package org.keycloak.models.jpa;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.persistence.EntityManager;
import javax.persistence.TypedQuery;
import org.codehaus.plexus.util.SelectorUtils;
import org.jboss.as.patching.Constants;
import org.jboss.weld.probe.Strings;
import org.jboss.weld.serialization.spi.BeanIdentifier;
import org.keycloak.common.constants.ServiceAccountConstants;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.UserCredentialStore;
import org.keycloak.models.ClientModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.jpa.entities.CredentialAttributeEntity;
import org.keycloak.models.jpa.entities.CredentialEntity;
import org.keycloak.models.jpa.entities.FederatedIdentityEntity;
import org.keycloak.models.jpa.entities.UserAttributeEntity;
import org.keycloak.models.jpa.entities.UserConsentEntity;
import org.keycloak.models.jpa.entities.UserConsentProtocolMapperEntity;
import org.keycloak.models.jpa.entities.UserConsentRoleEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.utils.DefaultRoles;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.storage.UserStorageProvider;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-model-jpa/main/keycloak-model-jpa-2.5.5.Final.jar:org/keycloak/models/jpa/JpaUserProvider.class */
public class JpaUserProvider implements UserProvider, UserCredentialStore {
    private static final String EMAIL = "email";
    private static final String USERNAME = "username";
    private static final String FIRST_NAME = "firstName";
    private static final String LAST_NAME = "lastName";
    private final KeycloakSession session;
    protected EntityManager em;

    public JpaUserProvider(KeycloakSession keycloakSession, EntityManager entityManager) {
        this.session = keycloakSession;
        this.em = entityManager;
    }

    @Override // org.keycloak.models.UserProvider
    public UserModel addUser(RealmModel realmModel, String str, String str2, boolean z, boolean z2) {
        if (str == null) {
            str = KeycloakModelUtils.generateId();
        }
        UserEntity userEntity = new UserEntity();
        userEntity.setId(str);
        userEntity.setCreatedTimestamp(Long.valueOf(System.currentTimeMillis()));
        userEntity.setUsername(str2.toLowerCase());
        userEntity.setRealmId(realmModel.getId());
        this.em.persist(userEntity);
        this.em.flush();
        UserAdapter userAdapter = new UserAdapter(this.session, realmModel, this.em, userEntity);
        if (z) {
            DefaultRoles.addDefaultRoles(realmModel, userAdapter);
            Iterator<GroupModel> it = realmModel.getDefaultGroups().iterator();
            while (it.hasNext()) {
                userAdapter.joinGroupImpl(it.next());
            }
        }
        if (z2) {
            for (RequiredActionProviderModel requiredActionProviderModel : realmModel.getRequiredActionProviders()) {
                if (requiredActionProviderModel.isEnabled() && requiredActionProviderModel.isDefaultAction()) {
                    userAdapter.addRequiredAction(requiredActionProviderModel.getAlias());
                }
            }
        }
        return userAdapter;
    }

    @Override // org.keycloak.storage.user.UserRegistrationProvider
    public UserModel addUser(RealmModel realmModel, String str) {
        return addUser(realmModel, KeycloakModelUtils.generateId(), str.toLowerCase(), true, true);
    }

    @Override // org.keycloak.storage.user.UserRegistrationProvider
    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        UserEntity userEntity = (UserEntity) this.em.find(UserEntity.class, userModel.getId());
        if (userEntity == null) {
            return false;
        }
        removeUser(userEntity);
        return true;
    }

    private void removeUser(UserEntity userEntity) {
        String id = userEntity.getId();
        this.em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteUserGroupMembershipsByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteFederatedIdentityByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentRolesByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentProtMappersByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentsByUser").setParameter("user", userEntity).executeUpdate();
        this.em.flush();
        this.em.clear();
        UserEntity userEntity2 = (UserEntity) this.em.find(UserEntity.class, id);
        if (userEntity2 != null) {
            this.em.remove(userEntity2);
        }
        this.em.flush();
    }

    @Override // org.keycloak.models.UserProvider
    public void addFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        FederatedIdentityEntity federatedIdentityEntity = new FederatedIdentityEntity();
        federatedIdentityEntity.setRealmId(realmModel.getId());
        federatedIdentityEntity.setIdentityProvider(federatedIdentityModel.getIdentityProvider());
        federatedIdentityEntity.setUserId(federatedIdentityModel.getUserId());
        federatedIdentityEntity.setUserName(federatedIdentityModel.getUserName().toLowerCase());
        federatedIdentityEntity.setToken(federatedIdentityModel.getToken());
        federatedIdentityEntity.setUser((UserEntity) this.em.getReference(UserEntity.class, userModel.getId()));
        this.em.persist(federatedIdentityEntity);
        this.em.flush();
    }

    @Override // org.keycloak.models.UserProvider
    public void updateFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        FederatedIdentityEntity findFederatedIdentity = findFederatedIdentity(userModel, federatedIdentityModel.getIdentityProvider());
        findFederatedIdentity.setToken(federatedIdentityModel.getToken());
        this.em.persist(findFederatedIdentity);
        this.em.flush();
    }

    @Override // org.keycloak.models.UserProvider
    public boolean removeFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        FederatedIdentityEntity findFederatedIdentity = findFederatedIdentity(userModel, str);
        if (findFederatedIdentity == null) {
            return false;
        }
        this.em.remove(findFederatedIdentity);
        this.em.flush();
        return true;
    }

    @Override // org.keycloak.models.UserProvider
    public void addConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        String id = userConsentModel.getClient().getId();
        if (getGrantedConsentEntity(str, id) != null) {
            throw new ModelDuplicateException("Consent already exists for client [" + id + "] and user [" + str + SelectorUtils.PATTERN_HANDLER_SUFFIX);
        }
        long currentTimeMillis = Time.currentTimeMillis();
        UserConsentEntity userConsentEntity = new UserConsentEntity();
        userConsentEntity.setId(KeycloakModelUtils.generateId());
        userConsentEntity.setUser((UserEntity) this.em.getReference(UserEntity.class, str));
        userConsentEntity.setClientId(id);
        userConsentEntity.setCreatedDate(Long.valueOf(currentTimeMillis));
        userConsentEntity.setLastUpdatedDate(Long.valueOf(currentTimeMillis));
        this.em.persist(userConsentEntity);
        this.em.flush();
        updateGrantedConsentEntity(userConsentEntity, userConsentModel);
    }

    @Override // org.keycloak.models.UserProvider
    public UserConsentModel getConsentByClient(RealmModel realmModel, String str, String str2) {
        return toConsentModel(realmModel, getGrantedConsentEntity(str, str2));
    }

    @Override // org.keycloak.models.UserProvider
    public List<UserConsentModel> getConsents(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("userConsentsByUser", UserConsentEntity.class);
        createNamedQuery.setParameter("userId", (Object) str);
        List resultList = createNamedQuery.getResultList();
        ArrayList arrayList = new ArrayList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            arrayList.add(toConsentModel(realmModel, (UserConsentEntity) it.next()));
        }
        return arrayList;
    }

    @Override // org.keycloak.models.UserProvider
    public void updateConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        String id = userConsentModel.getClient().getId();
        UserConsentEntity grantedConsentEntity = getGrantedConsentEntity(str, id);
        if (grantedConsentEntity == null) {
            throw new ModelException("Consent not found for client [" + id + "] and user [" + str + SelectorUtils.PATTERN_HANDLER_SUFFIX);
        }
        updateGrantedConsentEntity(grantedConsentEntity, userConsentModel);
    }

    @Override // org.keycloak.models.UserProvider
    public boolean revokeConsentForClient(RealmModel realmModel, String str, String str2) {
        UserConsentEntity grantedConsentEntity = getGrantedConsentEntity(str, str2);
        if (grantedConsentEntity == null) {
            return false;
        }
        this.em.remove(grantedConsentEntity);
        this.em.flush();
        return true;
    }

    private UserConsentEntity getGrantedConsentEntity(String str, String str2) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("userConsentByUserAndClient", UserConsentEntity.class);
        createNamedQuery.setParameter("userId", (Object) str);
        createNamedQuery.setParameter(ServiceAccountConstants.CLIENT_ID, (Object) str2);
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() > 1) {
            throw new ModelException("More results found for user [" + str + "] and client [" + str2 + SelectorUtils.PATTERN_HANDLER_SUFFIX);
        }
        if (resultList.size() == 1) {
            return (UserConsentEntity) resultList.get(0);
        }
        return null;
    }

    private UserConsentModel toConsentModel(RealmModel realmModel, UserConsentEntity userConsentEntity) {
        if (userConsentEntity == null) {
            return null;
        }
        ClientModel clientById = realmModel.getClientById(userConsentEntity.getClientId());
        if (clientById == null) {
            throw new ModelException("Client with id " + userConsentEntity.getClientId() + " is not available");
        }
        UserConsentModel userConsentModel = new UserConsentModel(clientById);
        userConsentModel.setCreatedDate(userConsentEntity.getCreatedDate());
        userConsentModel.setLastUpdatedDate(userConsentEntity.getLastUpdatedDate());
        Collection<UserConsentRoleEntity> grantedRoles = userConsentEntity.getGrantedRoles();
        if (grantedRoles != null) {
            Iterator<UserConsentRoleEntity> it = grantedRoles.iterator();
            while (it.hasNext()) {
                RoleModel roleById = realmModel.getRoleById(it.next().getRoleId());
                if (roleById != null) {
                    userConsentModel.addGrantedRole(roleById);
                }
            }
        }
        Collection<UserConsentProtocolMapperEntity> grantedProtocolMappers = userConsentEntity.getGrantedProtocolMappers();
        if (grantedProtocolMappers != null) {
            Iterator<UserConsentProtocolMapperEntity> it2 = grantedProtocolMappers.iterator();
            while (it2.hasNext()) {
                userConsentModel.addGrantedProtocolMapper(clientById.getProtocolMapperById(it2.next().getProtocolMapperId()));
            }
        }
        return userConsentModel;
    }

    private void updateGrantedConsentEntity(UserConsentEntity userConsentEntity, UserConsentModel userConsentModel) {
        Collection<UserConsentProtocolMapperEntity> grantedProtocolMappers = userConsentEntity.getGrantedProtocolMappers();
        HashSet<UserConsentProtocolMapperEntity> hashSet = new HashSet(grantedProtocolMappers);
        for (ProtocolMapperModel protocolMapperModel : userConsentModel.getGrantedProtocolMappers()) {
            UserConsentProtocolMapperEntity userConsentProtocolMapperEntity = new UserConsentProtocolMapperEntity();
            userConsentProtocolMapperEntity.setUserConsent(userConsentEntity);
            userConsentProtocolMapperEntity.setProtocolMapperId(protocolMapperModel.getId());
            if (grantedProtocolMappers.contains(userConsentProtocolMapperEntity)) {
                hashSet.remove(userConsentProtocolMapperEntity);
            } else {
                this.em.persist(userConsentProtocolMapperEntity);
                this.em.flush();
                grantedProtocolMappers.add(userConsentProtocolMapperEntity);
            }
        }
        for (UserConsentProtocolMapperEntity userConsentProtocolMapperEntity2 : hashSet) {
            grantedProtocolMappers.remove(userConsentProtocolMapperEntity2);
            this.em.remove(userConsentProtocolMapperEntity2);
        }
        Collection<UserConsentRoleEntity> grantedRoles = userConsentEntity.getGrantedRoles();
        HashSet<UserConsentRoleEntity> hashSet2 = new HashSet(grantedRoles);
        for (RoleModel roleModel : userConsentModel.getGrantedRoles()) {
            UserConsentRoleEntity userConsentRoleEntity = new UserConsentRoleEntity();
            userConsentRoleEntity.setUserConsent(userConsentEntity);
            userConsentRoleEntity.setRoleId(roleModel.getId());
            if (grantedRoles.contains(userConsentRoleEntity)) {
                hashSet2.remove(userConsentRoleEntity);
            } else {
                this.em.persist(userConsentRoleEntity);
                this.em.flush();
                grantedRoles.add(userConsentRoleEntity);
            }
        }
        for (UserConsentRoleEntity userConsentRoleEntity2 : hashSet2) {
            grantedRoles.remove(userConsentRoleEntity2);
            this.em.remove(userConsentRoleEntity2);
        }
        userConsentEntity.setLastUpdatedDate(Long.valueOf(Time.currentTimeMillis()));
        this.em.flush();
    }

    @Override // org.keycloak.storage.user.UserBulkUpdateProvider
    public void grantToAllUsers(RealmModel realmModel, RoleModel roleModel) {
        this.em.createNamedQuery("grantRoleToAllUsers").setParameter("realmId", realmModel.getId()).setParameter("roleId", roleModel.getId()).executeUpdate();
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel) {
        this.em.createNamedQuery("deleteUserConsentRolesByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentProtMappersByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserRoleMappingsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserRequiredActionsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedIdentityByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteCredentialAttributeByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteCredentialsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserAttributesByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserGroupMembershipByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUsersByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
    }

    public void removeUserDataByLink(RealmModel realmModel, String str) {
        this.em.createNamedQuery("deleteUserRoleMappingsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
        this.em.createNamedQuery("deleteUserRequiredActionsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
        this.em.createNamedQuery("deleteFederatedIdentityByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
        this.em.createNamedQuery("deleteCredentialAttributeByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
        this.em.createNamedQuery("deleteCredentialsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
        this.em.createNamedQuery("deleteUserAttributesByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
        this.em.createNamedQuery("deleteUserGroupMembershipsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
        this.em.createNamedQuery("deleteUsersByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter(Constants.LINK, str).executeUpdate();
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, RoleModel roleModel) {
        this.em.createNamedQuery("deleteUserConsentRolesByRole").setParameter("roleId", roleModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserRoleMappingsByRole").setParameter("roleId", roleModel.getId()).executeUpdate();
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, ClientModel clientModel) {
        this.em.createNamedQuery("deleteUserConsentProtMappersByClient").setParameter(ServiceAccountConstants.CLIENT_ID, clientModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentRolesByClient").setParameter(ServiceAccountConstants.CLIENT_ID, clientModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentsByClient").setParameter(ServiceAccountConstants.CLIENT_ID, clientModel.getId()).executeUpdate();
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(ProtocolMapperModel protocolMapperModel) {
        this.em.createNamedQuery("deleteUserConsentProtMappersByProtocolMapper").setParameter("protocolMapperId", protocolMapperModel.getId()).executeUpdate();
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getGroupMembers(RealmModel realmModel, GroupModel groupModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("groupMembership", UserEntity.class);
        createNamedQuery.setParameter("groupId", (Object) groupModel.getId());
        List resultList = createNamedQuery.getResultList();
        ArrayList arrayList = new ArrayList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            arrayList.add(new UserAdapter(this.session, realmModel, this.em, (UserEntity) it.next()));
        }
        return arrayList;
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, GroupModel groupModel) {
        this.em.createNamedQuery("deleteUserGroupMembershipsByGroup").setParameter("groupId", groupModel.getId()).executeUpdate();
    }

    @Override // org.keycloak.storage.user.UserLookupProvider
    public UserModel getUserById(String str, RealmModel realmModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUserById", UserEntity.class);
        createNamedQuery.setParameter("id", (Object) str);
        createNamedQuery.setParameter("realmId", (Object) realmModel.getId());
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() == 0) {
            return null;
        }
        return new UserAdapter(this.session, realmModel, this.em, (UserEntity) resultList.get(0));
    }

    @Override // org.keycloak.storage.user.UserLookupProvider
    public UserModel getUserByUsername(String str, RealmModel realmModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUserByUsername", UserEntity.class);
        createNamedQuery.setParameter("username", (Object) str.toLowerCase());
        createNamedQuery.setParameter("realmId", (Object) realmModel.getId());
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() == 0) {
            return null;
        }
        return new UserAdapter(this.session, realmModel, this.em, (UserEntity) resultList.get(0));
    }

    @Override // org.keycloak.storage.user.UserLookupProvider
    public UserModel getUserByEmail(String str, RealmModel realmModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUserByEmail", UserEntity.class);
        createNamedQuery.setParameter("email", (Object) str.toLowerCase());
        createNamedQuery.setParameter("realmId", (Object) realmModel.getId());
        List<UserEntity> resultList = createNamedQuery.getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        ensureEmailConstraint(resultList, realmModel);
        return new UserAdapter(this.session, realmModel, this.em, resultList.get(0));
    }

    @Override // org.keycloak.models.UserProvider, org.keycloak.provider.Provider
    public void close() {
    }

    @Override // org.keycloak.models.UserProvider
    public UserModel getUserByFederatedIdentity(FederatedIdentityModel federatedIdentityModel, RealmModel realmModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("findUserByFederatedIdentityAndRealm", UserEntity.class);
        createNamedQuery.setParameter("realmId", (Object) realmModel.getId());
        createNamedQuery.setParameter("identityProvider", (Object) federatedIdentityModel.getIdentityProvider());
        createNamedQuery.setParameter("userId", (Object) federatedIdentityModel.getUserId());
        List resultList = createNamedQuery.getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        if (resultList.size() > 1) {
            throw new IllegalStateException("More results found for identityProvider=" + federatedIdentityModel.getIdentityProvider() + ", userId=" + federatedIdentityModel.getUserId() + ", results=" + resultList);
        }
        return new UserAdapter(this.session, realmModel, this.em, (UserEntity) resultList.get(0));
    }

    @Override // org.keycloak.models.UserProvider
    public UserModel getServiceAccount(ClientModel clientModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUserByServiceAccount", UserEntity.class);
        createNamedQuery.setParameter("realmId", (Object) clientModel.getRealm().getId());
        createNamedQuery.setParameter("clientInternalId", (Object) clientModel.getId());
        List resultList = createNamedQuery.getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        if (resultList.size() > 1) {
            throw new IllegalStateException("More service account linked users found for client=" + clientModel.getClientId() + ", results=" + resultList);
        }
        return new UserAdapter(this.session, clientModel.getRealm(), this.em, (UserEntity) resultList.get(0));
    }

    @Override // org.keycloak.models.UserProvider
    public List<UserModel> getUsers(RealmModel realmModel, boolean z) {
        return getUsers(realmModel, -1, -1, z);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public int getUsersCount(RealmModel realmModel) {
        return ((Number) this.em.createNamedQuery("getRealmUserCount").setParameter("realmId", realmModel.getId()).getSingleResult()).intValue();
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getUsers(RealmModel realmModel) {
        return getUsers(realmModel, false);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getUsers(RealmModel realmModel, int i, int i2) {
        return getUsers(realmModel, i, i2, false);
    }

    @Override // org.keycloak.models.UserProvider
    public List<UserModel> getUsers(RealmModel realmModel, int i, int i2, boolean z) {
        TypedQuery createNamedQuery = this.em.createNamedQuery(z ? "getAllUsersByRealm" : "getAllUsersByRealmExcludeServiceAccount", UserEntity.class);
        createNamedQuery.setParameter("realmId", (Object) realmModel.getId());
        if (i != -1) {
            createNamedQuery.setFirstResult(i);
        }
        if (i2 != -1) {
            createNamedQuery.setMaxResults(i2);
        }
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            linkedList.add(new UserAdapter(this.session, realmModel, this.em, (UserEntity) it.next()));
        }
        return linkedList;
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> getGroupMembers(RealmModel realmModel, GroupModel groupModel, int i, int i2) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("groupMembership", UserEntity.class);
        createNamedQuery.setParameter("groupId", (Object) groupModel.getId());
        if (i != -1) {
            createNamedQuery.setFirstResult(i);
        }
        if (i2 != -1) {
            createNamedQuery.setMaxResults(i2);
        }
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            linkedList.add(new UserAdapter(this.session, realmModel, this.em, (UserEntity) it.next()));
        }
        return linkedList;
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(String str, RealmModel realmModel) {
        return searchForUser(str, realmModel, -1, -1);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(String str, RealmModel realmModel, int i, int i2) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("searchForUser", UserEntity.class);
        createNamedQuery.setParameter("realmId", (Object) realmModel.getId());
        createNamedQuery.setParameter(Strings.SEARCH, (Object) (BeanIdentifier.BEAN_ID_SEPARATOR + str.toLowerCase() + BeanIdentifier.BEAN_ID_SEPARATOR));
        if (i != -1) {
            createNamedQuery.setFirstResult(i);
        }
        if (i2 != -1) {
            createNamedQuery.setMaxResults(i2);
        }
        List resultList = createNamedQuery.getResultList();
        LinkedList linkedList = new LinkedList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            linkedList.add(new UserAdapter(this.session, realmModel, this.em, (UserEntity) it.next()));
        }
        return linkedList;
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(Map<String, String> map, RealmModel realmModel) {
        return searchForUser(map, realmModel, -1, -1);
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUser(Map<String, String> map, RealmModel realmModel, int i, int i2) {
        StringBuilder sb = new StringBuilder("select u from UserEntity u where u.realmId = :realmId");
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String str = null;
            String str2 = null;
            if (entry.getKey().equals("username")) {
                str = "lower(u.username)";
                str2 = "username";
            } else if (entry.getKey().equalsIgnoreCase("firstName")) {
                str = "lower(u.firstName)";
                str2 = "firstName";
            } else if (entry.getKey().equalsIgnoreCase("lastName")) {
                str = "lower(u.lastName)";
                str2 = "lastName";
            } else if (entry.getKey().equalsIgnoreCase("email")) {
                str = "lower(u.email)";
                str2 = "email";
            }
            if (str != null) {
                sb.append(" and ");
                sb.append(str).append(" like :").append(str2);
            }
        }
        sb.append(" order by u.username");
        TypedQuery createQuery = this.em.createQuery(sb.toString(), UserEntity.class);
        createQuery.setParameter("realmId", (Object) realmModel.getId());
        for (Map.Entry<String, String> entry2 : map.entrySet()) {
            String str3 = null;
            if (entry2.getKey().equals("username")) {
                str3 = "username";
            } else if (entry2.getKey().equalsIgnoreCase("firstName")) {
                str3 = "firstName";
            } else if (entry2.getKey().equalsIgnoreCase("lastName")) {
                str3 = "lastName";
            } else if (entry2.getKey().equalsIgnoreCase("email")) {
                str3 = "email";
            }
            if (str3 != null) {
                createQuery.setParameter(str3, (Object) (BeanIdentifier.BEAN_ID_SEPARATOR + entry2.getValue().toLowerCase() + BeanIdentifier.BEAN_ID_SEPARATOR));
            }
        }
        if (i != -1) {
            createQuery.setFirstResult(i);
        }
        if (i2 != -1) {
            createQuery.setMaxResults(i2);
        }
        List resultList = createQuery.getResultList();
        ArrayList arrayList = new ArrayList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            arrayList.add(new UserAdapter(this.session, realmModel, this.em, (UserEntity) it.next()));
        }
        return arrayList;
    }

    @Override // org.keycloak.storage.user.UserQueryProvider
    public List<UserModel> searchForUserByUserAttribute(String str, String str2, RealmModel realmModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getAttributesByNameAndValue", UserAttributeEntity.class);
        createNamedQuery.setParameter("name", (Object) str);
        createNamedQuery.setParameter("value", (Object) str2);
        List resultList = createNamedQuery.getResultList();
        ArrayList arrayList = new ArrayList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            arrayList.add(new UserAdapter(this.session, realmModel, this.em, ((UserAttributeEntity) it.next()).getUser()));
        }
        return arrayList;
    }

    private FederatedIdentityEntity findFederatedIdentity(UserModel userModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("findFederatedIdentityByUserAndProvider", FederatedIdentityEntity.class);
        createNamedQuery.setParameter("user", this.em.getReference(UserEntity.class, userModel.getId()));
        createNamedQuery.setParameter("identityProvider", (Object) str);
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() > 0) {
            return (FederatedIdentityEntity) resultList.get(0);
        }
        return null;
    }

    @Override // org.keycloak.models.UserProvider
    public Set<FederatedIdentityModel> getFederatedIdentities(UserModel userModel, RealmModel realmModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("findFederatedIdentityByUser", FederatedIdentityEntity.class);
        createNamedQuery.setParameter("user", this.em.getReference(UserEntity.class, userModel.getId()));
        List<FederatedIdentityEntity> resultList = createNamedQuery.getResultList();
        HashSet hashSet = new HashSet();
        for (FederatedIdentityEntity federatedIdentityEntity : resultList) {
            hashSet.add(new FederatedIdentityModel(federatedIdentityEntity.getIdentityProvider(), federatedIdentityEntity.getUserId(), federatedIdentityEntity.getUserName(), federatedIdentityEntity.getToken()));
        }
        return hashSet;
    }

    @Override // org.keycloak.models.UserProvider
    public FederatedIdentityModel getFederatedIdentity(UserModel userModel, String str, RealmModel realmModel) {
        FederatedIdentityEntity findFederatedIdentity = findFederatedIdentity(userModel, str);
        if (findFederatedIdentity != null) {
            return new FederatedIdentityModel(findFederatedIdentity.getIdentityProvider(), findFederatedIdentity.getUserId(), findFederatedIdentity.getUserName(), findFederatedIdentity.getToken());
        }
        return null;
    }

    @Override // org.keycloak.models.UserProvider
    public void preRemove(RealmModel realmModel, ComponentModel componentModel) {
        if (componentModel.getProviderType().equals(UserStorageProvider.class.getName())) {
            removeUserDataByLink(realmModel, componentModel.getId());
        }
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        CredentialEntity credentialEntity = (CredentialEntity) this.em.find(CredentialEntity.class, credentialModel.getId());
        if (credentialEntity == null) {
            return;
        }
        credentialEntity.setAlgorithm(credentialModel.getAlgorithm());
        credentialEntity.setCounter(credentialModel.getCounter());
        credentialEntity.setCreatedDate(credentialModel.getCreatedDate());
        credentialEntity.setDevice(credentialModel.getDevice());
        credentialEntity.setDigits(credentialModel.getDigits());
        credentialEntity.setHashIterations(credentialModel.getHashIterations());
        credentialEntity.setPeriod(credentialModel.getPeriod());
        credentialEntity.setSalt(credentialModel.getSalt());
        credentialEntity.setType(credentialModel.getType());
        credentialEntity.setValue(credentialModel.getValue());
        if (credentialEntity.getCredentialAttributes().isEmpty() && (credentialModel.getConfig() == null || credentialModel.getConfig().isEmpty())) {
            return;
        }
        MultivaluedHashMap<String, String> config = credentialModel.getConfig();
        MultivaluedHashMap<String, String> config2 = credentialModel.getConfig();
        if (config2 == null) {
            config2 = new MultivaluedHashMap<>();
        }
        Iterator<CredentialAttributeEntity> it = credentialEntity.getCredentialAttributes().iterator();
        while (it.hasNext()) {
            CredentialAttributeEntity next = it.next();
            List<String> list = config2.getList(next.getName());
            if (list == null || !list.contains(next.getValue())) {
                this.em.remove(next);
                it.remove();
            } else {
                config.add(next.getName(), next.getValue());
            }
        }
        for (String str : config2.keySet()) {
            List<String> list2 = config2.getList(str);
            List<String> list3 = config.getList(str);
            for (String str2 : list2) {
                if (list3 == null || !list3.contains(str2)) {
                    CredentialAttributeEntity credentialAttributeEntity = new CredentialAttributeEntity();
                    credentialAttributeEntity.setId(KeycloakModelUtils.generateId());
                    credentialAttributeEntity.setValue(str2);
                    credentialAttributeEntity.setName(str);
                    credentialAttributeEntity.setCredential(credentialEntity);
                    this.em.persist(credentialAttributeEntity);
                    credentialEntity.getCredentialAttributes().add(credentialAttributeEntity);
                }
            }
        }
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        CredentialEntity credentialEntity = new CredentialEntity();
        credentialEntity.setId(credentialModel.getId() == null ? KeycloakModelUtils.generateId() : credentialModel.getId());
        credentialEntity.setAlgorithm(credentialModel.getAlgorithm());
        credentialEntity.setCounter(credentialModel.getCounter());
        credentialEntity.setCreatedDate(credentialModel.getCreatedDate());
        credentialEntity.setDevice(credentialModel.getDevice());
        credentialEntity.setDigits(credentialModel.getDigits());
        credentialEntity.setHashIterations(credentialModel.getHashIterations());
        credentialEntity.setPeriod(credentialModel.getPeriod());
        credentialEntity.setSalt(credentialModel.getSalt());
        credentialEntity.setType(credentialModel.getType());
        credentialEntity.setValue(credentialModel.getValue());
        credentialEntity.setUser((UserEntity) this.em.getReference(UserEntity.class, userModel.getId()));
        this.em.persist(credentialEntity);
        MultivaluedHashMap<String, String> config = credentialModel.getConfig();
        if (config != null && !config.isEmpty()) {
            for (String str : config.keySet()) {
                for (String str2 : config.getList(str)) {
                    CredentialAttributeEntity credentialAttributeEntity = new CredentialAttributeEntity();
                    credentialAttributeEntity.setId(KeycloakModelUtils.generateId());
                    credentialAttributeEntity.setValue(str2);
                    credentialAttributeEntity.setName(str);
                    credentialAttributeEntity.setCredential(credentialEntity);
                    this.em.persist(credentialAttributeEntity);
                    credentialEntity.getCredentialAttributes().add(credentialAttributeEntity);
                }
            }
        }
        return toModel(credentialEntity);
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public boolean removeStoredCredential(RealmModel realmModel, UserModel userModel, String str) {
        CredentialEntity credentialEntity = (CredentialEntity) this.em.find(CredentialEntity.class, str);
        if (credentialEntity == null) {
            return false;
        }
        this.em.remove(credentialEntity);
        return true;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel getStoredCredentialById(RealmModel realmModel, UserModel userModel, String str) {
        CredentialEntity credentialEntity = (CredentialEntity) this.em.find(CredentialEntity.class, str);
        if (credentialEntity == null) {
            return null;
        }
        return toModel(credentialEntity);
    }

    protected CredentialModel toModel(CredentialEntity credentialEntity) {
        CredentialModel credentialModel = new CredentialModel();
        credentialModel.setId(credentialEntity.getId());
        credentialModel.setType(credentialEntity.getType());
        credentialModel.setValue(credentialEntity.getValue());
        credentialModel.setAlgorithm(credentialEntity.getAlgorithm());
        credentialModel.setSalt(credentialEntity.getSalt());
        credentialModel.setPeriod(credentialEntity.getPeriod());
        credentialModel.setCounter(credentialEntity.getCounter());
        credentialModel.setCreatedDate(credentialEntity.getCreatedDate());
        credentialModel.setDevice(credentialEntity.getDevice());
        credentialModel.setDigits(credentialEntity.getDigits());
        credentialModel.setHashIterations(credentialEntity.getHashIterations());
        MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>();
        credentialModel.setConfig(multivaluedHashMap);
        for (CredentialAttributeEntity credentialAttributeEntity : credentialEntity.getCredentialAttributes()) {
            multivaluedHashMap.add(credentialAttributeEntity.getName(), credentialAttributeEntity.getValue());
        }
        return credentialModel;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public List<CredentialModel> getStoredCredentials(RealmModel realmModel, UserModel userModel) {
        List resultList = this.em.createNamedQuery("credentialByUser", CredentialEntity.class).setParameter("user", this.em.getReference(UserEntity.class, userModel.getId())).getResultList();
        LinkedList linkedList = new LinkedList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            linkedList.add(toModel((CredentialEntity) it.next()));
        }
        return linkedList;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public List<CredentialModel> getStoredCredentialsByType(RealmModel realmModel, UserModel userModel, String str) {
        List resultList = this.em.createNamedQuery("credentialByUserAndType", CredentialEntity.class).setParameter("type", (Object) str).setParameter("user", this.em.getReference(UserEntity.class, userModel.getId())).getResultList();
        LinkedList linkedList = new LinkedList();
        Iterator it = resultList.iterator();
        while (it.hasNext()) {
            linkedList.add(toModel((CredentialEntity) it.next()));
        }
        return linkedList;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, UserModel userModel, String str, String str2) {
        List resultList = this.em.createNamedQuery("credentialByNameAndType", CredentialEntity.class).setParameter("type", (Object) str2).setParameter("device", (Object) str).setParameter("user", this.em.getReference(UserEntity.class, userModel.getId())).getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        return toModel((CredentialEntity) resultList.get(0));
    }

    protected void ensureEmailConstraint(List<UserEntity> list, RealmModel realmModel) {
        UserEntity userEntity = list.get(0);
        if (list.size() > 1) {
            throw new ModelDuplicateException("Multiple users with email '" + userEntity.getEmail() + "' exist in Keycloak.");
        }
        if (realmModel.isDuplicateEmailsAllowed() || userEntity.getEmail() == null || userEntity.getEmail().equals(userEntity.getEmailConstraint())) {
            return;
        }
        userEntity.setEmailConstraint(userEntity.getEmail());
        this.em.persist(userEntity);
    }
}
