package org.keycloak.models.mongo.keycloak.adapters;

import com.mongodb.BasicDBObject;
import com.mongodb.DBObject;
import com.mongodb.QueryBuilder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import org.codehaus.plexus.util.SelectorUtils;
import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.connections.mongo.api.MongoStore;
import org.keycloak.connections.mongo.api.context.MongoStoreInvocationContext;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.UserCredentialStore;
import org.keycloak.models.ClientModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.mongo.keycloak.entities.CredentialEntity;
import org.keycloak.models.mongo.keycloak.entities.FederatedIdentityEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserConsentEntity;
import org.keycloak.models.mongo.keycloak.entities.MongoUserEntity;
import org.keycloak.models.mongo.keycloak.entities.UserConsentEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.UserModelDelegate;
import org.keycloak.storage.UserStorageProvider;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-model-mongo/main/keycloak-model-mongo-2.5.5.Final.jar:org/keycloak/models/mongo/keycloak/adapters/MongoUserProvider.class */
public class MongoUserProvider implements UserProvider, UserCredentialStore {
    private final MongoStoreInvocationContext invocationContext;
    private final KeycloakSession session;

    public MongoUserProvider(KeycloakSession keycloakSession, MongoStoreInvocationContext mongoStoreInvocationContext) {
        this.session = keycloakSession;
        this.invocationContext = mongoStoreInvocationContext;
    }

    @Override // org.keycloak.models.UserProvider, org.keycloak.provider.Provider
    public void close() {
    }

    @Override // org.keycloak.storage.user.UserLookupProvider
    public UserAdapter getUserById(String str, RealmModel realmModel) {
        MongoUserEntity mongoUserEntity = (MongoUserEntity) getMongoStore().loadEntity(MongoUserEntity.class, str, this.invocationContext);
        if (mongoUserEntity == null || !realmModel.getId().equals(mongoUserEntity.getRealmId())) {
            return null;
        }
        return new UserAdapter(this.session, realmModel, mongoUserEntity, this.invocationContext);
    }

    @Override // org.keycloak.storage.user.UserLookupProvider
    public UserModel getUserByUsername(String str, RealmModel realmModel) {
        MongoUserEntity mongoUserEntity = (MongoUserEntity) getMongoStore().loadSingleEntity(MongoUserEntity.class, new QueryBuilder().and("username").is(str.toLowerCase()).and("realmId").is(realmModel.getId()).get(), this.invocationContext);
        if (mongoUserEntity == null) {
            return null;
        }
        return new UserAdapter(this.session, realmModel, mongoUserEntity, this.invocationContext);
    }

    @Override // org.keycloak.storage.user.UserLookupProvider
    public UserModel getUserByEmail(String str, RealmModel realmModel) {
        List<MongoUserEntity> loadEntities = getMongoStore().loadEntities(MongoUserEntity.class, new QueryBuilder().and("email").is(str.toLowerCase()).and("realmId").is(realmModel.getId()).get(), this.invocationContext);
        if (loadEntities.isEmpty()) {
            return null;
        }
        ensureEmailConstraint(loadEntities, realmModel);
        return new UserAdapter(this.session, realmModel, loadEntities.get(0), this.invocationContext);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getGroupMembers(RealmModel realmModel, GroupModel groupModel, int i, int i2) {
        QueryBuilder is = new QueryBuilder().and("realmId").is(realmModel.getId());
        is.and("groupIds").is(groupModel.getId());
        return convertUserEntities(realmModel, getMongoStore().loadEntities(MongoUserEntity.class, is.get(), new BasicDBObject("username", 1), i, i2, this.invocationContext));
    }

    protected MongoStore getMongoStore() {
        return this.invocationContext.getMongoStore();
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getGroupMembers(RealmModel realmModel, GroupModel groupModel) {
        return getGroupMembers(realmModel, groupModel, -1, -1);
    }

    @Override // org.keycloak.models.UserProvider
    public UserModel getUserByFederatedIdentity(FederatedIdentityModel federatedIdentityModel, RealmModel realmModel) {
        MongoUserEntity mongoUserEntity = (MongoUserEntity) getMongoStore().loadSingleEntity(MongoUserEntity.class, new QueryBuilder().and("federatedIdentities.identityProvider").is(federatedIdentityModel.getIdentityProvider()).and("federatedIdentities.userId").is(federatedIdentityModel.getUserId()).and("realmId").is(realmModel.getId()).get(), this.invocationContext);
        if (mongoUserEntity == null) {
            return null;
        }
        return new UserAdapter(this.session, realmModel, mongoUserEntity, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public UserModel getServiceAccount(ClientModel clientModel) {
        MongoUserEntity mongoUserEntity = (MongoUserEntity) getMongoStore().loadSingleEntity(MongoUserEntity.class, new QueryBuilder().and("serviceAccountClientLink").is(clientModel.getId()).and("realmId").is(clientModel.getRealm().getId()).get(), this.invocationContext);
        if (mongoUserEntity == null) {
            return null;
        }
        return new UserAdapter(this.session, clientModel.getRealm(), mongoUserEntity, this.invocationContext);
    }

    protected List<UserModel> convertUserEntities(RealmModel realmModel, List<MongoUserEntity> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<MongoUserEntity> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new UserAdapter(this.session, realmModel, it.next(), this.invocationContext));
        }
        return arrayList;
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getUsers(RealmModel realmModel) {
        return getUsers(realmModel, false);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getUsers(RealmModel realmModel, int i, int i2) {
        return getUsers(realmModel, i, i2, false);
    }

    @Override // org.keycloak.models.UserProvider
    public List<UserModel> getUsers(RealmModel realmModel, boolean z) {
        return getUsers(realmModel, -1, -1, z);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public int getUsersCount(RealmModel realmModel) {
        return getMongoStore().countEntities(MongoUserEntity.class, new QueryBuilder().and("realmId").is(realmModel.getId()).get(), this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public List<UserModel> getUsers(RealmModel realmModel, int i, int i2, boolean z) {
        QueryBuilder is = new QueryBuilder().and("realmId").is(realmModel.getId());
        if (!z) {
            is = is.and("serviceAccountClientLink").is(null);
        }
        return convertUserEntities(realmModel, getMongoStore().loadEntities(MongoUserEntity.class, is.get(), new BasicDBObject("username", 1), i, i2, this.invocationContext));
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(String str, RealmModel realmModel) {
        return searchForUser(str, realmModel, -1, -1);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(String str, RealmModel realmModel, int i, int i2) {
        QueryBuilder or;
        String trim = str.trim();
        Pattern compile = Pattern.compile("(?i:" + trim + ")");
        int lastIndexOf = trim.lastIndexOf(" ");
        if (lastIndexOf != -1) {
            or = new QueryBuilder().and(new QueryBuilder().put("firstName").regex(Pattern.compile("(?i:" + trim.substring(0, lastIndexOf) + "$)")).get(), new QueryBuilder().put("lastName").regex(Pattern.compile("(?i:^" + trim.substring(lastIndexOf + 1) + ")")).get());
        } else {
            or = new QueryBuilder().or(new QueryBuilder().put("firstName").regex(compile).get(), new QueryBuilder().put("lastName").regex(compile).get());
        }
        return convertUserEntities(realmModel, getMongoStore().loadEntities(MongoUserEntity.class, new QueryBuilder().and(new QueryBuilder().and("realmId").is(realmModel.getId()).get(), new QueryBuilder().and("serviceAccountClientLink").is(null).get(), new QueryBuilder().or(new QueryBuilder().put("username").regex(compile).get(), new QueryBuilder().put("email").regex(compile).get(), or.get()).get()).get(), new BasicDBObject("username", 1), i, i2, this.invocationContext));
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(Map<String, String> map, RealmModel realmModel) {
        return searchForUser(map, realmModel, -1, -1);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(Map<String, String> map, RealmModel realmModel, int i, int i2) {
        QueryBuilder is = new QueryBuilder().and("realmId").is(realmModel.getId());
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getKey().equalsIgnoreCase("username")) {
                is.and("username").regex(Pattern.compile(".*" + entry.getValue() + ".*", 2));
            } else if (entry.getKey().equalsIgnoreCase("firstName")) {
                is.and("firstName").regex(Pattern.compile(".*" + entry.getValue() + ".*", 2));
            } else if (entry.getKey().equalsIgnoreCase("lastName")) {
                is.and("lastName").regex(Pattern.compile(".*" + entry.getValue() + ".*", 2));
            } else if (entry.getKey().equalsIgnoreCase("email")) {
                is.and("email").regex(Pattern.compile(".*" + entry.getValue() + ".*", 2));
            }
        }
        return convertUserEntities(realmModel, getMongoStore().loadEntities(MongoUserEntity.class, is.get(), new BasicDBObject("username", 1), i, i2, this.invocationContext));
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUserByUserAttribute(String str, String str2, RealmModel realmModel) {
        QueryBuilder is = new QueryBuilder().and("realmId").is(realmModel.getId());
        is.and("attributes." + str).is(str2);
        return convertUserEntities(realmModel, getMongoStore().loadEntities(MongoUserEntity.class, is.get(), this.invocationContext));
    }

    @Override // org.keycloak.models.UserProvider
    public Set<FederatedIdentityModel> getFederatedIdentities(UserModel userModel, RealmModel realmModel) {
        List<FederatedIdentityEntity> federatedIdentities = getUserById(userModel.getId(), realmModel).getUser().getFederatedIdentities();
        if (federatedIdentities == null) {
            return Collections.EMPTY_SET;
        }
        HashSet hashSet = new HashSet();
        for (FederatedIdentityEntity federatedIdentityEntity : federatedIdentities) {
            hashSet.add(new FederatedIdentityModel(federatedIdentityEntity.getIdentityProvider(), federatedIdentityEntity.getUserId(), federatedIdentityEntity.getUserName(), federatedIdentityEntity.getToken()));
        }
        return hashSet;
    }

    @Override // org.keycloak.models.UserProvider
    public FederatedIdentityModel getFederatedIdentity(UserModel userModel, String str, RealmModel realmModel) {
        FederatedIdentityEntity findFederatedIdentityLink = findFederatedIdentityLink(getUserById(userModel.getId(), realmModel).getUser(), str);
        if (findFederatedIdentityLink != null) {
            return new FederatedIdentityModel(findFederatedIdentityLink.getIdentityProvider(), findFederatedIdentityLink.getUserId(), findFederatedIdentityLink.getUserName(), findFederatedIdentityLink.getToken());
        }
        return null;
    }

    @Override // org.keycloak.models.UserProvider
    public UserAdapter addUser(RealmModel realmModel, String str, String str2, boolean z, boolean z2) {
        UserAdapter addUserEntity = addUserEntity(realmModel, str, str2.toLowerCase());
        if (z) {
            Iterator<String> it = realmModel.getDefaultRoles().iterator();
            while (it.hasNext()) {
                addUserEntity.grantRole(realmModel.getRole(it.next()));
            }
            for (ClientModel clientModel : realmModel.getClients()) {
                Iterator<String> it2 = clientModel.getDefaultRoles().iterator();
                while (it2.hasNext()) {
                    addUserEntity.grantRole(clientModel.getRole(it2.next()));
                }
            }
            Iterator<GroupModel> it3 = realmModel.getDefaultGroups().iterator();
            while (it3.hasNext()) {
                addUserEntity.joinGroup(it3.next());
            }
        }
        if (z2) {
            for (RequiredActionProviderModel requiredActionProviderModel : realmModel.getRequiredActionProviders()) {
                if (requiredActionProviderModel.isEnabled() && requiredActionProviderModel.isDefaultAction()) {
                    addUserEntity.addRequiredAction(requiredActionProviderModel.getAlias());
                }
            }
        }
        return addUserEntity;
    }

    protected UserAdapter addUserEntity(RealmModel realmModel, String str, String str2) {
        MongoUserEntity mongoUserEntity = new MongoUserEntity();
        mongoUserEntity.setId(str);
        mongoUserEntity.setUsername(str2);
        mongoUserEntity.setCreatedTimestamp(Long.valueOf(System.currentTimeMillis()));
        mongoUserEntity.setRealmId(realmModel.getId());
        getMongoStore().insertEntity(mongoUserEntity, this.invocationContext);
        return new UserAdapter(this.session, realmModel, mongoUserEntity, this.invocationContext);
    }

    @Override // org.keycloak.storage.user.UserRegistrationProvider
    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        return getMongoStore().removeEntity(MongoUserEntity.class, userModel.getId(), this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void addFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        MongoUserEntity user = getUserById(userModel.getId(), realmModel).getUser();
        FederatedIdentityEntity federatedIdentityEntity = new FederatedIdentityEntity();
        federatedIdentityEntity.setIdentityProvider(federatedIdentityModel.getIdentityProvider());
        federatedIdentityEntity.setUserId(federatedIdentityModel.getUserId());
        federatedIdentityEntity.setUserName(federatedIdentityModel.getUserName().toLowerCase());
        federatedIdentityEntity.setToken(federatedIdentityModel.getToken());
        getMongoStore().pushItemToList(user, "federatedIdentities", federatedIdentityEntity, true, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void updateFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        MongoUserEntity user = getUserById(userModel.getId(), realmModel).getUser();
        FederatedIdentityEntity findFederatedIdentityLink = findFederatedIdentityLink(user, federatedIdentityModel.getIdentityProvider());
        user.getFederatedIdentities().remove(findFederatedIdentityLink);
        findFederatedIdentityLink.setToken(federatedIdentityModel.getToken());
        getMongoStore().pushItemToList(user, "federatedIdentities", findFederatedIdentityLink, true, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public boolean removeFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        MongoUserEntity user = getUserById(userModel.getId(), realmModel).getUser();
        FederatedIdentityEntity findFederatedIdentityLink = findFederatedIdentityLink(user, str);
        if (findFederatedIdentityLink == null) {
            return false;
        }
        return getMongoStore().pullItemFromList(user, "federatedIdentities", findFederatedIdentityLink, this.invocationContext);
    }

    private FederatedIdentityEntity findFederatedIdentityLink(MongoUserEntity mongoUserEntity, String str) {
        List<FederatedIdentityEntity> federatedIdentities = mongoUserEntity.getFederatedIdentities();
        if (federatedIdentities == null) {
            return null;
        }
        for (FederatedIdentityEntity federatedIdentityEntity : federatedIdentities) {
            if (federatedIdentityEntity.getIdentityProvider().equals(str)) {
                return federatedIdentityEntity;
            }
        }
        return null;
    }

    @Override // org.keycloak.storage.user.UserRegistrationProvider
    public UserModel addUser(RealmModel realmModel, String str) {
        return addUser(realmModel, (String) null, str, true, true);
    }

    @Override // org.keycloak.storage.user.UserBulkUpdateProvider
    public void grantToAllUsers(RealmModel realmModel, RoleModel roleModel) {
        getMongoStore().updateEntities(MongoUserEntity.class, new QueryBuilder().and("realmId").is(realmModel.getId()).get(), new QueryBuilder().and("$push").is(new BasicDBObject("roleIds", roleModel.getId())).get(), this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel) {
        getMongoStore().removeEntities(MongoUserEntity.class, new QueryBuilder().and("realmId").is(realmModel.getId()).get(), true, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, ClientModel clientModel) {
        Iterator<RoleModel> it = clientModel.getRoles().iterator();
        while (it.hasNext()) {
            preRemove(realmModel, it.next());
        }
        getMongoStore().removeEntities(MongoUserConsentEntity.class, new QueryBuilder().and(ServiceAccountConstants.CLIENT_ID).is(clientModel.getId()).get(), false, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(ProtocolMapperModel protocolMapperModel) {
        DBObject dBObject = new QueryBuilder().and("grantedProtocolMappers").is(protocolMapperModel.getId()).get();
        getMongoStore().updateEntities(MongoUserConsentEntity.class, dBObject, new BasicDBObject("$pull", dBObject), this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, GroupModel groupModel) {
        DBObject dBObject = new QueryBuilder().and("groupIds").is(groupModel.getId()).get();
        getMongoStore().updateEntities(MongoUserEntity.class, dBObject, new BasicDBObject("$pull", dBObject), this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, RoleModel roleModel) {
        DBObject dBObject = new QueryBuilder().and("roleIds").is(roleModel.getId()).get();
        getMongoStore().updateEntities(MongoUserEntity.class, dBObject, new BasicDBObject("$pull", dBObject), this.invocationContext);
        DBObject dBObject2 = new QueryBuilder().and("grantedRoles").is(roleModel.getId()).get();
        getMongoStore().updateEntities(MongoUserConsentEntity.class, dBObject2, new BasicDBObject("$pull", dBObject2), this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void addConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        String id = userConsentModel.getClient().getId();
        if (getConsentEntityByClientId(str, id) != null) {
            throw new ModelDuplicateException("Consent already exists for client [" + id + "] and user [" + str + SelectorUtils.PATTERN_HANDLER_SUFFIX);
        }
        long currentTimeMillis = Time.currentTimeMillis();
        MongoUserConsentEntity mongoUserConsentEntity = new MongoUserConsentEntity();
        mongoUserConsentEntity.setUserId(str);
        mongoUserConsentEntity.setClientId(id);
        mongoUserConsentEntity.setCreatedDate(Long.valueOf(currentTimeMillis));
        mongoUserConsentEntity.setLastUpdatedDate(Long.valueOf(currentTimeMillis));
        fillEntityFromModel(userConsentModel, mongoUserConsentEntity);
        getMongoStore().insertEntity(mongoUserConsentEntity, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public UserConsentModel getConsentByClient(RealmModel realmModel, String str, String str2) {
        MongoUserConsentEntity consentEntityByClientId = getConsentEntityByClientId(str, str2);
        if (consentEntityByClientId != null) {
            return toConsentModel(realmModel, consentEntityByClientId);
        }
        return null;
    }

    @Override // org.keycloak.models.UserProvider
    public List<UserConsentModel> getConsents(RealmModel realmModel, String str) {
        ArrayList arrayList = new ArrayList();
        Iterator it = getMongoStore().loadEntities(MongoUserConsentEntity.class, new QueryBuilder().and("userId").is(str).get(), this.invocationContext).iterator();
        while (it.hasNext()) {
            arrayList.add(toConsentModel(realmModel, (UserConsentEntity) it.next()));
        }
        return arrayList;
    }

    private MongoUserConsentEntity getConsentEntityByClientId(String str, String str2) {
        return (MongoUserConsentEntity) getMongoStore().loadSingleEntity(MongoUserConsentEntity.class, new QueryBuilder().and("userId").is(str).and(ServiceAccountConstants.CLIENT_ID).is(str2).get(), this.invocationContext);
    }

    private UserConsentModel toConsentModel(RealmModel realmModel, UserConsentEntity userConsentEntity) {
        ClientModel clientById = realmModel.getClientById(userConsentEntity.getClientId());
        if (clientById == null) {
            throw new ModelException("Client with id " + userConsentEntity.getClientId() + " is not available");
        }
        UserConsentModel userConsentModel = new UserConsentModel(clientById);
        userConsentModel.setCreatedDate(userConsentEntity.getCreatedDate());
        userConsentModel.setLastUpdatedDate(userConsentEntity.getLastUpdatedDate());
        Iterator<String> it = userConsentEntity.getGrantedRoles().iterator();
        while (it.hasNext()) {
            RoleModel roleById = realmModel.getRoleById(it.next());
            if (roleById != null) {
                userConsentModel.addGrantedRole(roleById);
            }
        }
        Iterator<String> it2 = userConsentEntity.getGrantedProtocolMappers().iterator();
        while (it2.hasNext()) {
            userConsentModel.addGrantedProtocolMapper(clientById.getProtocolMapperById(it2.next()));
        }
        return userConsentModel;
    }

    private void fillEntityFromModel(UserConsentModel userConsentModel, MongoUserConsentEntity mongoUserConsentEntity) {
        LinkedList linkedList = new LinkedList();
        Iterator<RoleModel> it = userConsentModel.getGrantedRoles().iterator();
        while (it.hasNext()) {
            linkedList.add(it.next().getId());
        }
        mongoUserConsentEntity.setGrantedRoles(linkedList);
        LinkedList linkedList2 = new LinkedList();
        Iterator<ProtocolMapperModel> it2 = userConsentModel.getGrantedProtocolMappers().iterator();
        while (it2.hasNext()) {
            linkedList2.add(it2.next().getId());
        }
        mongoUserConsentEntity.setGrantedProtocolMappers(linkedList2);
        mongoUserConsentEntity.setLastUpdatedDate(Long.valueOf(Time.currentTimeMillis()));
    }

    @Override // org.keycloak.models.UserProvider
    public void updateConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        String id = userConsentModel.getClient().getId();
        MongoUserConsentEntity consentEntityByClientId = getConsentEntityByClientId(str, id);
        if (consentEntityByClientId == null) {
            throw new ModelException("Consent not found for client [" + id + "] and user [" + str + SelectorUtils.PATTERN_HANDLER_SUFFIX);
        }
        fillEntityFromModel(userConsentModel, consentEntityByClientId);
        getMongoStore().updateEntity(consentEntityByClientId, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public boolean revokeConsentForClient(RealmModel realmModel, String str, String str2) {
        MongoUserConsentEntity consentEntityByClientId = getConsentEntityByClientId(str, str2);
        if (consentEntityByClientId == null) {
            return false;
        }
        return getMongoStore().removeEntity(consentEntityByClientId, this.invocationContext);
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, ComponentModel componentModel) {
        if (componentModel.getProviderType().equals(UserStorageProvider.class.getName())) {
            List loadEntities = getMongoStore().loadEntities(MongoUserEntity.class, new QueryBuilder().and("federationLink").is(componentModel.getId()).get(), this.invocationContext);
            UserManager userManager = new UserManager(this.session);
            Iterator it = loadEntities.iterator();
            while (it.hasNext()) {
                userManager.removeUser(realmModel, new UserAdapter(this.session, realmModel, (MongoUserEntity) it.next(), this.invocationContext), this);
            }
        }
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        MongoUserEntity mongoUserEntity = getMongoUserEntity(userModel);
        CredentialEntity credentialEntity = getCredentialEntity(credentialModel, mongoUserEntity);
        if (credentialEntity == null) {
            return;
        }
        if (credentialEntity.getId() == null) {
            credentialEntity.setId(KeycloakModelUtils.generateId());
        }
        setValues(credentialModel, credentialEntity);
        getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
    }

    public CredentialEntity getCredentialEntity(CredentialModel credentialModel, MongoUserEntity mongoUserEntity) {
        CredentialEntity credentialEntity = null;
        Iterator<CredentialEntity> it = mongoUserEntity.getCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CredentialEntity next = it.next();
            if (credentialModel.getId() != null && credentialModel.getId().equals(next.getId())) {
                credentialEntity = next;
                break;
            }
            if (credentialModel.getType().equals(next.getType())) {
                credentialEntity = next;
                break;
            }
        }
        return credentialEntity;
    }

    public MongoUserEntity getMongoUserEntity(UserModel userModel) {
        return userModel instanceof UserAdapter ? ((UserAdapter) userModel).getMongoEntity() : userModel instanceof CachedUserModel ? getMongoUserEntity(((CachedUserModel) userModel).getDelegateForUpdate()) : userModel instanceof UserModelDelegate ? getMongoUserEntity(((UserModelDelegate) userModel).getDelegate()) : (MongoUserEntity) getMongoStore().loadEntity(MongoUserEntity.class, userModel.getId(), this.invocationContext);
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        MongoUserEntity mongoUserEntity = getMongoUserEntity(userModel);
        CredentialEntity credentialEntity = new CredentialEntity();
        credentialEntity.setId(KeycloakModelUtils.generateId());
        setValues(credentialModel, credentialEntity);
        credentialModel.setId(credentialEntity.getId());
        mongoUserEntity.getCredentials().add(credentialEntity);
        getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
        credentialModel.setId(credentialEntity.getId());
        return credentialModel;
    }

    public void setValues(CredentialModel credentialModel, CredentialEntity credentialEntity) {
        credentialEntity.setType(credentialModel.getType());
        credentialEntity.setDevice(credentialModel.getDevice());
        credentialEntity.setValue(credentialModel.getValue());
        credentialEntity.setSalt(credentialModel.getSalt());
        credentialEntity.setDevice(credentialModel.getDevice());
        credentialEntity.setHashIterations(credentialModel.getHashIterations());
        credentialEntity.setCounter(credentialModel.getCounter());
        credentialEntity.setAlgorithm(credentialModel.getAlgorithm());
        credentialEntity.setDigits(credentialModel.getDigits());
        credentialEntity.setPeriod(credentialModel.getPeriod());
        if (credentialModel.getConfig() == null) {
            credentialEntity.setConfig(null);
            return;
        }
        if (credentialEntity.getConfig() == null) {
            credentialEntity.setConfig(new MultivaluedHashMap());
        }
        credentialEntity.getConfig().clear();
        credentialEntity.getConfig().putAll(credentialModel.getConfig());
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public boolean removeStoredCredential(RealmModel realmModel, UserModel userModel, String str) {
        MongoUserEntity mongoUserEntity = getMongoUserEntity(userModel);
        Iterator<CredentialEntity> it = mongoUserEntity.getCredentials().iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getId())) {
                it.remove();
                getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
                return true;
            }
        }
        return false;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel getStoredCredentialById(RealmModel realmModel, UserModel userModel, String str) {
        MongoUserEntity mongoUserEntity = getMongoUserEntity(userModel);
        for (CredentialEntity credentialEntity : mongoUserEntity.getCredentials()) {
            if (str.equals(credentialEntity.getId())) {
                if (credentialEntity.getId() == null) {
                    credentialEntity.setId(KeycloakModelUtils.generateId());
                    getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
                }
                return toModel(credentialEntity);
            }
        }
        return null;
    }

    public CredentialModel toModel(CredentialEntity credentialEntity) {
        CredentialModel credentialModel = new CredentialModel();
        credentialModel.setId(credentialEntity.getId());
        credentialModel.setType(credentialEntity.getType());
        credentialModel.setDevice(credentialEntity.getDevice());
        credentialModel.setCreatedDate(credentialEntity.getCreatedDate());
        credentialModel.setValue(credentialEntity.getValue());
        credentialModel.setSalt(credentialEntity.getSalt());
        credentialModel.setHashIterations(credentialEntity.getHashIterations());
        credentialModel.setAlgorithm(credentialEntity.getAlgorithm());
        credentialModel.setCounter(credentialEntity.getCounter());
        credentialModel.setPeriod(credentialEntity.getPeriod());
        credentialModel.setDigits(credentialEntity.getDigits());
        if (credentialEntity.getConfig() != null) {
            credentialModel.setConfig(new MultivaluedHashMap<>());
            credentialModel.getConfig().putAll(credentialEntity.getConfig());
        }
        return credentialModel;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public List<CredentialModel> getStoredCredentials(RealmModel realmModel, UserModel userModel) {
        LinkedList linkedList = new LinkedList();
        MongoUserEntity mongoUserEntity = getMongoUserEntity(userModel);
        boolean z = false;
        for (CredentialEntity credentialEntity : mongoUserEntity.getCredentials()) {
            if (credentialEntity.getId() == null) {
                credentialEntity.setId(KeycloakModelUtils.generateId());
                z = true;
            }
            linkedList.add(toModel(credentialEntity));
        }
        if (z) {
            getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
        }
        return linkedList;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public List<CredentialModel> getStoredCredentialsByType(RealmModel realmModel, UserModel userModel, String str) {
        LinkedList linkedList = new LinkedList();
        MongoUserEntity mongoUserEntity = getMongoUserEntity(userModel);
        boolean z = false;
        for (CredentialEntity credentialEntity : mongoUserEntity.getCredentials()) {
            if (credentialEntity.getId() == null) {
                credentialEntity.setId(KeycloakModelUtils.generateId());
                z = true;
            }
            if (credentialEntity.getType().equals(str)) {
                linkedList.add(toModel(credentialEntity));
            }
        }
        if (z) {
            getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
        }
        return linkedList;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, UserModel userModel, String str, String str2) {
        MongoUserEntity mongoUserEntity = getMongoUserEntity(userModel);
        boolean z = false;
        CredentialModel credentialModel = null;
        Iterator<CredentialEntity> it = mongoUserEntity.getCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CredentialEntity next = it.next();
            if (next.getId() == null) {
                next.setId(KeycloakModelUtils.generateId());
                z = true;
            }
            if (next.getType().equals(str2) && str.equals(next.getDevice())) {
                credentialModel = toModel(next);
                break;
            }
        }
        if (z) {
            getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
        }
        return credentialModel;
    }

    protected void ensureEmailConstraint(List<MongoUserEntity> list, RealmModel realmModel) {
        MongoUserEntity mongoUserEntity = list.get(0);
        if (list.size() > 1) {
            throw new ModelDuplicateException("Multiple users with email '" + mongoUserEntity.getEmail() + "' exist in Keycloak.");
        }
        if (realmModel.isDuplicateEmailsAllowed() || mongoUserEntity.getEmail() == null || mongoUserEntity.getEmailIndex() != null) {
            return;
        }
        mongoUserEntity.setEmail(mongoUserEntity.getEmail(), false);
        getMongoStore().updateEntity(mongoUserEntity, this.invocationContext);
    }
}
