package org.picketlink.idm.impl.store.hibernate;

import java.io.Serializable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import org.hibernate.Criteria;
import org.hibernate.Hibernate;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.SessionFactory;
import org.hibernate.cfg.Configuration;
import org.hibernate.classic.Session;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.picketlink.idm.common.exception.IdentityException;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObject;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttribute;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectAttributeBinaryValue;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredential;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialBinaryValue;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectCredentialType;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationship;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipName;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectRelationshipType;
import org.picketlink.idm.impl.model.hibernate.HibernateIdentityObjectType;
import org.picketlink.idm.impl.model.hibernate.HibernateRealm;
import org.picketlink.idm.impl.store.FeaturesMetaDataImpl;
import org.picketlink.idm.spi.configuration.IdentityStoreConfigurationContext;
import org.picketlink.idm.spi.configuration.metadata.IdentityObjectAttributeMetaData;
import org.picketlink.idm.spi.configuration.metadata.IdentityObjectTypeMetaData;
import org.picketlink.idm.spi.configuration.metadata.IdentityStoreConfigurationMetaData;
import org.picketlink.idm.spi.configuration.metadata.RealmConfigurationMetaData;
import org.picketlink.idm.spi.exception.OperationNotSupportedException;
import org.picketlink.idm.spi.model.IdentityObject;
import org.picketlink.idm.spi.model.IdentityObjectAttribute;
import org.picketlink.idm.spi.model.IdentityObjectCredential;
import org.picketlink.idm.spi.model.IdentityObjectCredentialType;
import org.picketlink.idm.spi.model.IdentityObjectRelationship;
import org.picketlink.idm.spi.model.IdentityObjectRelationshipType;
import org.picketlink.idm.spi.model.IdentityObjectType;
import org.picketlink.idm.spi.search.IdentityObjectSearchCriteria;
import org.picketlink.idm.spi.store.FeaturesMetaData;
import org.picketlink.idm.spi.store.IdentityObjectSearchCriteriaType;
import org.picketlink.idm.spi.store.IdentityStore;
import org.picketlink.idm.spi.store.IdentityStoreInvocationContext;
import org.picketlink.idm.spi.store.IdentityStoreSession;

/* loaded from: input_file:org/picketlink/idm/impl/store/hibernate/HibernateIdentityStoreImpl.class */
public class HibernateIdentityStoreImpl implements IdentityStore, Serializable {
    public static final String HIBERNATE_SESSION_FACTORY_REGISTRY_NAME = "hibernateSessionFactoryRegistryName";
    public static final String HIBERNATE_CONFIGURATION = "hibernateConfiguration";
    public static final String ADD_HIBERNATE_MAPPINGS = "addHibernateMappings";
    public static final String HIBERNATE_SESSION_FACTORY_JNDI_NAME = "hibernateSessionFactoryJNDIName";
    public static final String POPULATE_MEMBERSHIP_TYPES = "populateRelationshipTypes";
    public static final String POPULATE_IDENTITY_OBJECT_TYPES = "populateIdentityObjectTypes";
    public static final String IS_REALM_AWARE = "isRealmAware";
    public static final String MANAGE_TRANSACTION_DURING_BOOTSTRAP = "manageTransactionDuringBootstrap";
    public static final String ALLOW_NOT_DEFINED_ATTRIBUTES = "allowNotDefinedAttributes";
    public static final String ALLOW_NOT_DEFINED_IDENTITY_OBJECT_TYPES_OPTION = "allowNotDefinedIdentityObjectTypes";
    public static final String CREDENTIAL_TYPE_PASSWORD = "PASSWORD";
    public static final String CREDENTIAL_TYPE_BINARY = "BINARY";
    private String id;
    private FeaturesMetaData supportedFeatures;
    private SessionFactory sessionFactory;
    private IdentityStoreConfigurationMetaData configurationMD;
    private static final long serialVersionUID = -130355852189832805L;
    public static final String DEFAULT_REALM_NAME = HibernateIdentityStoreImpl.class.getName() + ".DEFAULT_REALM";
    private static Set<IdentityObjectSearchCriteriaType> supportedIdentityObjectSearchCriteria = new HashSet();
    private static Set<String> supportedCredentialTypes = new HashSet();
    private boolean isRealmAware = false;
    private boolean isAllowNotDefinedAttributes = false;
    private boolean isAllowNotDefinedIdentityObjectTypes = false;
    private boolean isManageTransactionDuringBootstrap = true;
    private Map<String, Set<String>> attributeMappings = new HashMap();
    private Map<String, Map<String, IdentityObjectAttributeMetaData>> attributesMetaData = new HashMap();
    private Map<String, Map<String, String>> reverseAttributeMappings = new HashMap();

    public HibernateIdentityStoreImpl(String str) {
        this.id = str;
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void bootstrap(IdentityStoreConfigurationContext identityStoreConfigurationContext) throws IdentityException {
        this.configurationMD = identityStoreConfigurationContext.getStoreConfigurationMetaData();
        this.id = this.configurationMD.getId();
        this.supportedFeatures = new FeaturesMetaDataImpl(this.configurationMD, supportedIdentityObjectSearchCriteria, true, true, new HashSet());
        String optionSingleValue = this.configurationMD.getOptionSingleValue(POPULATE_MEMBERSHIP_TYPES);
        String optionSingleValue2 = this.configurationMD.getOptionSingleValue(POPULATE_IDENTITY_OBJECT_TYPES);
        String optionSingleValue3 = this.configurationMD.getOptionSingleValue(MANAGE_TRANSACTION_DURING_BOOTSTRAP);
        if (optionSingleValue3 != null && optionSingleValue3.equalsIgnoreCase("false")) {
            this.isAllowNotDefinedAttributes = false;
        }
        this.sessionFactory = bootstrapHibernateSessionFactory(identityStoreConfigurationContext);
        Session openSession = this.sessionFactory.openSession();
        for (IdentityObjectTypeMetaData identityObjectTypeMetaData : this.configurationMD.getSupportedIdentityTypes()) {
            HashSet hashSet = new HashSet();
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (IdentityObjectAttributeMetaData identityObjectAttributeMetaData : identityObjectTypeMetaData.getAttributes()) {
                hashSet.add(identityObjectAttributeMetaData.getName());
                hashMap.put(identityObjectAttributeMetaData.getName(), identityObjectAttributeMetaData);
                if (identityObjectAttributeMetaData.getStoreMapping() != null) {
                    hashMap2.put(identityObjectAttributeMetaData.getStoreMapping(), identityObjectAttributeMetaData.getName());
                }
            }
            this.attributeMappings.put(identityObjectTypeMetaData.getName(), Collections.unmodifiableSet(hashSet));
            this.attributesMetaData.put(identityObjectTypeMetaData.getName(), hashMap);
            this.reverseAttributeMappings.put(identityObjectTypeMetaData.getName(), hashMap2);
        }
        this.attributeMappings = Collections.unmodifiableMap(this.attributeMappings);
        if (isManageTransactionDuringBootstrap()) {
            openSession.getTransaction().begin();
        }
        if (optionSingleValue != null && optionSingleValue.equalsIgnoreCase("true")) {
            LinkedList linkedList = new LinkedList();
            Iterator<String> it = this.configurationMD.getSupportedRelationshipTypes().iterator();
            while (it.hasNext()) {
                linkedList.add(it.next());
            }
            try {
                populateRelationshipTypes(openSession, (String[]) linkedList.toArray(new String[linkedList.size()]));
            } catch (Exception e) {
                throw new IdentityException("Failed to populate relationship types", e);
            }
        }
        if (optionSingleValue2 != null && optionSingleValue2.equalsIgnoreCase("true")) {
            LinkedList linkedList2 = new LinkedList();
            Iterator<IdentityObjectTypeMetaData> it2 = this.configurationMD.getSupportedIdentityTypes().iterator();
            while (it2.hasNext()) {
                linkedList2.add(it2.next().getName());
            }
            try {
                populateObjectTypes(openSession, (String[]) linkedList2.toArray(new String[linkedList2.size()]));
            } catch (Exception e2) {
                throw new IdentityException("Failed to populate identity object types", e2);
            }
        }
        if (supportedCredentialTypes != null && supportedCredentialTypes.size() > 0) {
            try {
                populateCredentialTypes(openSession, (String[]) supportedCredentialTypes.toArray(new String[supportedCredentialTypes.size()]));
            } catch (Exception e3) {
                throw new IdentityException("Failed to populated credential types");
            }
        }
        String optionSingleValue4 = this.configurationMD.getOptionSingleValue(IS_REALM_AWARE);
        if (optionSingleValue4 != null && optionSingleValue4.equalsIgnoreCase("true")) {
            this.isRealmAware = true;
        }
        String optionSingleValue5 = this.configurationMD.getOptionSingleValue("allowNotDefinedAttributes");
        if (optionSingleValue5 != null && optionSingleValue5.equalsIgnoreCase("true")) {
            this.isAllowNotDefinedAttributes = true;
        }
        String optionSingleValue6 = this.configurationMD.getOptionSingleValue("allowNotDefinedIdentityObjectTypes");
        if (optionSingleValue6 != null && optionSingleValue6.equalsIgnoreCase("true")) {
            this.isAllowNotDefinedIdentityObjectTypes = true;
        }
        HibernateRealm hibernateRealm = null;
        try {
            hibernateRealm = (HibernateRealm) openSession.createCriteria(HibernateRealm.class).add(Restrictions.eq("name", DEFAULT_REALM_NAME)).uniqueResult();
        } catch (HibernateException e4) {
        }
        if (hibernateRealm == null) {
            addRealm(openSession, DEFAULT_REALM_NAME);
        }
        if (isRealmAware()) {
            HashSet<String> hashSet2 = new HashSet();
            Iterator<RealmConfigurationMetaData> it3 = identityStoreConfigurationContext.getConfigurationMetaData().getRealms().iterator();
            while (it3.hasNext()) {
                hashSet2.add(it3.next().getId());
            }
            for (String str : hashSet2) {
                if (((HibernateRealm) openSession.createCriteria(HibernateRealm.class).add(Restrictions.eq("name", str)).setCacheable(true).uniqueResult()) == null) {
                    addRealm(openSession, str);
                }
            }
        }
        if (isManageTransactionDuringBootstrap()) {
            openSession.getTransaction().commit();
        }
        openSession.flush();
        openSession.close();
    }

    protected SessionFactory bootstrapHibernateSessionFactory(IdentityStoreConfigurationContext identityStoreConfigurationContext) throws IdentityException {
        String optionSingleValue = identityStoreConfigurationContext.getStoreConfigurationMetaData().getOptionSingleValue(HIBERNATE_SESSION_FACTORY_JNDI_NAME);
        String optionSingleValue2 = identityStoreConfigurationContext.getStoreConfigurationMetaData().getOptionSingleValue(HIBERNATE_SESSION_FACTORY_REGISTRY_NAME);
        String optionSingleValue3 = identityStoreConfigurationContext.getStoreConfigurationMetaData().getOptionSingleValue(ADD_HIBERNATE_MAPPINGS);
        String optionSingleValue4 = identityStoreConfigurationContext.getStoreConfigurationMetaData().getOptionSingleValue(HIBERNATE_CONFIGURATION);
        if (optionSingleValue != null) {
            try {
                return (SessionFactory) new InitialContext().lookup(optionSingleValue);
            } catch (NamingException e) {
                throw new IdentityException("Cannot obtain hibernate SessionFactory from provided JNDI name: " + optionSingleValue, e);
            }
        }
        if (optionSingleValue2 != null) {
            Object object = identityStoreConfigurationContext.getConfigurationRegistry().getObject(optionSingleValue2);
            if (object == null) {
                throw new IdentityException("Cannot obtain hibernate SessionFactory from provided registry name: " + optionSingleValue2);
            }
            if (object instanceof SessionFactory) {
                return (SessionFactory) object;
            }
            throw new IdentityException("Cannot obtain hibernate SessionFactory from provided registry name: " + optionSingleValue2 + "; Registered object is not an instance of SessionFactory: " + object.getClass().getName());
        }
        if (optionSingleValue4 == null) {
            throw new IdentityException("Cannot obtain hibernate SessionFactory. None of supported options specified: hibernateSessionFactoryJNDIName, hibernateSessionFactoryRegistryName, hibernateConfiguration");
        }
        try {
            Configuration configure = new Configuration().configure(optionSingleValue4);
            return (optionSingleValue3 == null || !optionSingleValue3.equals("false")) ? configure.addResource("mappings/HibernateIdentityObject.hbm.xml").addResource("mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml").addResource("mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml").addResource("mappings/HibernateIdentityObjectAttribute.hbm.xml").addResource("mappings/HibernateIdentityObjectCredential.hbm.xml").addResource("mappings/HibernateIdentityObjectCredentialType.hbm.xml").addResource("mappings/HibernateIdentityObjectRelationship.hbm.xml").addResource("mappings/HibernateIdentityObjectRelationshipName.hbm.xml").addResource("mappings/HibernateIdentityObjectRelationshipType.hbm.xml").addResource("mappings/HibernateIdentityObjectType.hbm.xml").addResource("mappings/HibernateRealm.hbm.xml").buildSessionFactory() : configure.buildSessionFactory();
        } catch (Exception e2) {
            throw new IdentityException("Cannot obtain hibernate SessionFactory using provided hibernate configuration: " + optionSingleValue4, e2);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStoreSessionFactory
    public IdentityStoreSession createIdentityStoreSession() throws IdentityException {
        try {
            return new HibernateIdentityStoreSessionImpl(this.sessionFactory);
        } catch (Exception e) {
            throw new IdentityException("Failed to obtain Hibernate SessionFactory", e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore, org.picketlink.idm.spi.store.AttributeStore
    public String getId() {
        return this.id;
    }

    public void setId(String str) {
        this.id = str;
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public FeaturesMetaData getSupportedFeatures() {
        return this.supportedFeatures;
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public IdentityObject createIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, String str, IdentityObjectType identityObjectType) throws IdentityException {
        return createIdentityObject(identityStoreInvocationContext, str, identityObjectType, null);
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public IdentityObject createIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, String str, IdentityObjectType identityObjectType, Map<String, String[]> map) throws IdentityException {
        if (str == null) {
            throw new IllegalArgumentException("IdentityObject name is null");
        }
        checkIOType(identityObjectType);
        org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
        HibernateRealm realm = getRealm(hibernateSession, identityStoreInvocationContext);
        if (((Integer) hibernateSession.createCriteria(HibernateIdentityObject.class).createAlias("identityType", "type").createAlias("realm", "rm").add(Restrictions.eq("name", str)).add(Restrictions.eq("rm.name", realm.getName())).add(Restrictions.eq("type.name", identityObjectType.getName())).setProjection(Projections.rowCount()).setCacheable(true).list().get(0)).intValue() != 0) {
            throw new IdentityException("IdentityObject already present in this IdentityStore:name=" + str + "; type=" + identityObjectType.getName() + "; realm=" + realm);
        }
        HibernateIdentityObject hibernateIdentityObject = new HibernateIdentityObject(str, getHibernateIdentityObjectType(identityStoreInvocationContext, identityObjectType), realm);
        if (map != null) {
            for (Map.Entry<String, String[]> entry : map.entrySet()) {
                hibernateIdentityObject.addTextAttribute(entry.getKey(), entry.getValue());
            }
        }
        try {
            getHibernateSession(identityStoreInvocationContext).persist(hibernateIdentityObject);
            return hibernateIdentityObject;
        } catch (Exception e) {
            throw new IdentityException("Cannot persist new IdentityObject" + hibernateIdentityObject, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void removeIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject) throws IdentityException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
        try {
            for (HibernateIdentityObjectRelationship hibernateIdentityObjectRelationship : (HibernateIdentityObjectRelationship[]) safeGet.getFromRelationships().toArray(new HibernateIdentityObjectRelationship[safeGet.getFromRelationships().size()])) {
                hibernateIdentityObjectRelationship.getFromIdentityObject().getFromRelationships().remove(hibernateIdentityObjectRelationship);
                hibernateIdentityObjectRelationship.getToIdentityObject().getToRelationships().remove(hibernateIdentityObjectRelationship);
                hibernateSession.delete(hibernateIdentityObjectRelationship);
                hibernateSession.flush();
            }
            for (HibernateIdentityObjectRelationship hibernateIdentityObjectRelationship2 : (HibernateIdentityObjectRelationship[]) safeGet.getToRelationships().toArray(new HibernateIdentityObjectRelationship[safeGet.getToRelationships().size()])) {
                hibernateIdentityObjectRelationship2.getFromIdentityObject().getFromRelationships().remove(hibernateIdentityObjectRelationship2);
                hibernateIdentityObjectRelationship2.getToIdentityObject().getToRelationships().remove(hibernateIdentityObjectRelationship2);
                hibernateSession.delete(hibernateIdentityObjectRelationship2);
                hibernateSession.flush();
            }
            hibernateSession.delete(safeGet);
            hibernateSession.flush();
        } catch (Exception e) {
            throw new IdentityException("Cannot remove IdentityObject" + identityObject, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public int getIdentityObjectsCount(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType) throws IdentityException {
        checkIOType(identityObjectType);
        try {
            return ((Number) getHibernateSession(identityStoreInvocationContext).createQuery(HibernateIdentityObject.countIdentityObjectsByType).setParameter("typeName", getHibernateIdentityObjectType(identityStoreInvocationContext, identityObjectType).getName()).setParameter("realmName", getRealmName(identityStoreInvocationContext)).setCacheable(true).uniqueResult()).intValue();
        } catch (Exception e) {
            throw new IdentityException("Cannot count stored IdentityObjects with type: " + identityObjectType.getName(), e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public IdentityObject findIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, String str, IdentityObjectType identityObjectType) throws IdentityException {
        if (str == null) {
            throw new IllegalArgumentException("IdentityObject name is null");
        }
        checkIOType(identityObjectType);
        try {
            return (HibernateIdentityObject) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObject.class).add(Restrictions.eq("name", str)).createAlias("realm", "rm").add(Restrictions.eq("rm.name", getRealmName(identityStoreInvocationContext))).createAlias("identityType", "type").add(Restrictions.eq("type.name", getHibernateIdentityObjectType(identityStoreInvocationContext, identityObjectType).getName())).setCacheable(true).uniqueResult();
        } catch (Exception e) {
            throw new IdentityException("Cannot find IdentityObject with name '" + str + "' and type '" + identityObjectType.getName() + "'", e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public IdentityObject findIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, String str) throws IdentityException {
        if (str == null) {
            throw new IllegalArgumentException("id is null");
        }
        try {
            return (HibernateIdentityObject) getHibernateSession(identityStoreInvocationContext).get(HibernateIdentityObject.class, new Long(str));
        } catch (Exception e) {
            throw new IdentityException("Cannot find IdentityObject with id: " + str, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Collection<IdentityObject> findIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType, IdentityObjectSearchCriteria identityObjectSearchCriteria) throws IdentityException {
        checkIOType(identityObjectType);
        try {
            Criteria add = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObject.class).setCacheable(true).createAlias("realm", "rm").add(Restrictions.eq("rm.name", getRealmName(identityStoreInvocationContext))).createAlias("identityType", "type").add(Restrictions.eq("type.name", getHibernateIdentityObjectType(identityStoreInvocationContext, identityObjectType).getName()));
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isSorted()) {
                if (identityObjectSearchCriteria.isAscending()) {
                    add.addOrder(Order.asc("name"));
                } else {
                    add.addOrder(Order.desc("name"));
                }
            }
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isPaged()) {
                if (identityObjectSearchCriteria.getMaxResults() > 0) {
                    add.setMaxResults(identityObjectSearchCriteria.getMaxResults());
                }
                add.setFirstResult(identityObjectSearchCriteria.getFirstResult());
            }
            if (identityObjectSearchCriteria == null || identityObjectSearchCriteria.getFilter() == null) {
                add.add(Restrictions.like("name", "%"));
            } else {
                add.add(Restrictions.like("name", identityObjectSearchCriteria.getFilter().replaceAll("\\*", "%")));
            }
            List list = add.list();
            Hibernate.initialize(list);
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isFiltered()) {
                filterByAttributesValues(list, identityObjectSearchCriteria.getValues());
            }
            return list;
        } catch (Exception e) {
            throw new IdentityException("Cannot find IdentityObjects with type '" + identityObjectType.getName() + "'", e);
        }
    }

    public Collection<IdentityObject> findIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType) throws IdentityException {
        return findIdentityObject(identityStoreInvocationContext, identityObjectType, (IdentityObjectSearchCriteria) null);
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Collection<IdentityObject> findIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectRelationshipType identityObjectRelationshipType, boolean z, IdentityObjectSearchCriteria identityObjectSearchCriteria) throws IdentityException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        boolean z2 = false;
        boolean z3 = true;
        if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isSorted()) {
            z2 = true;
            z3 = identityObjectSearchCriteria.isAscending();
        }
        try {
            StringBuilder sb = new StringBuilder("");
            if (z) {
                if (identityObjectRelationshipType != null) {
                    sb.append("select distinct ior.toIdentityObject from HibernateIdentityObjectRelationship ior where ior.toIdentityObject.name like :nameFilter and ior.type.name = :relType and ior.fromIdentityObject = :identity");
                } else {
                    sb.append("select distinct ior.toIdentityObject from HibernateIdentityObjectRelationship ior where ior.toIdentityObject.name like :nameFilter and ior.fromIdentityObject = :identity");
                }
                if (z2) {
                    sb.append(" orderBy ior.toIdentityObject.name");
                    if (z3) {
                        sb.append(" asc");
                    }
                }
            } else {
                if (identityObjectRelationshipType != null) {
                    sb.append("select distinct ior.fromIdentityObject from HibernateIdentityObjectRelationship ior where ior.fromIdentityObject.name like :nameFilter and ior.type.name = :relType and ior.toIdentityObject = :identity");
                } else {
                    sb.append("select distinct ior.fromIdentityObject from HibernateIdentityObjectRelationship ior where ior.fromIdentityObject.name like :nameFilter and ior.toIdentityObject = :identity");
                }
                if (z2) {
                    sb.append(" orderBy ior.toIdentityObject.name");
                    if (z3) {
                        sb.append(" asc");
                    }
                }
            }
            Query cacheable = getHibernateSession(identityStoreInvocationContext).createQuery(sb.toString()).setParameter("identity", safeGet).setCacheable(true);
            if (identityObjectRelationshipType != null) {
                cacheable.setParameter("relType", identityObjectRelationshipType.getName());
            }
            if (identityObjectSearchCriteria == null || identityObjectSearchCriteria.getFilter() == null) {
                cacheable.setParameter("nameFilter", "%");
            } else {
                cacheable.setParameter("nameFilter", identityObjectSearchCriteria.getFilter().replaceAll("\\*", "%"));
            }
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isPaged()) {
                cacheable.setFirstResult(identityObjectSearchCriteria.getFirstResult());
                if (identityObjectSearchCriteria.getMaxResults() > 0) {
                    cacheable.setMaxResults(identityObjectSearchCriteria.getMaxResults());
                }
            }
            cacheable.setCacheable(true);
            List list = cacheable.list();
            Hibernate.initialize(list);
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isFiltered()) {
                filterByAttributesValues(list, identityObjectSearchCriteria.getValues());
            }
            return list;
        } catch (Exception e) {
            throw new IdentityException("Cannot find IdentityObjects", e);
        }
    }

    public Collection<IdentityObject> findIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectRelationshipType identityObjectRelationshipType, boolean z) throws IdentityException {
        return findIdentityObject(identityStoreInvocationContext, identityObject, identityObjectRelationshipType, z, null);
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public IdentityObjectRelationship createRelationship(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObject identityObject2, IdentityObjectRelationshipType identityObjectRelationshipType, String str, boolean z) throws IdentityException {
        HibernateIdentityObjectRelationship hibernateIdentityObjectRelationship;
        if (identityObjectRelationshipType == null) {
            throw new IllegalArgumentException("RelationshipType is null");
        }
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        HibernateIdentityObject safeGet2 = safeGet(identityStoreInvocationContext, identityObject2);
        HibernateIdentityObjectRelationshipType hibernateIdentityObjectRelationshipType = getHibernateIdentityObjectRelationshipType(identityStoreInvocationContext, identityObjectRelationshipType);
        if (!getSupportedFeatures().isRelationshipTypeSupported(safeGet.getIdentityType(), safeGet2.getIdentityType(), identityObjectRelationshipType) && !isAllowNotDefinedIdentityObjectTypes()) {
            throw new IdentityException("Relationship not supported. RelationshipType[ " + identityObjectRelationshipType.getName() + " ] beetween: [ " + safeGet.getIdentityType().getName() + " ] and [ " + safeGet2.getIdentityType().getName() + " ]");
        }
        if (str != null) {
            HibernateIdentityObjectRelationshipName hibernateIdentityObjectRelationshipName = (HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).setCacheable(true).add(Restrictions.eq("name", str)).uniqueResult();
            if (hibernateIdentityObjectRelationshipName == null) {
                throw new IdentityException("Relationship name not present in the store");
            }
            hibernateIdentityObjectRelationship = new HibernateIdentityObjectRelationship(hibernateIdentityObjectRelationshipType, safeGet, safeGet2, hibernateIdentityObjectRelationshipName);
        } else {
            hibernateIdentityObjectRelationship = new HibernateIdentityObjectRelationship(hibernateIdentityObjectRelationshipType, safeGet, safeGet2);
        }
        try {
            org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
            hibernateSession.persist(hibernateIdentityObjectRelationship);
            hibernateSession.flush();
            return hibernateIdentityObjectRelationship;
        } catch (HibernateException e) {
            throw new IdentityException("Cannot create relationship: ", e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void removeRelationship(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObject identityObject2, IdentityObjectRelationshipType identityObjectRelationshipType, String str) throws IdentityException {
        Criteria cacheable;
        if (identityObjectRelationshipType == null) {
            throw new IllegalArgumentException("RelationshipType is null");
        }
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        HibernateIdentityObject safeGet2 = safeGet(identityStoreInvocationContext, identityObject2);
        HibernateIdentityObjectRelationshipType hibernateIdentityObjectRelationshipType = getHibernateIdentityObjectRelationshipType(identityStoreInvocationContext, identityObjectRelationshipType);
        if (str == null) {
            cacheable = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).createAlias("type", "t").add(Restrictions.eq("fromIdentityObject", safeGet)).add(Restrictions.eq("toIdentityObject", safeGet2)).add(Restrictions.eq("t.name", hibernateIdentityObjectRelationshipType.getName())).setCacheable(true);
        } else {
            if (((HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", str)).uniqueResult()) == null) {
                throw new IdentityException("Relationship name not present in the store");
            }
            cacheable = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).createAlias("type", "t").createAlias("name", "n").add(Restrictions.eq("fromIdentityObject", safeGet)).add(Restrictions.eq("toIdentityObject", safeGet2)).add(Restrictions.eq("t.name", hibernateIdentityObjectRelationshipType.getName())).add(Restrictions.eq("n.name", str)).setCacheable(true);
        }
        HibernateIdentityObjectRelationship hibernateIdentityObjectRelationship = (HibernateIdentityObjectRelationship) cacheable.uniqueResult();
        if (hibernateIdentityObjectRelationship == null) {
            throw new IdentityException("Relationship not present in the store");
        }
        try {
            safeGet.getFromRelationships().remove(hibernateIdentityObjectRelationship);
            safeGet2.getToRelationships().remove(hibernateIdentityObjectRelationship);
            getHibernateSession(identityStoreInvocationContext).delete(hibernateIdentityObjectRelationship);
            getHibernateSession(identityStoreInvocationContext).flush();
        } catch (HibernateException e) {
            throw new IdentityException("Cannot remove relationship");
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void removeRelationships(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObject identityObject2, boolean z) throws IdentityException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        HibernateIdentityObject safeGet2 = safeGet(identityStoreInvocationContext, identityObject2);
        List<HibernateIdentityObjectRelationship> list = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).setCacheable(true).add(Restrictions.or(Restrictions.and(Restrictions.eq("fromIdentityObject", safeGet), Restrictions.eq("toIdentityObject", safeGet2)), Restrictions.and(Restrictions.eq("fromIdentityObject", safeGet2), Restrictions.eq("toIdentityObject", safeGet)))).list();
        Hibernate.initialize(list);
        for (HibernateIdentityObjectRelationship hibernateIdentityObjectRelationship : list) {
            if ((z && hibernateIdentityObjectRelationship.getName() != null) || (!z && hibernateIdentityObjectRelationship.getName() == null)) {
                try {
                    hibernateIdentityObjectRelationship.getFromIdentityObject().getFromRelationships().remove(hibernateIdentityObjectRelationship);
                    hibernateIdentityObjectRelationship.getToIdentityObject().getToRelationships().remove(hibernateIdentityObjectRelationship);
                    getHibernateSession(identityStoreInvocationContext).delete(hibernateIdentityObjectRelationship);
                    getHibernateSession(identityStoreInvocationContext).flush();
                } catch (HibernateException e) {
                    throw new IdentityException("Cannot remove relationship");
                }
            }
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Set<IdentityObjectRelationship> resolveRelationships(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObject identityObject2, IdentityObjectRelationshipType identityObjectRelationshipType) throws IdentityException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        HibernateIdentityObject safeGet2 = safeGet(identityStoreInvocationContext, identityObject2);
        Criteria cacheable = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).setCacheable(true);
        if (identityObjectRelationshipType != null) {
            cacheable.createAlias("type", "t").add(Restrictions.eq("t.name", identityObjectRelationshipType.getName()));
        }
        cacheable.add(Restrictions.eq("fromIdentityObject", safeGet)).add(Restrictions.eq("toIdentityObject", safeGet2));
        List list = cacheable.list();
        Hibernate.initialize(list);
        return new HashSet(list);
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Set<IdentityObjectRelationship> resolveRelationships(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectRelationshipType identityObjectRelationshipType, boolean z, boolean z2, String str) throws IdentityException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        Criteria createCriteria = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class);
        createCriteria.setCacheable(true);
        if (identityObjectRelationshipType != null) {
            createCriteria.add(Restrictions.eq("type", getHibernateIdentityObjectRelationshipType(identityStoreInvocationContext, identityObjectRelationshipType)));
        }
        if (str != null) {
            createCriteria.add(Restrictions.eq("name.name", str));
        } else if (z2) {
            createCriteria.add(Restrictions.isNotNull("name"));
        } else {
            createCriteria.add(Restrictions.isNull("name"));
        }
        if (z) {
            createCriteria.add(Restrictions.eq("fromIdentityObject", safeGet));
        } else {
            createCriteria.add(Restrictions.eq("toIdentityObject", safeGet));
        }
        List list = createCriteria.list();
        Hibernate.initialize(list);
        return new HashSet(list);
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public String createRelationshipName(IdentityStoreInvocationContext identityStoreInvocationContext, String str) throws IdentityException, OperationNotSupportedException {
        if (str == null) {
            throw new IllegalArgumentException("name is null");
        }
        org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
        HibernateRealm realm = getRealm(hibernateSession, identityStoreInvocationContext);
        try {
            if (((HibernateIdentityObjectRelationshipName) hibernateSession.createQuery(HibernateIdentityObjectRelationshipName.findIdentityObjectRelationshipNameByName).setParameter("name", str).setParameter("realmName", realm.getName()).uniqueResult()) != null) {
                throw new IdentityException("Relationship name already exists");
            }
            getHibernateSession(identityStoreInvocationContext).persist(new HibernateIdentityObjectRelationshipName(str, realm));
            getHibernateSession(identityStoreInvocationContext).flush();
            return str;
        } catch (Exception e) {
            throw new IdentityException("Cannot create new relationship name: " + str, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public String removeRelationshipName(IdentityStoreInvocationContext identityStoreInvocationContext, String str) throws IdentityException, OperationNotSupportedException {
        if (str == null) {
            throw new IllegalArgumentException("name is null");
        }
        org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
        try {
            HibernateIdentityObjectRelationshipName hibernateIdentityObjectRelationshipName = (HibernateIdentityObjectRelationshipName) hibernateSession.createCriteria(HibernateIdentityObjectRelationshipName.class).createAlias("realm", "rm").add(Restrictions.eq("name", str)).add(Restrictions.eq("rm.name", getRealmName(identityStoreInvocationContext))).setCacheable(true).uniqueResult();
            if (hibernateIdentityObjectRelationshipName == null) {
                throw new IdentityException("Relationship name doesn't exist");
            }
            List list = hibernateSession.createCriteria(HibernateIdentityObjectRelationship.class).add(Restrictions.eq("name", hibernateIdentityObjectRelationshipName)).setCacheable(true).list();
            Hibernate.initialize(list);
            Iterator it = list.iterator();
            while (it.hasNext()) {
                getHibernateSession(identityStoreInvocationContext).delete((HibernateIdentityObjectRelationship) it.next());
            }
            getHibernateSession(identityStoreInvocationContext).delete(hibernateIdentityObjectRelationshipName);
            getHibernateSession(identityStoreInvocationContext).flush();
            return str;
        } catch (Exception e) {
            throw new IdentityException("Cannot remove new relationship name: " + str, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Set<String> getRelationshipNames(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectSearchCriteria identityObjectSearchCriteria) throws IdentityException, OperationNotSupportedException {
        try {
            Criteria projection = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).setCacheable(true).createAlias("realm", "r").setProjection(Projections.property("name"));
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isSorted()) {
                if (identityObjectSearchCriteria.isAscending()) {
                    projection.addOrder(Order.asc("name"));
                } else {
                    projection.addOrder(Order.desc("name"));
                }
            }
            projection.add(Restrictions.eq("r.name", getRealmName(identityStoreInvocationContext)));
            if (identityObjectSearchCriteria == null || identityObjectSearchCriteria.getFilter() == null) {
                projection.add(Restrictions.like("name", "%"));
            } else {
                projection.add(Restrictions.like("name", identityObjectSearchCriteria.getFilter().replaceAll("\\*", "%")));
            }
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isPaged()) {
                projection.setFirstResult(identityObjectSearchCriteria.getMaxResults());
                if (identityObjectSearchCriteria.getFirstResult() > 0) {
                    projection.setMaxResults(identityObjectSearchCriteria.getMaxResults());
                }
            }
            List list = projection.list();
            Hibernate.initialize(list);
            return new HashSet(list);
        } catch (Exception e) {
            throw new IdentityException("Cannot get relationship names. ", e);
        }
    }

    public Set<String> getRelationshipNames(IdentityStoreInvocationContext identityStoreInvocationContext) throws IdentityException, OperationNotSupportedException {
        return getRelationshipNames(identityStoreInvocationContext, (IdentityObjectSearchCriteria) null);
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Set<String> getRelationshipNames(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectSearchCriteria identityObjectSearchCriteria) throws IdentityException, OperationNotSupportedException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        try {
            Criteria projection = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).setCacheable(true).createAlias("name", "n").setProjection(Projections.property("n.name"));
            if (identityObjectSearchCriteria != null) {
                if (identityObjectSearchCriteria.isAscending()) {
                    projection.addOrder(Order.asc("n.name"));
                } else {
                    projection.addOrder(Order.desc("n.name"));
                }
            }
            projection.add(Restrictions.or(Restrictions.eq("fromIdentityObject", safeGet), Restrictions.eq("toIdentityObject", safeGet)));
            if (identityObjectSearchCriteria != null && identityObjectSearchCriteria.isPaged()) {
                projection.setFirstResult(identityObjectSearchCriteria.getFirstResult());
                if (identityObjectSearchCriteria.getMaxResults() > 0) {
                    projection.setMaxResults(identityObjectSearchCriteria.getMaxResults());
                }
            }
            List list = projection.list();
            Hibernate.initialize(list);
            return new HashSet(list);
        } catch (Exception e) {
            throw new IdentityException("Cannot get relationship names. ", e);
        }
    }

    public Set<String> getRelationshipNames(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject) throws IdentityException, OperationNotSupportedException {
        return getRelationshipNames(identityStoreInvocationContext, identityObject, null);
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Map<String, String> getRelationshipNameProperties(IdentityStoreInvocationContext identityStoreInvocationContext, String str) throws IdentityException, OperationNotSupportedException {
        if (str == null) {
            throw new IllegalArgumentException("name is null");
        }
        try {
            HibernateIdentityObjectRelationshipName hibernateIdentityObjectRelationshipName = (HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).setCacheable(true).createAlias("realm", "r").add(Restrictions.eq("name", str)).add(Restrictions.eq("r.name", getRealmName(identityStoreInvocationContext))).uniqueResult();
            if (hibernateIdentityObjectRelationshipName == null) {
                throw new IdentityException("Relationship name doesn't exist");
            }
            Hibernate.initialize(hibernateIdentityObjectRelationshipName.getProperties());
            return new HashMap(hibernateIdentityObjectRelationshipName.getProperties());
        } catch (Exception e) {
            throw new IdentityException("Cannot get relationship name properties: " + str, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void setRelationshipNameProperties(IdentityStoreInvocationContext identityStoreInvocationContext, String str, Map<String, String> map) throws IdentityException, OperationNotSupportedException {
        if (str == null) {
            throw new IllegalArgumentException("name is null");
        }
        try {
            HibernateIdentityObjectRelationshipName hibernateIdentityObjectRelationshipName = (HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).setCacheable(true).createAlias("realm", "r").add(Restrictions.eq("name", str)).add(Restrictions.eq("r.name", getRealmName(identityStoreInvocationContext))).uniqueResult();
            if (hibernateIdentityObjectRelationshipName == null) {
                throw new IdentityException("Relationship name doesn't exist");
            }
            hibernateIdentityObjectRelationshipName.getProperties().putAll(map);
        } catch (Exception e) {
            throw new IdentityException("Cannot set relationship name properties: " + str, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void removeRelationshipNameProperties(IdentityStoreInvocationContext identityStoreInvocationContext, String str, Set<String> set) throws IdentityException, OperationNotSupportedException {
        if (str == null) {
            throw new IllegalArgumentException("name is null");
        }
        try {
            HibernateIdentityObjectRelationshipName hibernateIdentityObjectRelationshipName = (HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).setCacheable(true).createAlias("realm", "r").add(Restrictions.eq("name", str)).add(Restrictions.eq("r.name", getRealmName(identityStoreInvocationContext))).uniqueResult();
            if (hibernateIdentityObjectRelationshipName == null) {
                throw new IdentityException("Relationship name doesn't exist");
            }
            Hibernate.initialize(hibernateIdentityObjectRelationshipName.getProperties());
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                hibernateIdentityObjectRelationshipName.getProperties().remove(it.next());
            }
        } catch (Exception e) {
            throw new IdentityException("Cannot remove relationship name properties: " + str, e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public Map<String, String> getRelationshipProperties(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectRelationship identityObjectRelationship) throws IdentityException, OperationNotSupportedException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObjectRelationship.getFromIdentityObject());
        HibernateIdentityObject safeGet2 = safeGet(identityStoreInvocationContext, identityObjectRelationship.getToIdentityObject());
        Criteria add = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).setCacheable(true).createAlias("type", "t").add(Restrictions.eq("t.name", getHibernateIdentityObjectRelationshipType(identityStoreInvocationContext, identityObjectRelationship.getType()).getName())).add(Restrictions.eq("fromIdentityObject", safeGet)).add(Restrictions.eq("toIdentityObject", safeGet2));
        if (identityObjectRelationship.getName() != null) {
            if (((HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", identityObjectRelationship.getName())).setCacheable(true).uniqueResult()) == null) {
                throw new IdentityException("Relationship name not present in the store");
            }
            add.createAlias("name", "n").add(Restrictions.eq("n.name", identityObjectRelationship.getName()));
        }
        try {
            HibernateIdentityObjectRelationship hibernateIdentityObjectRelationship = (HibernateIdentityObjectRelationship) add.uniqueResult();
            Hibernate.initialize(hibernateIdentityObjectRelationship.getProperties());
            return new HashMap(hibernateIdentityObjectRelationship.getProperties());
        } catch (HibernateException e) {
            throw new IdentityException("Cannot obtain relationship properties: ", e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void setRelationshipProperties(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectRelationship identityObjectRelationship, Map<String, String> map) throws IdentityException, OperationNotSupportedException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObjectRelationship.getFromIdentityObject());
        HibernateIdentityObject safeGet2 = safeGet(identityStoreInvocationContext, identityObjectRelationship.getToIdentityObject());
        Criteria add = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).setCacheable(true).createAlias("type", "t").add(Restrictions.eq("t.name", getHibernateIdentityObjectRelationshipType(identityStoreInvocationContext, identityObjectRelationship.getType()).getName())).add(Restrictions.eq("fromIdentityObject", safeGet)).add(Restrictions.eq("toIdentityObject", safeGet2));
        if (identityObjectRelationship.getName() != null) {
            if (((HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", identityObjectRelationship.getName())).setCacheable(true).uniqueResult()) == null) {
                throw new IdentityException("Relationship name not present in the store");
            }
            add.createAlias("name", "n").add(Restrictions.eq("n.name", identityObjectRelationship.getName()));
        }
        try {
            ((HibernateIdentityObjectRelationship) add.uniqueResult()).getProperties().putAll(map);
        } catch (HibernateException e) {
            throw new IdentityException("Cannot update relationship properties: ", e);
        }
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void removeRelationshipProperties(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectRelationship identityObjectRelationship, Set<String> set) throws IdentityException, OperationNotSupportedException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObjectRelationship.getFromIdentityObject());
        HibernateIdentityObject safeGet2 = safeGet(identityStoreInvocationContext, identityObjectRelationship.getToIdentityObject());
        Criteria add = getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationship.class).setCacheable(true).createAlias("type", "t").add(Restrictions.eq("t.name", getHibernateIdentityObjectRelationshipType(identityStoreInvocationContext, identityObjectRelationship.getType()).getName())).add(Restrictions.eq("fromIdentityObject", safeGet)).add(Restrictions.eq("toIdentityObject", safeGet2));
        if (identityObjectRelationship.getName() == null) {
            if (((HibernateIdentityObjectRelationshipName) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipName.class).add(Restrictions.eq("name", identityObjectRelationship.getName())).setCacheable(true).uniqueResult()) == null) {
                throw new IdentityException("Relationship name not present in the store");
            }
            add.createAlias("name", "n").add(Restrictions.eq("n.name", identityObjectRelationship.getName()));
        }
        try {
            HibernateIdentityObjectRelationship hibernateIdentityObjectRelationship = (HibernateIdentityObjectRelationship) add.uniqueResult();
            Hibernate.initialize(hibernateIdentityObjectRelationship.getProperties());
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                hibernateIdentityObjectRelationship.getProperties().remove(it.next());
            }
        } catch (HibernateException e) {
            throw new IdentityException("Cannot update relationship properties: ", e);
        }
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public Set<String> getSupportedAttributeNames(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType) throws IdentityException {
        checkIOType(identityObjectType);
        return this.attributeMappings.containsKey(identityObjectType.getName()) ? this.attributeMappings.get(identityObjectType.getName()) : new HashSet();
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public IdentityObjectAttribute getAttribute(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, String str) throws IdentityException {
        Set<HibernateIdentityObjectAttribute> attributes = safeGet(identityStoreInvocationContext, identityObject).getAttributes();
        Hibernate.initialize(attributes);
        for (HibernateIdentityObjectAttribute hibernateIdentityObjectAttribute : attributes) {
            if (resolveAttributeNameFromStoreMapping(identityObject.getIdentityType(), str) != null) {
                return hibernateIdentityObjectAttribute;
            }
        }
        return null;
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public Map<String, IdentityObjectAttribute> getAttributes(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject) throws IdentityException {
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        HashMap hashMap = new HashMap();
        if (safeGet == null) {
            return hashMap;
        }
        Set<HibernateIdentityObjectAttribute> attributes = safeGet.getAttributes();
        Hibernate.initialize(attributes);
        for (HibernateIdentityObjectAttribute hibernateIdentityObjectAttribute : attributes) {
            String resolveAttributeNameFromStoreMapping = resolveAttributeNameFromStoreMapping(identityObject.getIdentityType(), hibernateIdentityObjectAttribute.getName());
            if (resolveAttributeNameFromStoreMapping != null) {
                hashMap.put(resolveAttributeNameFromStoreMapping, hibernateIdentityObjectAttribute);
            }
        }
        return hashMap;
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public Map<String, IdentityObjectAttributeMetaData> getAttributesMetaData(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType) {
        return this.attributesMetaData.get(identityObjectType.getName());
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public void updateAttributes(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectAttribute[] identityObjectAttributeArr) throws IdentityException {
        IdentityObject findIdentityObjectByUniqueAttribute;
        if (identityObjectAttributeArr == null) {
            throw new IllegalArgumentException("attributes are null");
        }
        HashMap hashMap = new HashMap();
        Map<String, IdentityObjectAttributeMetaData> map = this.attributesMetaData.get(identityObject.getIdentityType().getName());
        for (IdentityObjectAttribute identityObjectAttribute : identityObjectAttributeArr) {
            hashMap.put(resolveAttributeStoreMapping(identityObject.getIdentityType(), identityObjectAttribute.getName()), identityObjectAttribute);
            if ((map == null || !map.containsKey(identityObjectAttribute.getName())) && !this.isAllowNotDefinedAttributes) {
                throw new IdentityException("Cannot add not defined attribute. Use 'allowNotDefinedAttributes' option if needed. Attribute name: " + identityObjectAttribute.getName());
            }
            if (map != null && map.containsKey(identityObjectAttribute.getName())) {
                IdentityObjectAttributeMetaData identityObjectAttributeMetaData = map.get(identityObjectAttribute.getName());
                if (!identityObjectAttributeMetaData.isMultivalued() && identityObjectAttribute.getSize() > 1) {
                    throw new IdentityException("Cannot assigned multiply values to single valued attribute: " + identityObjectAttribute.getName());
                }
                if (identityObjectAttributeMetaData.isReadonly()) {
                    throw new IdentityException("Cannot update readonly attribute: " + identityObjectAttribute.getName());
                }
                if (identityObjectAttributeMetaData.isUnique() && (findIdentityObjectByUniqueAttribute = findIdentityObjectByUniqueAttribute(identityStoreInvocationContext, identityObject.getIdentityType(), identityObjectAttribute)) != null && !findIdentityObjectByUniqueAttribute.getName().equals(identityObject.getName())) {
                    throw new IdentityException("Unique attribute '" + identityObjectAttribute.getName() + " value already set for identityObject: " + findIdentityObjectByUniqueAttribute);
                }
                String type = identityObjectAttributeMetaData.getType();
                for (Object obj : identityObjectAttribute.getValues()) {
                    if (type.equals("text") && !(obj instanceof String)) {
                        throw new IdentityException("Cannot update text type attribute with not String type value: " + identityObjectAttribute.getName() + " / " + obj);
                    }
                    if (type.equals("binary") && !(obj instanceof byte[])) {
                        throw new IdentityException("Cannot update binary type attribute with not byte[] type value: " + identityObjectAttribute.getName() + " / " + obj);
                    }
                }
                if (type.equals("binary") && identityObjectAttribute.getValues().size() > 1) {
                    throw new IdentityException("Cannot add binary type attribute with more than one value - this implementationsupport only single value binary attributes: " + identityObjectAttribute.getName());
                }
            }
        }
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        Hibernate.initialize(safeGet.getAttributes());
        for (String str : hashMap.keySet()) {
            IdentityObjectAttribute identityObjectAttribute2 = (IdentityObjectAttribute) hashMap.get(str);
            IdentityObjectAttributeMetaData identityObjectAttributeMetaData2 = map != null ? map.get(identityObjectAttribute2.getName()) : null;
            String type2 = identityObjectAttributeMetaData2 != null ? identityObjectAttributeMetaData2.getType() : "text";
            boolean z = false;
            Iterator<HibernateIdentityObjectAttribute> it = safeGet.getAttributes().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                HibernateIdentityObjectAttribute next = it.next();
                if (next.getName().equals(str)) {
                    z = true;
                    if (next.getType().equals("text")) {
                        if (!type2.equals("text")) {
                            throw new IdentityException("Wrong attribute mapping. Attribute persisted as text is mapped with: " + type2 + ". Attribute name: " + str);
                        }
                        HashSet hashSet = new HashSet();
                        Iterator it2 = identityObjectAttribute2.getValues().iterator();
                        while (it2.hasNext()) {
                            hashSet.add(it2.next().toString());
                        }
                        next.setTextValues(hashSet);
                    } else {
                        if (!next.equals("binary")) {
                            throw new IdentityException("Internal identity store error");
                        }
                        if (!type2.equals("binary")) {
                            throw new IdentityException("Wrong attribute mapping. Attribute persisted as binary is mapped with: " + type2 + ". Attribute name: " + str);
                        }
                        HibernateIdentityObjectAttributeBinaryValue hibernateIdentityObjectAttributeBinaryValue = new HibernateIdentityObjectAttributeBinaryValue((byte[]) identityObjectAttribute2.getValue());
                        getHibernateSession(identityStoreInvocationContext).persist(hibernateIdentityObjectAttributeBinaryValue);
                        next.setBinaryValue(hibernateIdentityObjectAttributeBinaryValue);
                    }
                }
            }
            if (!z && identityObjectAttribute2.getValues() != null && identityObjectAttribute2.getValues().size() > 0) {
                HibernateIdentityObjectAttribute hibernateIdentityObjectAttribute = new HibernateIdentityObjectAttribute(safeGet, str, type2);
                if (type2.equals("text")) {
                    hibernateIdentityObjectAttribute.setTextValues(identityObjectAttribute2.getValues());
                } else if (type2.equals("binary")) {
                    HibernateIdentityObjectAttributeBinaryValue hibernateIdentityObjectAttributeBinaryValue2 = new HibernateIdentityObjectAttributeBinaryValue((byte[]) identityObjectAttribute2.getValue());
                    getHibernateSession(identityStoreInvocationContext).persist(hibernateIdentityObjectAttributeBinaryValue2);
                    hibernateIdentityObjectAttribute.setBinaryValue(hibernateIdentityObjectAttributeBinaryValue2);
                }
                safeGet.addAttribute(hibernateIdentityObjectAttribute);
            }
        }
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public void addAttributes(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectAttribute[] identityObjectAttributeArr) throws IdentityException {
        IdentityObject findIdentityObjectByUniqueAttribute;
        if (identityObjectAttributeArr == null) {
            throw new IllegalArgumentException("attributes are null");
        }
        HashMap hashMap = new HashMap();
        Map<String, IdentityObjectAttributeMetaData> map = this.attributesMetaData.get(identityObject.getIdentityType().getName());
        getHibernateSession(identityStoreInvocationContext);
        for (IdentityObjectAttribute identityObjectAttribute : identityObjectAttributeArr) {
            hashMap.put(resolveAttributeStoreMapping(identityObject.getIdentityType(), identityObjectAttribute.getName()), identityObjectAttribute);
            if ((map == null || !map.containsKey(identityObjectAttribute.getName())) && !this.isAllowNotDefinedAttributes) {
                throw new IdentityException("Cannot add not defined attribute. Use 'allowNotDefinedAttributes' option if needed. Attribute name: " + identityObjectAttribute.getName());
            }
            IdentityObjectAttributeMetaData identityObjectAttributeMetaData = map != null ? map.get(identityObjectAttribute.getName()) : null;
            if (identityObjectAttributeMetaData != null) {
                if (!identityObjectAttributeMetaData.isMultivalued() && identityObjectAttribute.getSize() > 1) {
                    throw new IdentityException("Cannot add multiply values to single valued attribute: " + identityObjectAttribute.getName());
                }
                if (identityObjectAttributeMetaData.isReadonly()) {
                    throw new IdentityException("Cannot add readonly attribute: " + identityObjectAttribute.getName());
                }
                if (identityObjectAttributeMetaData.isUnique() && (findIdentityObjectByUniqueAttribute = findIdentityObjectByUniqueAttribute(identityStoreInvocationContext, identityObject.getIdentityType(), identityObjectAttribute)) != null && !findIdentityObjectByUniqueAttribute.getName().equals(identityObject.getName())) {
                    throw new IdentityException("Unique attribute '" + identityObjectAttribute.getName() + " value already set for identityObject: " + findIdentityObjectByUniqueAttribute);
                }
                String type = identityObjectAttributeMetaData.getType();
                for (Object obj : identityObjectAttribute.getValues()) {
                    if (type.equals("text") && !(obj instanceof String)) {
                        throw new IdentityException("Cannot add text type attribute with not String type value: " + identityObjectAttribute.getName() + " / " + obj);
                    }
                    if (type.equals("binary") && !(obj instanceof byte[])) {
                        throw new IdentityException("Cannot add binary type attribute with not byte[] type value: " + identityObjectAttribute.getName() + " / " + obj);
                    }
                }
                if (type.equals("binary") && identityObjectAttribute.getValues().size() > 1) {
                    throw new IdentityException("Cannot add binary type attribute with more than one value - this implementationsupport only single value binary attributes: " + identityObjectAttribute.getName());
                }
            }
        }
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        Hibernate.initialize(safeGet.getAttributes());
        for (String str : hashMap.keySet()) {
            IdentityObjectAttribute identityObjectAttribute2 = (IdentityObjectAttribute) hashMap.get(str);
            IdentityObjectAttributeMetaData identityObjectAttributeMetaData2 = map != null ? map.get(identityObjectAttribute2.getName()) : null;
            String type2 = identityObjectAttributeMetaData2 != null ? identityObjectAttributeMetaData2.getType() : "text";
            HibernateIdentityObjectAttribute hibernateIdentityObjectAttribute = null;
            Iterator<HibernateIdentityObjectAttribute> it = safeGet.getAttributes().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                HibernateIdentityObjectAttribute next = it.next();
                if (next.getName().equals(str)) {
                    hibernateIdentityObjectAttribute = next;
                    break;
                }
            }
            if (hibernateIdentityObjectAttribute != null) {
                if (hibernateIdentityObjectAttribute.getType().equals("text")) {
                    if (!type2.equals("text")) {
                        throw new IdentityException("Wrong attribute mapping. Attribute persisted as text is mapped with: " + type2 + ". Attribute name: " + str);
                    }
                    HashSet hashSet = new HashSet(hibernateIdentityObjectAttribute.getValues());
                    Iterator it2 = identityObjectAttribute2.getValues().iterator();
                    while (it2.hasNext()) {
                        hashSet.add(it2.next().toString());
                    }
                    hibernateIdentityObjectAttribute.setTextValues(hashSet);
                    return;
                }
                if (!hibernateIdentityObjectAttribute.getType().equals("binary")) {
                    throw new IdentityException("Internal identity store error");
                }
                if (!type2.equals("binary")) {
                    throw new IdentityException("Wrong attribute mapping. Attribute persisted as binary is mapped with: " + type2 + ". Attribute name: " + str);
                }
                HibernateIdentityObjectAttributeBinaryValue hibernateIdentityObjectAttributeBinaryValue = new HibernateIdentityObjectAttributeBinaryValue((byte[]) identityObjectAttribute2.getValue());
                getHibernateSession(identityStoreInvocationContext).persist(hibernateIdentityObjectAttributeBinaryValue);
                hibernateIdentityObjectAttribute.setBinaryValue(hibernateIdentityObjectAttributeBinaryValue);
                return;
            }
            if (type2.equals("text")) {
                HashSet hashSet2 = new HashSet();
                Iterator it3 = identityObjectAttribute2.getValues().iterator();
                while (it3.hasNext()) {
                    hashSet2.add(it3.next().toString());
                }
                hibernateIdentityObjectAttribute = new HibernateIdentityObjectAttribute(safeGet, str, "text");
                hibernateIdentityObjectAttribute.setTextValues(hashSet2);
            } else if (type2.equals("binary")) {
                HashSet hashSet3 = new HashSet();
                Iterator it4 = identityObjectAttribute2.getValues().iterator();
                while (it4.hasNext()) {
                    hashSet3.add((byte[]) it4.next());
                }
                hibernateIdentityObjectAttribute = new HibernateIdentityObjectAttribute(safeGet, str, "binary");
                HibernateIdentityObjectAttributeBinaryValue hibernateIdentityObjectAttributeBinaryValue2 = new HibernateIdentityObjectAttributeBinaryValue((byte[]) identityObjectAttribute2.getValue());
                getHibernateSession(identityStoreInvocationContext).persist(hibernateIdentityObjectAttributeBinaryValue2);
                hibernateIdentityObjectAttribute.setBinaryValue(hibernateIdentityObjectAttributeBinaryValue2);
            }
            safeGet.addAttribute(hibernateIdentityObjectAttribute);
        }
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public void removeAttributes(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, String[] strArr) throws IdentityException {
        if (strArr == null) {
            throw new IllegalArgumentException("attributes are null");
        }
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = resolveAttributeStoreMapping(identityObject.getIdentityType(), strArr[i]);
            Map<String, IdentityObjectAttributeMetaData> map = this.attributesMetaData.get(identityObject.getIdentityType().getName());
            if (map != null) {
                IdentityObjectAttributeMetaData identityObjectAttributeMetaData = map.get(strArr[i]);
                if (identityObjectAttributeMetaData != null && identityObjectAttributeMetaData.isRequired()) {
                    throw new IdentityException("Cannot remove required attribute: " + strArr[i]);
                }
            } else if (!this.isAllowNotDefinedAttributes) {
                throw new IdentityException("Cannot remove not defined attribute. Use 'allowNotDefinedAttributes' option if needed. Attribute name: " + strArr[i]);
            }
        }
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        Hibernate.initialize(safeGet.getAttributes());
        for (String str : strArr2) {
            safeGet.removeAttribute(str);
        }
    }

    @Override // org.picketlink.idm.spi.store.AttributeStore
    public IdentityObject findIdentityObjectByUniqueAttribute(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType, IdentityObjectAttribute identityObjectAttribute) throws IdentityException {
        if (identityObjectAttribute == null) {
            throw new IllegalArgumentException("attribute is null");
        }
        checkIOType(identityObjectType);
        String resolveAttributeStoreMapping = resolveAttributeStoreMapping(identityObjectType, identityObjectAttribute.getName());
        HibernateIdentityObjectType hibernateIdentityObjectType = getHibernateIdentityObjectType(identityStoreInvocationContext, identityObjectType);
        org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
        if (identityObjectAttribute.getValues() == null || identityObjectAttribute.getValues().size() == 0) {
            return null;
        }
        boolean z = identityObjectAttribute.getValue() instanceof byte[] ? false : true;
        StringBuffer stringBuffer = new StringBuffer("select a from HibernateIdentityObjectAttribute a where a.identityObject.identityType = :identityType and a.name = :attributeName");
        if (z) {
            for (int i = 0; i < identityObjectAttribute.getValues().size(); i++) {
                stringBuffer.append(" and").append(" :value" + i).append(" = any elements(a.textValues)");
            }
        } else {
            stringBuffer.append(" and :value = a.binaryValue");
        }
        Query createQuery = hibernateSession.createQuery(stringBuffer.toString());
        createQuery.setParameter("identityType", hibernateIdentityObjectType).setParameter("attributeName", resolveAttributeStoreMapping);
        if (z) {
            int i2 = 0;
            Iterator it = identityObjectAttribute.getValues().iterator();
            while (it.hasNext()) {
                createQuery.setParameter("value" + i2, it.next().toString());
                i2++;
            }
        } else {
            createQuery.setParameter("value", identityObjectAttribute.getValue());
        }
        List list = createQuery.list();
        if (list.size() == 0) {
            return null;
        }
        if (list.size() > 1) {
            throw new IdentityException("Illegal state - more than one IdentityObject with the same unique attribute value: " + identityObjectAttribute);
        }
        return ((HibernateIdentityObjectAttribute) list.get(0)).getIdentityObject();
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public boolean validateCredential(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectCredential identityObjectCredential) throws IdentityException {
        if (identityObjectCredential == null) {
            throw new IllegalArgumentException();
        }
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        if (!this.supportedFeatures.isCredentialSupported(safeGet.getIdentityType(), identityObjectCredential.getType())) {
            throw new IdentityException("CredentialType not supported for a given IdentityObjectType");
        }
        HibernateIdentityObjectCredential hibernateIdentityObjectCredential = (HibernateIdentityObjectCredential) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectCredential.class).createAlias("type", "t").add(Restrictions.eq("t.name", identityObjectCredential.getType().getName())).add(Restrictions.eq("identityObject", safeGet)).setCacheable(true).uniqueResult();
        if (hibernateIdentityObjectCredential == null) {
            return false;
        }
        Object encodedValue = identityObjectCredential.getEncodedValue() != null ? identityObjectCredential.getEncodedValue() : identityObjectCredential.getValue();
        if ((encodedValue instanceof String) && hibernateIdentityObjectCredential.getTextValue() != null) {
            return encodedValue.toString().equals(hibernateIdentityObjectCredential.getTextValue());
        }
        if (!(encodedValue instanceof byte[]) || hibernateIdentityObjectCredential.getBinaryValue() == null) {
            throw new IdentityException("Not supported credential value: " + encodedValue.getClass());
        }
        return Arrays.equals((byte[]) encodedValue, hibernateIdentityObjectCredential.getBinaryValue().getValue());
    }

    @Override // org.picketlink.idm.spi.store.IdentityStore
    public void updateCredential(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject, IdentityObjectCredential identityObjectCredential) throws IdentityException {
        if (identityObjectCredential == null) {
            throw new IllegalArgumentException();
        }
        HibernateIdentityObject safeGet = safeGet(identityStoreInvocationContext, identityObject);
        org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
        if (!this.supportedFeatures.isCredentialSupported(safeGet.getIdentityType(), identityObjectCredential.getType())) {
            throw new IdentityException("CredentialType not supported for a given IdentityObjectType");
        }
        HibernateIdentityObjectCredentialType hibernateIdentityObjectCredentialType = getHibernateIdentityObjectCredentialType(identityStoreInvocationContext, identityObjectCredential.getType());
        if (hibernateIdentityObjectCredentialType == null) {
            throw new IllegalStateException("Credential type not present in this store: " + identityObjectCredential.getType().getName());
        }
        HibernateIdentityObjectCredential credential = safeGet.getCredential(identityObjectCredential.getType());
        if (credential == null) {
            credential = new HibernateIdentityObjectCredential();
            credential.setType(hibernateIdentityObjectCredentialType);
            safeGet.addCredential(credential);
        }
        Object encodedValue = identityObjectCredential.getEncodedValue() != null ? identityObjectCredential.getEncodedValue() : identityObjectCredential.getValue();
        if (encodedValue instanceof String) {
            credential.setTextValue(encodedValue.toString());
        } else {
            if (!(encodedValue instanceof byte[])) {
                throw new IdentityException("Not supported credential value: " + encodedValue.getClass());
            }
            HibernateIdentityObjectCredentialBinaryValue hibernateIdentityObjectCredentialBinaryValue = new HibernateIdentityObjectCredentialBinaryValue((byte[]) encodedValue);
            getHibernateSession(identityStoreInvocationContext).persist(hibernateIdentityObjectCredentialBinaryValue);
            credential.setBinaryValue(hibernateIdentityObjectCredentialBinaryValue);
        }
        hibernateSession.persist(credential);
        safeGet.addCredential(credential);
        hibernateSession.flush();
    }

    public void addIdentityObjectType(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType) throws IdentityException {
        getHibernateSession(identityStoreInvocationContext).persist(new HibernateIdentityObjectType(identityObjectType));
        getHibernateSession(identityStoreInvocationContext).flush();
    }

    public void addIdentityObjectRelationshipType(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectRelationshipType identityObjectRelationshipType) throws IdentityException {
        getHibernateSession(identityStoreInvocationContext).persist(new HibernateIdentityObjectRelationshipType(identityObjectRelationshipType));
        getHibernateSession(identityStoreInvocationContext).flush();
    }

    protected org.hibernate.Session getHibernateSession(IdentityStoreInvocationContext identityStoreInvocationContext) throws IdentityException {
        try {
            return (org.hibernate.Session) identityStoreInvocationContext.getIdentityStoreSession().getSessionContext();
        } catch (Exception e) {
            throw new IdentityException("Cannot obtain Hibernate Session", e);
        }
    }

    private void checkIOInstance(IdentityObject identityObject) {
        if (identityObject == null) {
            throw new IllegalArgumentException("IdentityObject is null");
        }
    }

    private HibernateIdentityObject safeGet(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject) throws IdentityException {
        checkIOInstance(identityObject);
        return identityObject instanceof HibernateIdentityObject ? (HibernateIdentityObject) identityObject : getHibernateIdentityObject(identityStoreInvocationContext, identityObject);
    }

    private void checkIOType(IdentityObjectType identityObjectType) throws IdentityException {
        if (identityObjectType == null) {
            throw new IllegalArgumentException("IdentityObjectType is null");
        }
        if (!getSupportedFeatures().isIdentityObjectTypeSupported(identityObjectType) && !isAllowNotDefinedIdentityObjectTypes()) {
            throw new IdentityException("IdentityType not supported by this IdentityStore implementation: " + identityObjectType);
        }
    }

    private HibernateIdentityObjectType getHibernateIdentityObjectType(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectType identityObjectType) throws IdentityException {
        checkIOType(identityObjectType);
        org.hibernate.Session hibernateSession = getHibernateSession(identityStoreInvocationContext);
        try {
            Criteria cacheable = hibernateSession.createCriteria(HibernateIdentityObjectType.class).add(Restrictions.eq("name", identityObjectType.getName())).setCacheable(true);
            HibernateIdentityObjectType hibernateIdentityObjectType = (HibernateIdentityObjectType) cacheable.uniqueResult();
            if (hibernateIdentityObjectType == null) {
                if (isAllowNotDefinedIdentityObjectTypes()) {
                    populateObjectTypes(hibernateSession, new String[]{identityObjectType.getName()});
                }
                hibernateIdentityObjectType = (HibernateIdentityObjectType) cacheable.uniqueResult();
            }
            if (hibernateIdentityObjectType == null) {
                throw new IdentityException("IdentityObjectType[" + identityObjectType.getName() + "] not present in the store.");
            }
            return hibernateIdentityObjectType;
        } catch (Exception e) {
            throw new IdentityException("IdentityObjectType[" + identityObjectType.getName() + "] not present in the store.", e);
        }
    }

    private HibernateIdentityObject getHibernateIdentityObject(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObject identityObject) throws IdentityException {
        try {
            return (HibernateIdentityObject) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObject.class).add(Restrictions.eq("name", identityObject.getName())).createAlias("identityType", "type").add(Restrictions.eq("type.name", identityObject.getIdentityType().getName())).createAlias("realm", "rm").add(Restrictions.eq("rm.name", getRealmName(identityStoreInvocationContext))).setCacheable(true).uniqueResult();
        } catch (Exception e) {
            throw new IdentityException("IdentityObject[ " + identityObject.getName() + " | " + identityObject.getIdentityType().getName() + "] not present in the store.", e);
        }
    }

    private HibernateIdentityObjectRelationshipType getHibernateIdentityObjectRelationshipType(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectRelationshipType identityObjectRelationshipType) throws IdentityException {
        try {
            return (HibernateIdentityObjectRelationshipType) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectRelationshipType.class).add(Restrictions.eq("name", identityObjectRelationshipType.getName())).setCacheable(true).uniqueResult();
        } catch (Exception e) {
            throw new IdentityException("IdentityObjectRelationshipType[ " + identityObjectRelationshipType.getName() + "] not present in the store.");
        }
    }

    private HibernateIdentityObjectCredentialType getHibernateIdentityObjectCredentialType(IdentityStoreInvocationContext identityStoreInvocationContext, IdentityObjectCredentialType identityObjectCredentialType) throws IdentityException {
        try {
            return (HibernateIdentityObjectCredentialType) getHibernateSession(identityStoreInvocationContext).createCriteria(HibernateIdentityObjectCredentialType.class).add(Restrictions.eq("name", identityObjectCredentialType.getName())).setCacheable(true).uniqueResult();
        } catch (HibernateException e) {
            throw new IdentityException("IdentityObjectCredentialType[ " + identityObjectCredentialType.getName() + "] not present in the store.");
        }
    }

    public void populateObjectTypes(org.hibernate.Session session, String[] strArr) throws Exception {
        for (String str : strArr) {
            if (((HibernateIdentityObjectType) session.createCriteria(HibernateIdentityObjectType.class).add(Restrictions.eq("name", str)).uniqueResult()) == null) {
                session.persist(new HibernateIdentityObjectType(str));
            }
        }
    }

    public void populateRelationshipTypes(org.hibernate.Session session, String[] strArr) throws Exception {
        for (String str : strArr) {
            if (((HibernateIdentityObjectRelationshipType) session.createCriteria(HibernateIdentityObjectRelationshipType.class).add(Restrictions.eq("name", str)).uniqueResult()) == null) {
                session.persist(new HibernateIdentityObjectRelationshipType(str));
            }
        }
    }

    public void populateCredentialTypes(org.hibernate.Session session, String[] strArr) throws Exception {
        for (String str : strArr) {
            if (((HibernateIdentityObjectCredentialType) session.createCriteria(HibernateIdentityObjectCredentialType.class).add(Restrictions.eq("name", str)).uniqueResult()) == null) {
                session.persist(new HibernateIdentityObjectCredentialType(str));
            }
        }
    }

    public void addRealm(org.hibernate.Session session, String str) throws IdentityException {
        try {
            session.persist(new HibernateRealm(str));
        } catch (Exception e) {
            throw new IdentityException("Failed to create store realm", e);
        }
    }

    private HibernateRealm getRealm(org.hibernate.Session session, IdentityStoreInvocationContext identityStoreInvocationContext) throws IdentityException {
        HibernateRealm hibernateRealm;
        if (getRealmName(identityStoreInvocationContext) == null) {
            throw new IllegalStateException("Realm Id not present");
        }
        if (isRealmAware()) {
            hibernateRealm = (HibernateRealm) session.createCriteria(HibernateRealm.class).add(Restrictions.eq("name", getRealmName(identityStoreInvocationContext))).setCacheable(true).uniqueResult();
            if (hibernateRealm == null) {
                HibernateRealm hibernateRealm2 = new HibernateRealm(getRealmName(identityStoreInvocationContext));
                session.persist(hibernateRealm2);
                return hibernateRealm2;
            }
        } else {
            hibernateRealm = (HibernateRealm) session.createCriteria(HibernateRealm.class).add(Restrictions.eq("name", DEFAULT_REALM_NAME)).setCacheable(true).uniqueResult();
            if (hibernateRealm == null) {
                throw new IllegalStateException("Default store realm is not present: " + DEFAULT_REALM_NAME);
            }
        }
        return hibernateRealm;
    }

    private String getRealmName(IdentityStoreInvocationContext identityStoreInvocationContext) {
        return isRealmAware() ? identityStoreInvocationContext.getRealmId() : DEFAULT_REALM_NAME;
    }

    private boolean isRealmAware() {
        return this.isRealmAware;
    }

    private boolean isAllowNotDefinedAttributes() {
        return this.isAllowNotDefinedAttributes;
    }

    private String resolveAttributeStoreMapping(IdentityObjectType identityObjectType, String str) throws IdentityException {
        IdentityObjectAttributeMetaData identityObjectAttributeMetaData;
        if (this.attributesMetaData.containsKey(identityObjectType.getName()) && (identityObjectAttributeMetaData = this.attributesMetaData.get(identityObjectType.getName()).get(str)) != null) {
            return identityObjectAttributeMetaData.getStoreMapping() != null ? identityObjectAttributeMetaData.getStoreMapping() : identityObjectAttributeMetaData.getName();
        }
        if (isAllowNotDefinedAttributes()) {
            return str;
        }
        throw new IdentityException("Attribute name is not configured in this store");
    }

    private String resolveAttributeNameFromStoreMapping(IdentityObjectType identityObjectType, String str) {
        Map<String, String> map;
        if (this.reverseAttributeMappings.containsKey(identityObjectType.getName()) && (map = this.reverseAttributeMappings.get(identityObjectType.getName())) != null) {
            return map.containsKey(str) ? map.get(str) : str;
        }
        if (isAllowNotDefinedAttributes()) {
            return str;
        }
        return null;
    }

    private void filterByAttributesValues(Collection<IdentityObject> collection, Map<String, String[]> map) {
        HashSet hashSet = new HashSet();
        for (IdentityObject identityObject : collection) {
            Map<String, Collection> attributesAsMap = ((HibernateIdentityObject) identityObject).getAttributesAsMap();
            Iterator<Map.Entry<String, String[]>> it = map.entrySet().iterator();
            while (true) {
                if (it.hasNext()) {
                    Map.Entry<String, String[]> next = it.next();
                    if (!attributesAsMap.containsKey(next.getKey())) {
                        hashSet.add(identityObject);
                        break;
                    }
                    HashSet hashSet2 = new HashSet(Arrays.asList(next.getValue()));
                    Collection collection2 = attributesAsMap.get(next.getKey());
                    Iterator it2 = hashSet2.iterator();
                    while (true) {
                        if (it2.hasNext()) {
                            if (!collection2.contains((String) it2.next())) {
                                hashSet.add(identityObject);
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                }
            }
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            collection.remove((IdentityObject) it3.next());
        }
    }

    protected boolean isAllowNotDefinedIdentityObjectTypes() {
        return this.isAllowNotDefinedIdentityObjectTypes;
    }

    public boolean isManageTransactionDuringBootstrap() {
        return this.isManageTransactionDuringBootstrap;
    }

    static {
        supportedIdentityObjectSearchCriteria.add(IdentityObjectSearchCriteriaType.ATTRIBUTE_FILTER);
        supportedIdentityObjectSearchCriteria.add(IdentityObjectSearchCriteriaType.NAME_FILTER);
        supportedIdentityObjectSearchCriteria.add(IdentityObjectSearchCriteriaType.PAGE);
        supportedIdentityObjectSearchCriteria.add(IdentityObjectSearchCriteriaType.SORT);
        supportedCredentialTypes.add(CREDENTIAL_TYPE_PASSWORD);
        supportedCredentialTypes.add(CREDENTIAL_TYPE_BINARY);
    }
}
