder.equal(join.get("name"), entry.getKey()), criteriaBuilder.equal(join.get("value"), entry.getValue())));
                }
            }
        }
        return StreamsUtil.closing(PaginationUtils.paginateQuery(this.em.createQuery(createQuery.select(from).where(criteriaBuilder.and((Predicate[]) arrayList.toArray(new Predicate[0])))), num, num2).getResultStream()).map(organizationEntity -> {
            return new OrganizationAdapter(this.session, realm, organizationEntity, this);
        });
    }

    public Stream<UserModel> getMembersStream(OrganizationModel organizationModel, String str, Boolean bool, Integer num, Integer num2) {
        return getMembersStream(organizationModel, Map.of("keycloak.session.realm.users.query.search", str), bool, num, num2);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x00c1. Please report as an issue. */
    public Stream<UserModel> getMembersStream(OrganizationModel organizationModel, Map<String, String> map, Boolean bool, Integer num, Integer num2) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(String.class);
        Root from = createQuery.from(UserGroupMembershipEntity.class);
        createQuery.select(from.get("user").get("id"));
        ArrayList arrayList = new ArrayList();
        arrayList.add(criteriaBuilder.equal(from.get("groupId"), getOrganizationGroup(organizationModel).getId()));
        Join join = from.join("user");
        for (Map.Entry entry : ((Map) Optional.ofNullable(map).orElse(Map.of())).entrySet()) {
            String str = (String) entry.getKey();
            boolean z = -1;
            switch (str.hashCode()) {
                case -739135440:
                    if (str.equals("membershipType")) {
                        z = true;
                        break;
                    }
                    break;
                case 352694088:
                    if (str.equals("keycloak.session.realm.users.query.search")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    arrayList.add(criteriaBuilder.or(getSearchOptionPredicateArray((String) entry.getValue(), ((Boolean) Optional.ofNullable(bool).orElse(false)).booleanValue(), criteriaBuilder, join)));
                    break;
                case true:
                    arrayList.add(criteriaBuilder.equal(from.get("membershipType"), ((String) entry.getValue()).toUpperCase()));
                    break;
            }
        }
        createQuery.where((Predicate[]) arrayList.toArray(new Predicate[0]));
        createQuery.orderBy(new Order[]{criteriaBuilder.asc(join.get("username"))});
        return StreamsUtil.closing(PaginationUtils.paginateQuery(this.em.createQuery(createQuery), num, num2).getResultStream().map(str2 -> {
            UserModel userById = this.userProvider.getUserById(getRealm(), str2);
            return Organizations.isReadOnlyOrganizationMember(this.session, userById) ? new ReadOnlyUserModelDelegate(userById) { // from class: org.keycloak.organization.jpa.JpaOrganizationProvider.1
                public boolean isEnabled() {
                    return false;
                }
            } : userById;
        }));
    }

    private Predicate[] getSearchOptionPredicateArray(String str, boolean z, CriteriaBuilder criteriaBuilder, From<?, UserEntity> from) {
        String lowerCase = str.toLowerCase();
        ArrayList arrayList = new ArrayList();
        if (z) {
            arrayList.add(criteriaBuilder.equal(from.get("username"), lowerCase));
            arrayList.add(criteriaBuilder.equal(from.get("email"), lowerCase));
            arrayList.add(criteriaBuilder.equal(criteriaBuilder.lower(from.get("firstName")), lowerCase));
            arrayList.add(criteriaBuilder.equal(criteriaBuilder.lower(from.get("lastName")), lowerCase));
        } else {
            String str2 = "%" + lowerCase + "%";
            arrayList.add(criteriaBuilder.like(from.get("username"), str2));
            arrayList.add(criteriaBuilder.like(from.get("email"), str2));
            arrayList.add(criteriaBuilder.like(criteriaBuilder.lower(from.get("firstName")), str2));
            arrayList.add(criteriaBuilder.like(criteriaBuilder.lower(from.get("lastName")), str2));
        }
        return (Predicate[]) arrayList.toArray(i -> {
            return new Predicate[i];
        });
    }

    public long getMembersCount(OrganizationModel organizationModel) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        return this.userProvider.getUsersCount(getRealm(), Set.of(getOrganizationGroup(organizationModel).getId()));
    }

    public UserModel getMemberById(OrganizationModel organizationModel, String str) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        UserModel userById = this.userProvider.getUserById(getRealm(), str);
        if (userById == null) {
            return null;
        }
        Stream<OrganizationModel> byMember = getByMember(userById);
        Objects.requireNonNull(organizationModel);
        if (byMember.anyMatch((v1) -> {
            return r1.equals(v1);
        })) {
            return userById;
        }
        return null;
    }

    public Stream<OrganizationModel> getByMember(UserModel userModel) {
        throwExceptionIfObjectIsNull(userModel, "User");
        TypedQuery createNamedQuery = StorageId.isLocalStorage(userModel.getId()) ? this.em.createNamedQuery("getGroupsByMember", String.class) : this.em.createNamedQuery("getGroupsByFederatedMember", String.class);
        createNamedQuery.setParameter("userId", userModel.getId());
        OrganizationProvider provider = this.session.getProvider(OrganizationProvider.class);
        GroupProvider groups = this.session.groups();
        return StreamsUtil.closing(createNamedQuery.getResultStream()).map(str -> {
            return groups.getGroupById(getRealm(), str);
        }).map(groupModel -> {
            return provider.getById(groupModel.getName());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        });
    }

    public boolean addIdentityProvider(OrganizationModel organizationModel, IdentityProviderModel identityProviderModel) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        throwExceptionIfObjectIsNull(identityProviderModel, "Identity provider");
        OrganizationEntity entity = getEntity(organizationModel.getId());
        if (!checkOrgIdpAndRealm(entity, identityProviderModel)) {
            return false;
        }
        String organizationId = identityProviderModel.getOrganizationId();
        if (entity.getId().equals(organizationId)) {
            return false;
        }
        if (organizationId != null) {
            throw new ModelValidationException("Identity provider already associated with a different organization");
        }
        identityProviderModel.setOrganizationId(entity.getId());
        this.session.identityProviders().update(identityProviderModel);
        return true;
    }

    public Stream<IdentityProviderModel> getIdentityProviders(OrganizationModel organizationModel) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        throwExceptionIfObjectIsNull(organizationModel.getId(), "Organization ID");
        return this.session.identityProviders().getByOrganization(getEntity(organizationModel.getId()).getId(), (Integer) null, (Integer) null);
    }

    public boolean removeIdentityProvider(OrganizationModel organizationModel, IdentityProviderModel identityProviderModel) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        if (!getEntity(organizationModel.getId()).getId().equals(identityProviderModel.getOrganizationId())) {
            return false;
        }
        identityProviderModel.setOrganizationId((String) null);
        identityProviderModel.getConfig().remove("kc.org.domain");
        this.session.identityProviders().update(identityProviderModel);
        return true;
    }

    public boolean isManagedMember(OrganizationModel organizationModel, UserModel userModel) {
        UserEntity userEntity;
        throwExceptionIfObjectIsNull(organizationModel, "organization");
        if (userModel == null || (userEntity = (UserEntity) this.em.find(UserEntity.class, userModel.getId())) == null) {
            return false;
        }
        try {
            UserGroupMembershipEntity userGroupMembershipEntity = (UserGroupMembershipEntity) this.em.createNamedQuery("userMemberOf", UserGroupMembershipEntity.class).setParameter("user", userEntity).setParameter("groupId", getOrganizationGroup(organizationModel).getId()).getSingleResult();
            this.em.detach(userGroupMembershipEntity);
            return MembershipType.MANAGED.equals(userGroupMembershipEntity.getMembershipType());
        } catch (NoResultException e) {
            return false;
        }
    }

    public boolean removeMember(OrganizationModel organizationModel, UserModel userModel) {
        throwExceptionIfObjectIsNull(organizationModel, "organization");
        throwExceptionIfObjectIsNull(userModel, "member");
        Stream<OrganizationModel> byMember = getByMember(userModel);
        Objects.requireNonNull(organizationModel);
        OrganizationModel orElse = byMember.filter((v1) -> {
            return r1.equals(v1);
        }).findAny().orElse(null);
        if (orElse == null || !orElse.equals(organizationModel)) {
            return false;
        }
        if (isManagedMember(organizationModel, userModel)) {
            this.userProvider.removeUser(getRealm(), userModel);
        } else {
            OrganizationModel resolveOrganization = Organizations.resolveOrganization(this.session);
            if (resolveOrganization == null) {
                this.session.getContext().setOrganization(organizationModel);
            }
            try {
                userModel.leaveGroup(getOrganizationGroup(organizationModel));
                if (resolveOrganization == null) {
                    this.session.getContext().setOrganization((OrganizationModel) null);
                }
            } catch (Throwable th) {
                if (resolveOrganization == null) {
                    this.session.getContext().setOrganization((OrganizationModel) null);
                }
                throw th;
            }
        }
        OrganizationModel.OrganizationMemberLeaveEvent.fire(organizationModel, userModel, this.session);
        return true;
    }

    public long count() {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getCount", Long.class);
        createNamedQuery.setParameter("realmId", getRealm().getId());
        return ((Long) createNamedQuery.getSingleResult()).longValue();
    }

    public boolean isEnabled() {
        return getRealm().isOrganizationsEnabled();
    }

    public void close() {
    }

    private OrganizationEntity getEntity(String str) {
        return getEntity(str, true);
    }

    private OrganizationEntity getEntity(String str, boolean z) {
        OrganizationEntity organizationEntity = (OrganizationEntity) this.em.find(OrganizationEntity.class, str);
        if (organizationEntity == null) {
            if (z) {
                throw new ModelException("Organization [" + str + "] does not exist");
            }
            return null;
        }
        RealmModel realm = getRealm();
        if (realm.getId().equals(organizationEntity.getRealmId())) {
            return organizationEntity;
        }
        throw new ModelException("Organization [" + organizationEntity.getId() + "] does not belong to realm [" + realm.getId() + "]");
    }

    private GroupModel createOrganizationGroup(String str) {
        return this.groupProvider.createGroup(getRealm(), (String) null, GroupModel.Type.ORGANIZATION, str, (GroupModel) null);
    }

    private GroupModel getOrganizationGroup(OrganizationModel organizationModel) {
        throwExceptionIfObjectIsNull(organizationModel, "Organization");
        OrganizationEntity entity = getEntity(organizationModel.getId());
        GroupModel organizationGroup = getOrganizationGroup(entity);
        if (organizationGroup == null) {
            throw new ModelException("Organization group " + entity.getGroupId() + " not found");
        }
        return organizationGroup;
    }

    private GroupModel getOrganizationGroup(OrganizationEntity organizationEntity) {
        return this.groupProvider.getGroupById(getRealm(), organizationEntity.getGroupId());
    }

    private void throwExceptionIfObjectIsNull(Object obj, String str) {
        if (obj == null) {
            throw new ModelException(String.format("%s cannot be null", str));
        }
    }

    private OrganizationEntity getByName(String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getByOrgName", OrganizationEntity.class);
        createNamedQuery.setParameter("name", str);
        createNamedQuery.setParameter("realmId", getRealm().getId());
        try {
            return (OrganizationEntity) createNamedQuery.getSingleResult();
        } catch (NoResultException e) {
            return null;
        }
    }

    private boolean checkOrgIdpAndRealm(OrganizationEntity organizationEntity, IdentityProviderModel identityProviderModel) {
        IdentityProviderModel byAlias = this.session.identityProviders().getByAlias(identityProviderModel.getAlias());
        return byAlias != null && byAlias.getInternalId().equals(identityProviderModel.getInternalId());
    }

    private RealmModel getRealm() {
        RealmModel realm = this.session.getContext().getRealm();
        if (realm == null) {
            throw new IllegalArgumentException("Session not bound to a realm");
        }
        return realm;
    }
}
