package org.keycloak.models.map.user;

import java.util.HashMap;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.StackUtil;
import org.keycloak.common.util.Time;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialAuthentication;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.CredentialProviderFactory;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.SubjectCredentialManager;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.map.common.AbstractMapProviderFactory;
import org.keycloak.models.map.common.TimeAdapter;
import org.keycloak.models.map.credential.MapUserCredentialManager;
import org.keycloak.models.map.storage.MapKeycloakTransaction;
import org.keycloak.models.map.storage.MapKeycloakTransactionWithAuth;
import org.keycloak.models.map.storage.MapStorage;
import org.keycloak.models.map.storage.ModelCriteriaBuilder;
import org.keycloak.models.map.storage.QueryParameters;
import org.keycloak.models.map.storage.criteria.DefaultModelCriteria;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:org/keycloak/models/map/user/MapUserProvider.class */
public class MapUserProvider implements UserProvider {
    private static final Logger LOG = Logger.getLogger(MapUserProvider.class);
    private final KeycloakSession session;
    final MapKeycloakTransaction<MapUserEntity, UserModel> tx;

    public MapUserProvider(KeycloakSession keycloakSession, MapStorage<MapUserEntity, UserModel> mapStorage) {
        this.session = keycloakSession;
        this.tx = mapStorage.createTransaction(keycloakSession);
        keycloakSession.getTransactionManager().enlist(this.tx);
    }

    private Function<MapUserEntity, UserModel> entityToAdapterFunc(RealmModel realmModel) {
        return mapUserEntity -> {
            return new MapUserAdapter(this.session, realmModel, mapUserEntity) { // from class: org.keycloak.models.map.user.MapUserProvider.1
                @Override // org.keycloak.models.map.user.MapUserAdapter
                public boolean checkEmailUniqueness(RealmModel realmModel2, String str) {
                    return MapUserProvider.this.getUserByEmail(realmModel2, str) != null;
                }

                @Override // org.keycloak.models.map.user.MapUserAdapter
                public boolean checkUsernameUniqueness(RealmModel realmModel2, String str) {
                    return MapUserProvider.this.getUserByUsername(realmModel2, str) != null;
                }

                public SubjectCredentialManager credentialManager() {
                    return new MapUserCredentialManager(this.session, this.realm, this, (MapUserEntity) this.entity);
                }
            };
        };
    }

    private Predicate<MapUserEntity> entityRealmFilter(RealmModel realmModel) {
        if (realmModel == null || realmModel.getId() == null) {
            return mapUserEntity -> {
                return false;
            };
        }
        String id = realmModel.getId();
        return mapUserEntity2 -> {
            return mapUserEntity2.getRealmId() == null || Objects.equals(id, mapUserEntity2.getRealmId());
        };
    }

    private ModelException userDoesntExistException() {
        return new ModelException("Specified user doesn't exist.");
    }

    private Optional<MapUserEntity> getEntityById(RealmModel realmModel, String str) {
        try {
            MapUserEntity read = this.tx.read(str);
            return (read == null || !entityRealmFilter(realmModel).test(read)) ? Optional.empty() : Optional.of(read);
        } catch (IllegalArgumentException e) {
            return Optional.empty();
        }
    }

    private MapUserEntity getEntityByIdOrThrow(RealmModel realmModel, String str) {
        return getEntityById(realmModel, str).orElseThrow(this::userDoesntExistException);
    }

    public void addFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        if (userModel == null || userModel.getId() == null) {
            return;
        }
        LOG.tracef("addFederatedIdentity(%s, %s, %s)%s", new Object[]{realmModel, userModel.getId(), federatedIdentityModel.getIdentityProvider(), StackUtil.getShortStackTrace()});
        getEntityById(realmModel, userModel.getId()).ifPresent(mapUserEntity -> {
            mapUserEntity.addFederatedIdentity(MapUserFederatedIdentityEntity.fromModel(federatedIdentityModel));
        });
    }

    public boolean removeFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        LOG.tracef("removeFederatedIdentity(%s, %s, %s)%s", new Object[]{realmModel, userModel.getId(), str, StackUtil.getShortStackTrace()});
        Optional<MapUserEntity> entityById = getEntityById(realmModel, userModel.getId());
        if (!entityById.isPresent()) {
            return false;
        }
        Boolean removeFederatedIdentity = entityById.get().removeFederatedIdentity(str);
        if (removeFederatedIdentity == null) {
            return true;
        }
        return removeFederatedIdentity.booleanValue();
    }

    public void preRemove(RealmModel realmModel, IdentityProviderModel identityProviderModel) {
        String alias = identityProviderModel.getAlias();
        LOG.tracef("preRemove[RealmModel realm, IdentityProviderModel provider](%s, %s)%s", realmModel, alias, StackUtil.getShortStackTrace());
        this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.IDP_AND_USER, ModelCriteriaBuilder.Operator.EQ, alias))).forEach(mapUserEntity -> {
            mapUserEntity.removeFederatedIdentity(alias);
        });
    }

    public void updateFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        LOG.tracef("updateFederatedIdentity(%s, %s, %s)%s", new Object[]{realmModel, userModel.getId(), federatedIdentityModel.getIdentityProvider(), StackUtil.getShortStackTrace()});
        getEntityById(realmModel, userModel.getId()).flatMap(mapUserEntity -> {
            return mapUserEntity.getFederatedIdentity(federatedIdentityModel.getIdentityProvider());
        }).ifPresent(mapUserFederatedIdentityEntity -> {
            mapUserFederatedIdentityEntity.setUserId(federatedIdentityModel.getUserId());
            mapUserFederatedIdentityEntity.setUserName(federatedIdentityModel.getUserName());
            mapUserFederatedIdentityEntity.setToken(federatedIdentityModel.getToken());
        });
    }

    public Stream<FederatedIdentityModel> getFederatedIdentitiesStream(RealmModel realmModel, UserModel userModel) {
        LOG.tracef("getFederatedIdentitiesStream(%s, %s)%s", realmModel, userModel.getId(), StackUtil.getShortStackTrace());
        return ((Stream) getEntityById(realmModel, userModel.getId()).map((v0) -> {
            return v0.getFederatedIdentities();
        }).map((v0) -> {
            return v0.stream();
        }).orElseGet(Stream::empty)).map(MapUserFederatedIdentityEntity::toModel);
    }

    public FederatedIdentityModel getFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        LOG.tracef("getFederatedIdentity(%s, %s, %s)%s", new Object[]{realmModel, userModel.getId(), str, StackUtil.getShortStackTrace()});
        return (FederatedIdentityModel) getEntityById(realmModel, userModel.getId()).flatMap(mapUserEntity -> {
            return mapUserEntity.getFederatedIdentity(str);
        }).map(MapUserFederatedIdentityEntity::toModel).orElse(null);
    }

    public UserModel getUserByFederatedIdentity(RealmModel realmModel, FederatedIdentityModel federatedIdentityModel) {
        LOG.tracef("getUserByFederatedIdentity(%s, %s)%s", realmModel, federatedIdentityModel, StackUtil.getShortStackTrace());
        return (UserModel) this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.IDP_AND_USER, ModelCriteriaBuilder.Operator.EQ, federatedIdentityModel.getIdentityProvider(), federatedIdentityModel.getUserId()))).collect(Collectors.collectingAndThen(Collectors.toList(), list -> {
            if (list.isEmpty()) {
                return null;
            }
            if (list.size() != 1) {
                throw new IllegalStateException("More results found for identityProvider=" + federatedIdentityModel.getIdentityProvider() + ", userId=" + federatedIdentityModel.getUserId() + ", results=" + list);
            }
            return entityToAdapterFunc(realmModel).apply((MapUserEntity) list.get(0));
        }));
    }

    public void addConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        LOG.tracef("addConsent(%s, %s, %s)%s", new Object[]{realmModel, str, userConsentModel, StackUtil.getShortStackTrace()});
        getEntityByIdOrThrow(realmModel, str).addUserConsent(MapUserConsentEntity.fromModel(userConsentModel));
    }

    public UserConsentModel getConsentByClient(RealmModel realmModel, String str, String str2) {
        LOG.tracef("getConsentByClient(%s, %s, %s)%s", new Object[]{realmModel, str, str2, StackUtil.getShortStackTrace()});
        return (UserConsentModel) getEntityById(realmModel, str).flatMap(mapUserEntity -> {
            return mapUserEntity.getUserConsent(str2);
        }).map(mapUserConsentEntity -> {
            return MapUserConsentEntity.toModel(realmModel, mapUserConsentEntity);
        }).orElse(null);
    }

    public Stream<UserConsentModel> getConsentsStream(RealmModel realmModel, String str) {
        LOG.tracef("getConsentByClientStream(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        return ((Stream) getEntityById(realmModel, str).map((v0) -> {
            return v0.getUserConsents();
        }).map((v0) -> {
            return v0.stream();
        }).orElseGet(Stream::empty)).map(mapUserConsentEntity -> {
            return MapUserConsentEntity.toModel(realmModel, mapUserConsentEntity);
        });
    }

    public void updateConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        LOG.tracef("updateConsent(%s, %s, %s)%s", new Object[]{realmModel, str, userConsentModel, StackUtil.getShortStackTrace()});
        MapUserConsentEntity orElseThrow = getEntityByIdOrThrow(realmModel, str).getUserConsent(userConsentModel.getClient().getId()).orElseThrow(() -> {
            return new ModelException("Consent not found for client [" + userConsentModel.getClient().getId() + "] and user [" + str + "]");
        });
        orElseThrow.setGrantedClientScopesIds((Set) userConsentModel.getGrantedClientScopes().stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet()));
        orElseThrow.setLastUpdatedDate(Long.valueOf(Time.currentTimeMillis()));
    }

    public boolean revokeConsentForClient(RealmModel realmModel, String str, String str2) {
        LOG.tracef("revokeConsentForClient(%s, %s, %s)%s", new Object[]{realmModel, str, str2, StackUtil.getShortStackTrace()});
        Optional<MapUserEntity> entityById = getEntityById(realmModel, str);
        if (!entityById.isPresent()) {
            return false;
        }
        Boolean removeUserConsent = entityById.get().removeUserConsent(str2);
        if (removeUserConsent == null) {
            return true;
        }
        return removeUserConsent.booleanValue();
    }

    public void setNotBeforeForUser(RealmModel realmModel, UserModel userModel, int i) {
        LOG.tracef("setNotBeforeForUser(%s, %s, %d)%s", new Object[]{realmModel, userModel.getId(), Integer.valueOf(i), StackUtil.getShortStackTrace()});
        getEntityByIdOrThrow(realmModel, userModel.getId()).setNotBefore(Long.valueOf(TimeAdapter.fromIntegerWithTimeInSecondsToLongWithTimeAsInSeconds(i)));
    }

    public int getNotBeforeOfUser(RealmModel realmModel, UserModel userModel) {
        LOG.tracef("getNotBeforeOfUser(%s, %s)%s", realmModel, userModel.getId(), StackUtil.getShortStackTrace());
        Long notBefore = getEntityById(realmModel, userModel.getId()).orElseThrow(this::userDoesntExistException).getNotBefore();
        if (notBefore == null) {
            return 0;
        }
        return TimeAdapter.fromLongWithTimeInSecondsToIntegerWithTimeInSeconds(notBefore);
    }

    public UserModel getServiceAccount(ClientModel clientModel) {
        LOG.tracef("getServiceAccount(%s)%s", clientModel.getId(), StackUtil.getShortStackTrace());
        return (UserModel) this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, clientModel.getRealm().getId()).compare(UserModel.SearchableFields.SERVICE_ACCOUNT_CLIENT, ModelCriteriaBuilder.Operator.EQ, clientModel.getId()))).collect(Collectors.collectingAndThen(Collectors.toList(), list -> {
            if (list.isEmpty()) {
                return null;
            }
            if (list.size() != 1) {
                throw new IllegalStateException("More service account linked users found for client=" + clientModel.getClientId() + ", results=" + list);
            }
            return entityToAdapterFunc(clientModel.getRealm()).apply((MapUserEntity) list.get(0));
        }));
    }

    public UserModel addUser(RealmModel realmModel, String str, String str2, boolean z, boolean z2) {
        LOG.tracef("addUser(%s, %s, %s, %s, %s)%s", new Object[]{realmModel, str, str2, Boolean.valueOf(z), Boolean.valueOf(z2), StackUtil.getShortStackTrace()});
        if (this.tx.getCount(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(KeycloakModelUtils.isUsernameCaseSensitive(realmModel) ? UserModel.SearchableFields.USERNAME : UserModel.SearchableFields.USERNAME_CASE_INSENSITIVE, ModelCriteriaBuilder.Operator.EQ, str2))) > 0) {
            throw new ModelDuplicateException("User with username '" + str2 + "' in realm " + realmModel.getName() + " already exists");
        }
        if (str != null && this.tx.read(str) != null) {
            throw new ModelDuplicateException("User exists: " + str);
        }
        MapUserEntityImpl mapUserEntityImpl = new MapUserEntityImpl();
        mapUserEntityImpl.setId(str);
        mapUserEntityImpl.setRealmId(realmModel.getId());
        mapUserEntityImpl.setEmailConstraint(KeycloakModelUtils.generateId());
        mapUserEntityImpl.setUsername(str2);
        mapUserEntityImpl.setCreatedTimestamp(Long.valueOf(Time.currentTimeMillis()));
        UserModel apply = entityToAdapterFunc(realmModel).apply(this.tx.create(mapUserEntityImpl));
        if (z) {
            apply.grantRole(realmModel.getDefaultRole());
            Stream defaultGroupsStream = realmModel.getDefaultGroupsStream();
            Objects.requireNonNull(apply);
            defaultGroupsStream.forEach(apply::joinGroup);
        }
        if (z2) {
            Stream map = realmModel.getRequiredActionProvidersStream().filter((v0) -> {
                return v0.isEnabled();
            }).filter((v0) -> {
                return v0.isDefaultAction();
            }).map((v0) -> {
                return v0.getAlias();
            });
            Objects.requireNonNull(apply);
            map.forEach(apply::addRequiredAction);
        }
        return apply;
    }

    public void preRemove(RealmModel realmModel) {
        LOG.tracef("preRemove[RealmModel](%s)%s", realmModel, StackUtil.getShortStackTrace());
        this.tx.delete(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId())));
    }

    public void removeImportedUsers(RealmModel realmModel, String str) {
        LOG.tracef("removeImportedUsers(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        this.tx.delete(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.FEDERATION_LINK, ModelCriteriaBuilder.Operator.EQ, str)));
    }

    public void unlinkUsers(RealmModel realmModel, String str) {
        LOG.tracef("unlinkUsers(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        Stream<MapUserEntity> read = this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.FEDERATION_LINK, ModelCriteriaBuilder.Operator.EQ, str)));
        try {
            read.forEach(mapUserEntity -> {
                mapUserEntity.setFederationLink(null);
            });
            if (read != null) {
                read.close();
            }
        } catch (Throwable th) {
            if (read != null) {
                try {
                    read.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void preRemove(RealmModel realmModel, RoleModel roleModel) {
        String id = roleModel.getId();
        LOG.tracef("preRemove[RoleModel](%s, %s)%s", realmModel, id, StackUtil.getShortStackTrace());
        Stream<MapUserEntity> read = this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.ASSIGNED_ROLE, ModelCriteriaBuilder.Operator.EQ, id)));
        try {
            read.forEach(mapUserEntity -> {
                mapUserEntity.removeRolesMembership(id);
            });
            if (read != null) {
                read.close();
            }
        } catch (Throwable th) {
            if (read != null) {
                try {
                    read.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void preRemove(RealmModel realmModel, GroupModel groupModel) {
        String id = groupModel.getId();
        LOG.tracef("preRemove[GroupModel](%s, %s)%s", realmModel, id, StackUtil.getShortStackTrace());
        Stream<MapUserEntity> read = this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.ASSIGNED_GROUP, ModelCriteriaBuilder.Operator.EQ, id)));
        try {
            read.forEach(mapUserEntity -> {
                mapUserEntity.removeGroupsMembership(id);
            });
            if (read != null) {
                read.close();
            }
        } catch (Throwable th) {
            if (read != null) {
                try {
                    read.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void preRemove(RealmModel realmModel, ClientModel clientModel) {
        String id = clientModel.getId();
        LOG.tracef("preRemove[ClientModel](%s, %s)%s", realmModel, id, StackUtil.getShortStackTrace());
        Stream<MapUserEntity> read = this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.CONSENT_FOR_CLIENT, ModelCriteriaBuilder.Operator.EQ, id)));
        try {
            read.forEach(mapUserEntity -> {
                mapUserEntity.removeUserConsent(id);
            });
            if (read != null) {
                read.close();
            }
        } catch (Throwable th) {
            if (read != null) {
                try {
                    read.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void preRemove(ProtocolMapperModel protocolMapperModel) {
    }

    public void preRemove(ClientScopeModel clientScopeModel) {
        String id = clientScopeModel.getId();
        LOG.tracef("preRemove[ClientScopeModel](%s)%s", id, StackUtil.getShortStackTrace());
        Stream<MapUserEntity> read = this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, clientScopeModel.getRealm().getId()).compare(UserModel.SearchableFields.CONSENT_WITH_CLIENT_SCOPE, ModelCriteriaBuilder.Operator.EQ, id)));
        try {
            read.map((v0) -> {
                return v0.getUserConsents();
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).flatMap((v0) -> {
                return v0.stream();
            }).forEach(mapUserConsentEntity -> {
                mapUserConsentEntity.removeGrantedClientScopesId(id);
            });
            if (read != null) {
                read.close();
            }
        } catch (Throwable th) {
            if (read != null) {
                try {
                    read.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public void preRemove(RealmModel realmModel, ComponentModel componentModel) {
    }

    public void grantToAllUsers(RealmModel realmModel, RoleModel roleModel) {
        String id = roleModel.getId();
        LOG.tracef("grantToAllUsers(%s, %s)%s", realmModel, id, StackUtil.getShortStackTrace());
        Stream<MapUserEntity> read = this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId())));
        try {
            read.forEach(mapUserEntity -> {
                mapUserEntity.addRolesMembership(id);
            });
            if (read != null) {
                read.close();
            }
        } catch (Throwable th) {
            if (read != null) {
                try {
                    read.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public UserModel getUserById(RealmModel realmModel, String str) {
        LOG.tracef("getUserById(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        return (UserModel) getEntityById(realmModel, str).map(entityToAdapterFunc(realmModel)).orElse(null);
    }

    public UserModel getUserByUsername(RealmModel realmModel, String str) {
        if (str == null) {
            return null;
        }
        LOG.tracef("getUserByUsername(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        Stream<MapUserEntity> read = this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(KeycloakModelUtils.isUsernameCaseSensitive(realmModel) ? UserModel.SearchableFields.USERNAME : UserModel.SearchableFields.USERNAME_CASE_INSENSITIVE, ModelCriteriaBuilder.Operator.EQ, str)).orderBy(UserModel.SearchableFields.USERNAME, QueryParameters.Order.ASCENDING));
        try {
            List list = (List) read.collect(Collectors.toList());
            if (list.isEmpty()) {
                if (read != null) {
                    read.close();
                }
                return null;
            }
            if (list.size() != 1) {
                throw new ModelDuplicateException(String.format("There are colliding usernames for users with usernames and ids: %s", list.stream().collect(Collectors.toMap((v0) -> {
                    return v0.getUsername();
                }, (v0) -> {
                    return v0.getId();
                }))));
            }
            UserModel apply = entityToAdapterFunc(realmModel).apply((MapUserEntity) list.get(0));
            if (read != null) {
                read.close();
            }
            return apply;
        } catch (Throwable th) {
            if (read != null) {
                try {
                    read.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public UserModel getUserByEmail(RealmModel realmModel, String str) {
        LOG.tracef("getUserByEmail(%s, %s)%s", realmModel, str, StackUtil.getShortStackTrace());
        List list = (List) this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.EMAIL, ModelCriteriaBuilder.Operator.EQ, str))).collect(Collectors.toList());
        if (list.isEmpty()) {
            return null;
        }
        if (list.size() > 1) {
            throw new ModelDuplicateException("Multiple users with email '" + str + "' exist in Keycloak.");
        }
        MapUserEntity mapUserEntity = (MapUserEntity) list.get(0);
        if (!realmModel.isDuplicateEmailsAllowed() && mapUserEntity.getEmail() != null && !mapUserEntity.getEmail().equals(mapUserEntity.getEmailConstraint())) {
            mapUserEntity.setEmailConstraint(mapUserEntity.getEmail());
        }
        return entityToAdapterFunc(realmModel).apply(mapUserEntity);
    }

    public int getUsersCount(RealmModel realmModel, boolean z) {
        LOG.tracef("getUsersCount(%s, %s)%s", realmModel, Boolean.valueOf(z), StackUtil.getShortStackTrace());
        DefaultModelCriteria compare = DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId());
        if (!z) {
            compare = compare.compare(UserModel.SearchableFields.SERVICE_ACCOUNT_CLIENT, ModelCriteriaBuilder.Operator.NOT_EXISTS, new Object[0]);
        }
        return (int) this.tx.getCount(QueryParameters.withCriteria(compare));
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, String str, Integer num, Integer num2) {
        LOG.tracef("searchForUserStream(%s, %s, %d, %d)%s", new Object[]{realmModel, str, num, num2, StackUtil.getShortStackTrace()});
        HashMap hashMap = new HashMap();
        hashMap.put("keycloak.session.realm.users.query.search", str);
        hashMap.put("keycloak.session.realm.users.query.include_service_account", Boolean.FALSE.toString());
        return searchForUserStream(realmModel, hashMap, num, num2);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:100:0x03bf, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.SERVICE_ACCOUNT_CLIENT, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.NOT_EXISTS, new java.lang.Object[0]);
     */
    /* JADX WARN: Code restructure failed: missing block: B:105:0x03d6, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.ATTRIBUTE, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.EQ, r0, r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x01e8, code lost:
    
        switch(r23) {
            case 0: goto L91;
            case 1: goto L92;
            case 2: goto L93;
            case 3: goto L94;
            case 4: goto L95;
            case 5: goto L96;
            case 6: goto L97;
            case 7: goto L98;
            case 8: goto L99;
            case 9: goto L100;
            case 10: goto L107;
            default: goto L101;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x0224, code lost:
    
        r24 = null;
        r0 = r0.split("\\s+");
        r0 = r0.length;
        r27 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x023c, code lost:
    
        if (r27 >= r0) goto L121;
     */
    /* JADX WARN: Code restructure failed: missing block: B:51:0x023f, code lost:
    
        r0 = r0[r27];
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x0248, code lost:
    
        if (r24 != null) goto L55;
     */
    /* JADX WARN: Code restructure failed: missing block: B:53:0x024b, code lost:
    
        r0 = addSearchToModelCriteria(r10, r0, r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:55:0x0275, code lost:
    
        r24 = r0;
        r27 = r27 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x0259, code lost:
    
        r0 = r0.and(r24, addSearchToModelCriteria(r10, r0, r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x027b, code lost:
    
        r15 = r0.and(r15, r24);
     */
    /* JADX WARN: Code restructure failed: missing block: B:64:0x0297, code lost:
    
        if (org.keycloak.models.utils.KeycloakModelUtils.isUsernameCaseSensitive(r10) == false) goto L61;
     */
    /* JADX WARN: Code restructure failed: missing block: B:65:0x029a, code lost:
    
        r0 = r15.compare(org.keycloak.models.UserModel.SearchableFields.USERNAME, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.LIKE, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x02c5, code lost:
    
        r15 = r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x02b1, code lost:
    
        r0 = r15.compare(org.keycloak.models.UserModel.SearchableFields.USERNAME_CASE_INSENSITIVE, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.ILIKE, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:70:0x02ca, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.FIRST_NAME, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.ILIKE, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x02e3, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.LAST_NAME, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.ILIKE, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:76:0x02fc, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.EMAIL, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.ILIKE, r21);
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x0315, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.EMAIL_VERIFIED, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.EQ, java.lang.Boolean.valueOf(java.lang.Boolean.parseBoolean(r0)));
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x0338, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.ENABLED, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.EQ, java.lang.Boolean.valueOf(java.lang.Boolean.parseBoolean(r0)));
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x0363, code lost:
    
        if (r11.containsKey("keycloak.session.realm.users.query.idp_user_id") != false) goto L115;
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x0366, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.IDP_AND_USER, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.EQ, r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x037f, code lost:
    
        r15 = r15.compare(org.keycloak.models.UserModel.SearchableFields.IDP_AND_USER, org.keycloak.models.map.storage.ModelCriteriaBuilder.Operator.EQ, r11.get("keycloak.session.realm.users.query.idp_alias"), r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x03ab, code lost:
    
        if (r11.containsKey("keycloak.session.realm.users.query.include_service_account") == false) goto L103;
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x03bc, code lost:
    
        if (java.lang.Boolean.parseBoolean(r11.get("keycloak.session.realm.users.query.include_service_account")) != false) goto L118;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.stream.Stream<org.keycloak.models.UserModel> searchForUserStream(org.keycloak.models.RealmModel r10, java.util.Map<java.lang.String, java.lang.String> r11, java.lang.Integer r12, java.lang.Integer r13) {
        /*
            Method dump skipped, instructions count: 1162
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.keycloak.models.map.user.MapUserProvider.searchForUserStream(org.keycloak.models.RealmModel, java.util.Map, java.lang.Integer, java.lang.Integer):java.util.stream.Stream");
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel, Integer num, Integer num2) {
        LOG.tracef("getGroupMembersStream(%s, %s, %d, %d)%s", new Object[]{realmModel, groupModel.getId(), num, num2, StackUtil.getShortStackTrace()});
        return this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.ASSIGNED_GROUP, ModelCriteriaBuilder.Operator.EQ, groupModel.getId())).pagination(num, num2, UserModel.SearchableFields.USERNAME)).map(entityToAdapterFunc(realmModel));
    }

    public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realmModel, String str, String str2) {
        LOG.tracef("searchForUserByUserAttributeStream(%s, %s, %s)%s", new Object[]{realmModel, str, str2, StackUtil.getShortStackTrace()});
        return this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.ATTRIBUTE, ModelCriteriaBuilder.Operator.EQ, str, str2)).orderBy(UserModel.SearchableFields.USERNAME, QueryParameters.Order.ASCENDING)).map(entityToAdapterFunc(realmModel));
    }

    public UserModel addUser(RealmModel realmModel, String str) {
        return addUser(realmModel, null, str, true, true);
    }

    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        String id = userModel.getId();
        if (!getEntityById(realmModel, id).isPresent()) {
            return false;
        }
        this.session.invalidate(AbstractMapProviderFactory.MapProviderObjectType.USER_BEFORE_REMOVE, new Object[]{realmModel, userModel});
        this.tx.delete(id);
        this.session.invalidate(AbstractMapProviderFactory.MapProviderObjectType.USER_AFTER_REMOVE, new Object[]{realmModel, userModel});
        return true;
    }

    public Stream<UserModel> getRoleMembersStream(RealmModel realmModel, RoleModel roleModel, Integer num, Integer num2) {
        LOG.tracef("getRoleMembersStream(%s, %s, %d, %d)%s", new Object[]{realmModel, roleModel, num, num2, StackUtil.getShortStackTrace()});
        return this.tx.read(QueryParameters.withCriteria(DefaultModelCriteria.criteria().compare(UserModel.SearchableFields.REALM_ID, ModelCriteriaBuilder.Operator.EQ, realmModel.getId()).compare(UserModel.SearchableFields.ASSIGNED_ROLE, ModelCriteriaBuilder.Operator.EQ, roleModel.getId())).pagination(num, num2, UserModel.SearchableFields.USERNAME)).map(entityToAdapterFunc(realmModel));
    }

    public void close() {
    }

    public static <T> Stream<T> getCredentialProviders(KeycloakSession keycloakSession, Class<T> cls) {
        return (Stream<T>) keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).filter(providerFactory -> {
            return Types.supports(cls, providerFactory, CredentialProviderFactory.class);
        }).map(providerFactory2 -> {
            return keycloakSession.getProvider(CredentialProvider.class, providerFactory2.getId());
        });
    }

    public CredentialValidationOutput getUserByCredential(RealmModel realmModel, CredentialInput credentialInput) {
        MapCredentialValidationOutput authenticate;
        CredentialValidationOutput credentialValidationOutput = (CredentialValidationOutput) getCredentialProviders(this.session, CredentialAuthentication.class).filter(credentialAuthentication -> {
            return credentialAuthentication.supportsCredentialAuthenticationFor(credentialInput.getType());
        }).map(credentialAuthentication2 -> {
            return credentialAuthentication2.authenticate(realmModel, credentialInput);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).findFirst().orElse(null);
        if (credentialValidationOutput == null && (this.tx instanceof MapKeycloakTransactionWithAuth) && (authenticate = ((MapKeycloakTransactionWithAuth) this.tx).authenticate(realmModel, credentialInput)) != null) {
            UserModel userModel = null;
            if (authenticate.getAuthenticatedUser() != null) {
                userModel = entityToAdapterFunc(realmModel).apply((MapUserEntity) authenticate.getAuthenticatedUser());
            }
            credentialValidationOutput = new CredentialValidationOutput(userModel, authenticate.getAuthStatus(), authenticate.getState());
        }
        return credentialValidationOutput;
    }

    private DefaultModelCriteria<UserModel> addSearchToModelCriteria(RealmModel realmModel, String str, DefaultModelCriteria<UserModel> defaultModelCriteria) {
        String str2;
        if (str.length() >= 2 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') {
            str2 = str.substring(1, str.length() - 1);
        } else if (str.length() >= 2 && str.charAt(0) == '*' && str.charAt(str.length() - 1) == '*') {
            str2 = "%" + str.substring(1, str.length() - 1) + "%";
        } else {
            if (str.length() > 0 && str.charAt(str.length() - 1) == '*') {
                str = str.substring(0, str.length() - 1);
            }
            str2 = str + "%";
        }
        DefaultModelCriteria<UserModel>[] defaultModelCriteriaArr = new DefaultModelCriteria[4];
        defaultModelCriteriaArr[0] = KeycloakModelUtils.isUsernameCaseSensitive(realmModel) ? defaultModelCriteria.compare(UserModel.SearchableFields.USERNAME, ModelCriteriaBuilder.Operator.LIKE, str2) : defaultModelCriteria.compare(UserModel.SearchableFields.USERNAME_CASE_INSENSITIVE, ModelCriteriaBuilder.Operator.ILIKE, str2);
        defaultModelCriteriaArr[1] = defaultModelCriteria.compare(UserModel.SearchableFields.EMAIL, ModelCriteriaBuilder.Operator.ILIKE, str2);
        defaultModelCriteriaArr[2] = defaultModelCriteria.compare(UserModel.SearchableFields.FIRST_NAME, ModelCriteriaBuilder.Operator.ILIKE, str2);
        defaultModelCriteriaArr[3] = defaultModelCriteria.compare(UserModel.SearchableFields.LAST_NAME, ModelCriteriaBuilder.Operator.ILIKE, str2);
        return defaultModelCriteria.or(defaultModelCriteriaArr);
    }
}
