package org.keycloak.models.jpa;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Stream;
import javax.persistence.EntityManager;
import javax.persistence.LockModeType;
import javax.persistence.TypedQuery;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.UserCredentialStore;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.jpa.entities.CredentialEntity;
import org.keycloak.models.jpa.entities.FederatedIdentityEntity;
import org.keycloak.models.jpa.entities.UserConsentClientScopeEntity;
import org.keycloak.models.jpa.entities.UserConsentEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.jpa.entities.UserGroupMembershipEntity;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.client.ClientStorageProvider;
import org.keycloak.utils.StreamsUtil;

/* loaded from: input_file:org/keycloak/models/jpa/JpaUserProvider.class */
public class JpaUserProvider implements UserProvider.Streams, UserCredentialStore.Streams {
    private static final String EMAIL = "email";
    private static final String EMAIL_VERIFIED = "emailVerified";
    private static final String USERNAME = "username";
    private static final String FIRST_NAME = "firstName";
    private static final String LAST_NAME = "lastName";
    private final KeycloakSession session;
    protected EntityManager em;
    private final JpaUserCredentialStore credentialStore;

    public JpaUserProvider(KeycloakSession keycloakSession, EntityManager entityManager) {
        this.session = keycloakSession;
        this.em = entityManager;
        this.credentialStore = new JpaUserCredentialStore(keycloakSession, entityManager);
    }

    public UserModel addUser(RealmModel realmModel, String str, String str2, boolean z, boolean z2) {
        if (str == null) {
            str = KeycloakModelUtils.generateId();
        }
        UserEntity userEntity = new UserEntity();
        userEntity.setId(str);
        userEntity.setCreatedTimestamp(Long.valueOf(System.currentTimeMillis()));
        userEntity.setUsername(str2.toLowerCase());
        userEntity.setRealmId(realmModel.getId());
        this.em.persist(userEntity);
        this.em.flush();
        UserAdapter userAdapter = new UserAdapter(this.session, realmModel, this.em, userEntity);
        if (z) {
            userAdapter.grantRole(realmModel.getDefaultRole());
            Stream defaultGroupsStream = realmModel.getDefaultGroupsStream();
            userAdapter.getClass();
            defaultGroupsStream.forEach(userAdapter::joinGroupImpl);
        }
        if (z2) {
            Stream map = realmModel.getRequiredActionProvidersStream().filter((v0) -> {
                return v0.isEnabled();
            }).filter((v0) -> {
                return v0.isDefaultAction();
            }).map((v0) -> {
                return v0.getAlias();
            });
            userAdapter.getClass();
            map.forEach(userAdapter::addRequiredAction);
        }
        return userAdapter;
    }

    public UserModel addUser(RealmModel realmModel, String str) {
        return addUser(realmModel, KeycloakModelUtils.generateId(), str.toLowerCase(), true, true);
    }

    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        UserEntity userEntity = (UserEntity) this.em.find(UserEntity.class, userModel.getId(), LockModeType.PESSIMISTIC_WRITE);
        if (userEntity == null) {
            return false;
        }
        removeUser(userEntity);
        return true;
    }

    private void removeUser(UserEntity userEntity) {
        userEntity.getId();
        this.em.createNamedQuery("deleteUserRoleMappingsByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteUserGroupMembershipsByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentClientScopesByUser").setParameter("user", userEntity).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentsByUser").setParameter("user", userEntity).executeUpdate();
        this.em.remove(userEntity);
        this.em.flush();
    }

    public void addFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        FederatedIdentityEntity federatedIdentityEntity = new FederatedIdentityEntity();
        federatedIdentityEntity.setRealmId(realmModel.getId());
        federatedIdentityEntity.setIdentityProvider(federatedIdentityModel.getIdentityProvider());
        federatedIdentityEntity.setUserId(federatedIdentityModel.getUserId());
        federatedIdentityEntity.setUserName(federatedIdentityModel.getUserName().toLowerCase());
        federatedIdentityEntity.setToken(federatedIdentityModel.getToken());
        federatedIdentityEntity.setUser((UserEntity) this.em.getReference(UserEntity.class, userModel.getId()));
        this.em.persist(federatedIdentityEntity);
        this.em.flush();
    }

    public void updateFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        FederatedIdentityEntity findFederatedIdentity = findFederatedIdentity(userModel, federatedIdentityModel.getIdentityProvider(), LockModeType.PESSIMISTIC_WRITE);
        findFederatedIdentity.setToken(federatedIdentityModel.getToken());
        this.em.persist(findFederatedIdentity);
        this.em.flush();
    }

    public boolean removeFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        FederatedIdentityEntity findFederatedIdentity = findFederatedIdentity(userModel, str, LockModeType.PESSIMISTIC_WRITE);
        if (findFederatedIdentity == null) {
            return false;
        }
        this.em.remove(findFederatedIdentity);
        this.em.flush();
        return true;
    }

    public void preRemove(RealmModel realmModel, IdentityProviderModel identityProviderModel) {
        this.em.createNamedQuery("deleteFederatedIdentityByProvider").setParameter("realmId", realmModel.getId()).setParameter("providerAlias", identityProviderModel.getAlias()).executeUpdate();
    }

    public void addConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        String id = userConsentModel.getClient().getId();
        if (getGrantedConsentEntity(str, id, LockModeType.NONE) != null) {
            throw new ModelDuplicateException("Consent already exists for client [" + id + "] and user [" + str + "]");
        }
        long currentTimeMillis = Time.currentTimeMillis();
        UserConsentEntity userConsentEntity = new UserConsentEntity();
        userConsentEntity.setId(KeycloakModelUtils.generateId());
        userConsentEntity.setUser((UserEntity) this.em.getReference(UserEntity.class, str));
        StorageId storageId = new StorageId(id);
        if (storageId.isLocal()) {
            userConsentEntity.setClientId(id);
        } else {
            userConsentEntity.setClientStorageProvider(storageId.getProviderId());
            userConsentEntity.setExternalClientId(storageId.getExternalId());
        }
        userConsentEntity.setCreatedDate(Long.valueOf(currentTimeMillis));
        userConsentEntity.setLastUpdatedDate(Long.valueOf(currentTimeMillis));
        this.em.persist(userConsentEntity);
        this.em.flush();
        updateGrantedConsentEntity(userConsentEntity, userConsentModel);
    }

    public UserConsentModel getConsentByClient(RealmModel realmModel, String str, String str2) {
        return toConsentModel(realmModel, getGrantedConsentEntity(str, str2, LockModeType.NONE));
    }

    public Stream<UserConsentModel> getConsentsStream(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("userConsentsByUser", UserConsentEntity.class);
        createNamedQuery.setParameter("userId", str);
        return StreamsUtil.closing(createNamedQuery.getResultStream().map(userConsentEntity -> {
            return toConsentModel(realmModel, userConsentEntity);
        }));
    }

    public void updateConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        String id = userConsentModel.getClient().getId();
        UserConsentEntity grantedConsentEntity = getGrantedConsentEntity(str, id, LockModeType.PESSIMISTIC_WRITE);
        if (grantedConsentEntity == null) {
            throw new ModelException("Consent not found for client [" + id + "] and user [" + str + "]");
        }
        updateGrantedConsentEntity(grantedConsentEntity, userConsentModel);
    }

    public boolean revokeConsentForClient(RealmModel realmModel, String str, String str2) {
        UserConsentEntity grantedConsentEntity = getGrantedConsentEntity(str, str2, LockModeType.PESSIMISTIC_WRITE);
        if (grantedConsentEntity == null) {
            return false;
        }
        this.em.remove(grantedConsentEntity);
        this.em.flush();
        return true;
    }

    private UserConsentEntity getGrantedConsentEntity(String str, String str2, LockModeType lockModeType) {
        StorageId storageId = new StorageId(str2);
        TypedQuery createNamedQuery = this.em.createNamedQuery(storageId.isLocal() ? "userConsentByUserAndClient" : "userConsentByUserAndExternalClient", UserConsentEntity.class);
        createNamedQuery.setParameter("userId", str);
        if (storageId.isLocal()) {
            createNamedQuery.setParameter("clientId", str2);
        } else {
            createNamedQuery.setParameter("clientStorageProvider", storageId.getProviderId());
            createNamedQuery.setParameter("externalClientId", storageId.getExternalId());
        }
        createNamedQuery.setLockMode(lockModeType);
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() > 1) {
            throw new ModelException("More results found for user [" + str + "] and client [" + str2 + "]");
        }
        if (resultList.size() == 1) {
            return (UserConsentEntity) resultList.get(0);
        }
        return null;
    }

    private UserConsentModel toConsentModel(RealmModel realmModel, UserConsentEntity userConsentEntity) {
        if (userConsentEntity == null) {
            return null;
        }
        StorageId storageId = userConsentEntity.getClientId() == null ? new StorageId(userConsentEntity.getClientStorageProvider(), userConsentEntity.getExternalClientId()) : new StorageId(userConsentEntity.getClientId());
        ClientModel clientById = realmModel.getClientById(storageId.getId());
        if (clientById == null) {
            throw new ModelException("Client with id " + storageId.getId() + " is not available");
        }
        UserConsentModel userConsentModel = new UserConsentModel(clientById);
        userConsentModel.setCreatedDate(userConsentEntity.getCreatedDate());
        userConsentModel.setLastUpdatedDate(userConsentEntity.getLastUpdatedDate());
        Collection<UserConsentClientScopeEntity> grantedClientScopes = userConsentEntity.getGrantedClientScopes();
        if (grantedClientScopes != null) {
            Iterator<UserConsentClientScopeEntity> it = grantedClientScopes.iterator();
            while (it.hasNext()) {
                ClientScopeModel findClientScopeById = KeycloakModelUtils.findClientScopeById(realmModel, clientById, it.next().getScopeId());
                if (findClientScopeById != null) {
                    userConsentModel.addGrantedClientScope(findClientScopeById);
                }
            }
        }
        return userConsentModel;
    }

    private void updateGrantedConsentEntity(UserConsentEntity userConsentEntity, UserConsentModel userConsentModel) {
        Collection<UserConsentClientScopeEntity> grantedClientScopes = userConsentEntity.getGrantedClientScopes();
        HashSet<UserConsentClientScopeEntity> hashSet = new HashSet(grantedClientScopes);
        for (ClientScopeModel clientScopeModel : userConsentModel.getGrantedClientScopes()) {
            UserConsentClientScopeEntity userConsentClientScopeEntity = new UserConsentClientScopeEntity();
            userConsentClientScopeEntity.setUserConsent(userConsentEntity);
            userConsentClientScopeEntity.setScopeId(clientScopeModel.getId());
            if (grantedClientScopes.contains(userConsentClientScopeEntity)) {
                hashSet.remove(userConsentClientScopeEntity);
            } else {
                this.em.persist(userConsentClientScopeEntity);
                this.em.flush();
                grantedClientScopes.add(userConsentClientScopeEntity);
            }
        }
        for (UserConsentClientScopeEntity userConsentClientScopeEntity2 : hashSet) {
            grantedClientScopes.remove(userConsentClientScopeEntity2);
            this.em.remove(userConsentClientScopeEntity2);
        }
        userConsentEntity.setLastUpdatedDate(Long.valueOf(Time.currentTimeMillis()));
        this.em.flush();
    }

    public void setNotBeforeForUser(RealmModel realmModel, UserModel userModel, int i) {
        UserEntity userEntity = (UserEntity) this.em.getReference(UserEntity.class, userModel.getId());
        if (userEntity == null) {
            throw new ModelException("User does not exists");
        }
        userEntity.setNotBefore(i);
    }

    public int getNotBeforeOfUser(RealmModel realmModel, UserModel userModel) {
        UserEntity userEntity = (UserEntity) this.em.getReference(UserEntity.class, userModel.getId());
        if (userEntity == null) {
            throw new ModelException("User does not exists");
        }
        return userEntity.getNotBefore();
    }

    public void grantToAllUsers(RealmModel realmModel, RoleModel roleModel) {
        if (realmModel.equals(roleModel.isClientRole() ? roleModel.getContainer().getRealm() : roleModel.getContainer())) {
            this.em.createNamedQuery("grantRoleToAllUsers").setParameter("realmId", realmModel.getId()).setParameter("roleId", roleModel.getId()).executeUpdate();
        }
    }

    public void preRemove(RealmModel realmModel) {
        this.em.createNamedQuery("deleteUserConsentClientScopesByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserRoleMappingsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserRequiredActionsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteFederatedIdentityByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteCredentialsByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserAttributesByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUserGroupMembershipByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
        this.em.createNamedQuery("deleteUsersByRealm").setParameter("realmId", realmModel.getId()).executeUpdate();
    }

    public void removeImportedUsers(RealmModel realmModel, String str) {
        this.em.createNamedQuery("deleteUserRoleMappingsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteUserRequiredActionsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteFederatedIdentityByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteCredentialsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteUserAttributesByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteUserGroupMembershipsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentClientScopesByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentsByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
        this.em.createNamedQuery("deleteUsersByRealmAndLink").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
    }

    public void unlinkUsers(RealmModel realmModel, String str) {
        this.em.createNamedQuery("unlinkUsers").setParameter("realmId", realmModel.getId()).setParameter("link", str).executeUpdate();
    }

    public void preRemove(RealmModel realmModel, RoleModel roleModel) {
        this.em.createNamedQuery("deleteUserRoleMappingsByRole").setParameter("roleId", roleModel.getId()).executeUpdate();
    }

    public void preRemove(RealmModel realmModel, ClientModel clientModel) {
        StorageId storageId = new StorageId(clientModel.getId());
        if (storageId.isLocal()) {
            this.em.createNamedQuery("deleteUserConsentClientScopesByClient").setParameter("clientId", clientModel.getId()).executeUpdate();
            this.em.createNamedQuery("deleteUserConsentsByClient").setParameter("clientId", clientModel.getId()).executeUpdate();
        } else {
            this.em.createNamedQuery("deleteUserConsentClientScopesByExternalClient").setParameter("clientStorageProvider", storageId.getProviderId()).setParameter("externalClientId", storageId.getExternalId()).executeUpdate();
            this.em.createNamedQuery("deleteUserConsentsByExternalClient").setParameter("clientStorageProvider", storageId.getProviderId()).setParameter("externalClientId", storageId.getExternalId()).executeUpdate();
        }
    }

    public void preRemove(ProtocolMapperModel protocolMapperModel) {
    }

    public void preRemove(ClientScopeModel clientScopeModel) {
        this.em.createNamedQuery("deleteUserConsentClientScopesByClientScope").setParameter("scopeId", clientScopeModel.getId()).executeUpdate();
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("groupMembership", UserEntity.class);
        createNamedQuery.setParameter("groupId", groupModel.getId());
        return StreamsUtil.closing(createNamedQuery.getResultStream().map(userEntity -> {
            return new UserAdapter(this.session, realmModel, this.em, userEntity);
        }));
    }

    public Stream<UserModel> getRoleMembersStream(RealmModel realmModel, RoleModel roleModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("usersInRole", UserEntity.class);
        createNamedQuery.setParameter("roleId", roleModel.getId());
        return StreamsUtil.closing(createNamedQuery.getResultStream().map(userEntity -> {
            return new UserAdapter(this.session, realmModel, this.em, userEntity);
        }));
    }

    public void preRemove(RealmModel realmModel, GroupModel groupModel) {
        this.em.createNamedQuery("deleteUserGroupMembershipsByGroup").setParameter("groupId", groupModel.getId()).executeUpdate();
    }

    public UserModel getUserById(RealmModel realmModel, String str) {
        UserEntity userEntity = (UserEntity) this.em.find(UserEntity.class, str);
        if (userEntity == null || !realmModel.getId().equals(userEntity.getRealmId())) {
            return null;
        }
        return new UserAdapter(this.session, realmModel, this.em, userEntity);
    }

    public UserModel getUserByUsername(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUserByUsername", UserEntity.class);
        createNamedQuery.setParameter(USERNAME, str.toLowerCase());
        createNamedQuery.setParameter("realmId", realmModel.getId());
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() == 0) {
            return null;
        }
        return new UserAdapter(this.session, realmModel, this.em, (UserEntity) resultList.get(0));
    }

    public UserModel getUserByEmail(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUserByEmail", UserEntity.class);
        createNamedQuery.setParameter(EMAIL, str.toLowerCase());
        createNamedQuery.setParameter("realmId", realmModel.getId());
        List<UserEntity> resultList = createNamedQuery.getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        ensureEmailConstraint(resultList, realmModel);
        return new UserAdapter(this.session, realmModel, this.em, resultList.get(0));
    }

    public void close() {
    }

    public UserModel getUserByFederatedIdentity(RealmModel realmModel, FederatedIdentityModel federatedIdentityModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("findUserByFederatedIdentityAndRealm", UserEntity.class);
        createNamedQuery.setParameter("realmId", realmModel.getId());
        createNamedQuery.setParameter("identityProvider", federatedIdentityModel.getIdentityProvider());
        createNamedQuery.setParameter("userId", federatedIdentityModel.getUserId());
        List resultList = createNamedQuery.getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        if (resultList.size() > 1) {
            throw new IllegalStateException("More results found for identityProvider=" + federatedIdentityModel.getIdentityProvider() + ", userId=" + federatedIdentityModel.getUserId() + ", results=" + resultList);
        }
        return new UserAdapter(this.session, realmModel, this.em, (UserEntity) resultList.get(0));
    }

    public UserModel getServiceAccount(ClientModel clientModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUserByServiceAccount", UserEntity.class);
        createNamedQuery.setParameter("realmId", clientModel.getRealm().getId());
        createNamedQuery.setParameter("clientInternalId", clientModel.getId());
        List resultList = createNamedQuery.getResultList();
        if (resultList.isEmpty()) {
            return null;
        }
        if (resultList.size() > 1) {
            throw new IllegalStateException("More service account linked users found for client=" + clientModel.getClientId() + ", results=" + resultList);
        }
        return new UserAdapter(this.session, clientModel.getRealm(), this.em, (UserEntity) resultList.get(0));
    }

    public int getUsersCount(RealmModel realmModel, boolean z) {
        return ((Number) this.em.createNamedQuery(z ? "getRealmUserCount" : "getRealmUserCountExcludeServiceAccount").setParameter("realmId", realmModel.getId()).getSingleResult()).intValue();
    }

    public int getUsersCount(RealmModel realmModel, Set<String> set) {
        if (set == null || set.isEmpty()) {
            return 0;
        }
        TypedQuery createNamedQuery = this.em.createNamedQuery("userCountInGroups", Long.class);
        createNamedQuery.setParameter("realmId", realmModel.getId());
        createNamedQuery.setParameter("groupIds", set);
        return ((Long) createNamedQuery.getSingleResult()).intValue();
    }

    public int getUsersCount(RealmModel realmModel, String str) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("searchForUserCount", Long.class);
        createNamedQuery.setParameter("realmId", realmModel.getId());
        createNamedQuery.setParameter("search", "%" + str.toLowerCase() + "%");
        return ((Long) createNamedQuery.getSingleResult()).intValue();
    }

    public int getUsersCount(RealmModel realmModel, String str, Set<String> set) {
        if (set == null || set.isEmpty()) {
            return 0;
        }
        TypedQuery createNamedQuery = this.em.createNamedQuery("searchForUserCountInGroups", Long.class);
        createNamedQuery.setParameter("realmId", realmModel.getId());
        createNamedQuery.setParameter("search", "%" + str.toLowerCase() + "%");
        createNamedQuery.setParameter("groupIds", set);
        return ((Long) createNamedQuery.getSingleResult()).intValue();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x00ae. Please report as an issue. */
    public int getUsersCount(RealmModel realmModel, Map<String, String> map) {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Long.class);
        Root from = createQuery.from(UserEntity.class);
        CriteriaQuery select = createQuery.select(criteriaBuilder.count(from));
        ArrayList arrayList = new ArrayList();
        arrayList.add(criteriaBuilder.equal(from.get("realmId"), realmModel.getId()));
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (key != null && value != null) {
                boolean z = -1;
                switch (key.hashCode()) {
                    case -1459599807:
                        if (key.equals(LAST_NAME)) {
                            z = 2;
                            break;
                        }
                        break;
                    case -265713450:
                        if (key.equals(USERNAME)) {
                            z = false;
                            break;
                        }
                        break;
                    case 96619420:
                        if (key.equals(EMAIL)) {
                            z = 3;
                            break;
                        }
                        break;
                    case 132835675:
                        if (key.equals(FIRST_NAME)) {
                            z = true;
                            break;
                        }
                        break;
                    case 385184388:
                        if (key.equals(EMAIL_VERIFIED)) {
                            z = 4;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        arrayList.add(criteriaBuilder.like(from.get(USERNAME), "%" + value + "%"));
                        break;
                    case JpaRealmProviderFactory.PROVIDER_PRIORITY /* 1 */:
                        arrayList.add(criteriaBuilder.like(from.get(FIRST_NAME), "%" + value + "%"));
                        break;
                    case true:
                        arrayList.add(criteriaBuilder.like(from.get(LAST_NAME), "%" + value + "%"));
                        break;
                    case true:
                        arrayList.add(criteriaBuilder.like(from.get(EMAIL), "%" + value + "%"));
                        break;
                    case true:
                        arrayList.add(criteriaBuilder.equal(from.get(EMAIL_VERIFIED), Boolean.valueOf(Boolean.parseBoolean(value.toLowerCase()))));
                        break;
                }
            }
        }
        return ((Long) this.em.createQuery(select.where((Predicate[]) arrayList.toArray(new Predicate[0]))).getSingleResult()).intValue();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x00e7. Please report as an issue. */
    public int getUsersCount(RealmModel realmModel, Map<String, String> map, Set<String> set) {
        if (set == null || set.isEmpty()) {
            return 0;
        }
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Long.class);
        Root from = createQuery.from(UserGroupMembershipEntity.class);
        CriteriaQuery select = createQuery.select(criteriaBuilder.count(from.get("user")));
        ArrayList arrayList = new ArrayList();
        arrayList.add(criteriaBuilder.equal(from.get("user").get("realmId"), realmModel.getId()));
        arrayList.add(from.get("groupId").in(set));
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            if (key != null && value != null) {
                boolean z = -1;
                switch (key.hashCode()) {
                    case -1459599807:
                        if (key.equals(LAST_NAME)) {
                            z = 2;
                            break;
                        }
                        break;
                    case -265713450:
                        if (key.equals(USERNAME)) {
                            z = false;
                            break;
                        }
                        break;
                    case 96619420:
                        if (key.equals(EMAIL)) {
                            z = 3;
                            break;
                        }
                        break;
                    case 132835675:
                        if (key.equals(FIRST_NAME)) {
                            z = true;
                            break;
                        }
                        break;
                    case 385184388:
                        if (key.equals(EMAIL_VERIFIED)) {
                            z = 4;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        arrayList.add(criteriaBuilder.like(from.get("user").get(USERNAME), "%" + value + "%"));
                        break;
                    case JpaRealmProviderFactory.PROVIDER_PRIORITY /* 1 */:
                        arrayList.add(criteriaBuilder.like(from.get("user").get(FIRST_NAME), "%" + value + "%"));
                        break;
                    case true:
                        arrayList.add(criteriaBuilder.like(from.get("user").get(LAST_NAME), "%" + value + "%"));
                        break;
                    case true:
                        arrayList.add(criteriaBuilder.like(from.get("user").get(EMAIL), "%" + value + "%"));
                        break;
                    case true:
                        arrayList.add(criteriaBuilder.equal(from.get(EMAIL_VERIFIED), Boolean.valueOf(Boolean.parseBoolean(value.toLowerCase()))));
                        break;
                }
            }
        }
        return ((Long) this.em.createQuery(select.where((Predicate[]) arrayList.toArray(new Predicate[0]))).getSingleResult()).intValue();
    }

    public Stream<UserModel> getUsersStream(RealmModel realmModel, Integer num, Integer num2) {
        return getUsersStream(realmModel, num, num2, false);
    }

    public Stream<UserModel> getUsersStream(RealmModel realmModel, Integer num, Integer num2, boolean z) {
        TypedQuery createNamedQuery = this.em.createNamedQuery(z ? "getAllUsersByRealm" : "getAllUsersByRealmExcludeServiceAccount", UserEntity.class);
        createNamedQuery.setParameter("realmId", realmModel.getId());
        return StreamsUtil.closing(PaginationUtils.paginateQuery(createNamedQuery, num, num2).getResultStream().map(userEntity -> {
            return new UserAdapter(this.session, realmModel, this.em, userEntity);
        }));
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel, Integer num, Integer num2) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("groupMembership", UserEntity.class);
        createNamedQuery.setParameter("groupId", groupModel.getId());
        return StreamsUtil.closing(PaginationUtils.paginateQuery(createNamedQuery, num, num2).getResultStream().map(userEntity -> {
            return new UserAdapter(this.session, realmModel, this.em, userEntity);
        }));
    }

    public Stream<UserModel> getRoleMembersStream(RealmModel realmModel, RoleModel roleModel, Integer num, Integer num2) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("usersInRole", UserEntity.class);
        createNamedQuery.setParameter("roleId", roleModel.getId());
        return StreamsUtil.closing(PaginationUtils.paginateQuery(createNamedQuery, num, num2).getResultStream().map(userEntity -> {
            return new UserAdapter(this.session, realmModel, this.em, userEntity);
        }));
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, String str, Integer num, Integer num2) {
        HashMap hashMap = new HashMap();
        hashMap.put("keycloak.session.realm.users.query.search", str);
        this.session.setAttribute("keycloak.session.realm.users.query.include_service_account", false);
        return searchForUserStream(realmModel, hashMap, num, num2);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x01b2, code lost:
    
        switch(r25) {
            case 0: goto L65;
            case 1: goto L66;
            case 2: goto L66;
            case 3: goto L66;
            case 4: goto L66;
            case 5: goto L67;
            case 6: goto L68;
            case 7: goto L69;
            case 8: goto L70;
            default: goto L75;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x01e4, code lost:
    
        r0 = new java.util.ArrayList();
        r0.add(r0.like(r0.lower(r0.get(org.keycloak.models.jpa.JpaUserProvider.USERNAME)), "%" + r0.toLowerCase() + "%"));
        r0.add(r0.like(r0.lower(r0.get(org.keycloak.models.jpa.JpaUserProvider.EMAIL)), "%" + r0.toLowerCase() + "%"));
        r0.add(r0.like(r0.lower(r0.concat(r0.concat(r0.coalesce(r0.get(org.keycloak.models.jpa.JpaUserProvider.FIRST_NAME), r0.literal("")), " "), r0.coalesce(r0.get(org.keycloak.models.jpa.JpaUserProvider.LAST_NAME), r0.literal("")))), "%" + r0.toLowerCase() + "%"));
        r0.add(r0.or((javax.persistence.criteria.Predicate[]) r0.toArray(new javax.persistence.criteria.Predicate[r0.size()])));
     */
    /* JADX WARN: Code restructure failed: missing block: B:47:0x0318, code lost:
    
        if (java.lang.Boolean.valueOf(r12.getOrDefault("keycloak.session.realm.users.query.exact", java.lang.Boolean.FALSE.toString())).booleanValue() == false) goto L71;
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x0342, code lost:
    
        r0.add(r0.like(r0.lower(r0.get(r0)), "%" + r0.toLowerCase() + "%"));
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x031b, code lost:
    
        r0.add(r0.equal(r0.lower(r0.get(r0)), r0.toLowerCase()));
     */
    /* JADX WARN: Code restructure failed: missing block: B:55:0x0380, code lost:
    
        r0.add(r0.equal(r0.get(r0), java.lang.Boolean.valueOf(java.lang.Boolean.parseBoolean(r0.toLowerCase()))));
     */
    /* JADX WARN: Code restructure failed: missing block: B:58:0x03a6, code lost:
    
        r0.add(r0.equal(r0.get(r0), java.lang.Boolean.valueOf(java.lang.Boolean.parseBoolean(r0))));
     */
    /* JADX WARN: Code restructure failed: missing block: B:62:0x03cb, code lost:
    
        if (r19 != null) goto L52;
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x03ce, code lost:
    
        r19 = r0.join("federatedIdentities");
     */
    /* JADX WARN: Code restructure failed: missing block: B:64:0x03da, code lost:
    
        r0.add(r0.equal(r19.get("identityProvider"), r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x03f9, code lost:
    
        if (r19 != null) goto L56;
     */
    /* JADX WARN: Code restructure failed: missing block: B:69:0x03fc, code lost:
    
        r19 = r0.join("federatedIdentities");
     */
    /* JADX WARN: Code restructure failed: missing block: B:70:0x0408, code lost:
    
        r0.add(r0.equal(r19.get("userId"), r0));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.stream.Stream<org.keycloak.models.UserModel> searchForUserStream(org.keycloak.models.RealmModel r11, java.util.Map<java.lang.String, java.lang.String> r12, java.lang.Integer r13, java.lang.Integer r14) {
        /*
            Method dump skipped, instructions count: 1499
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.keycloak.models.jpa.JpaUserProvider.searchForUserStream(org.keycloak.models.RealmModel, java.util.Map, java.lang.Integer, java.lang.Integer):java.util.stream.Stream");
    }

    public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realmModel, String str, String str2) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("getRealmUsersByAttributeNameAndValue", UserEntity.class);
        createNamedQuery.setParameter("name", str);
        createNamedQuery.setParameter("value", str2);
        createNamedQuery.setParameter("realmId", realmModel.getId());
        return StreamsUtil.closing(createNamedQuery.getResultStream().map(userEntity -> {
            return new UserAdapter(this.session, realmModel, this.em, userEntity);
        }));
    }

    private FederatedIdentityEntity findFederatedIdentity(UserModel userModel, String str, LockModeType lockModeType) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("findFederatedIdentityByUserAndProvider", FederatedIdentityEntity.class);
        createNamedQuery.setParameter("user", (UserEntity) this.em.getReference(UserEntity.class, userModel.getId()));
        createNamedQuery.setParameter("identityProvider", str);
        createNamedQuery.setLockMode(lockModeType);
        List resultList = createNamedQuery.getResultList();
        if (resultList.size() > 0) {
            return (FederatedIdentityEntity) resultList.get(0);
        }
        return null;
    }

    public Stream<FederatedIdentityModel> getFederatedIdentitiesStream(RealmModel realmModel, UserModel userModel) {
        TypedQuery createNamedQuery = this.em.createNamedQuery("findFederatedIdentityByUser", FederatedIdentityEntity.class);
        createNamedQuery.setParameter("user", (UserEntity) this.em.getReference(UserEntity.class, userModel.getId()));
        return StreamsUtil.closing(createNamedQuery.getResultStream().map(federatedIdentityEntity -> {
            return new FederatedIdentityModel(federatedIdentityEntity.getIdentityProvider(), federatedIdentityEntity.getUserId(), federatedIdentityEntity.getUserName(), federatedIdentityEntity.getToken());
        }).distinct());
    }

    public FederatedIdentityModel getFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        FederatedIdentityEntity findFederatedIdentity = findFederatedIdentity(userModel, str, LockModeType.NONE);
        if (findFederatedIdentity != null) {
            return new FederatedIdentityModel(findFederatedIdentity.getIdentityProvider(), findFederatedIdentity.getUserId(), findFederatedIdentity.getUserName(), findFederatedIdentity.getToken());
        }
        return null;
    }

    public void preRemove(RealmModel realmModel, ComponentModel componentModel) {
        if (componentModel.getProviderType().equals(UserStorageProvider.class.getName())) {
            removeImportedUsers(realmModel, componentModel.getId());
        }
        if (componentModel.getProviderType().equals(ClientStorageProvider.class.getName())) {
            removeConsentByClientStorageProvider(realmModel, componentModel.getId());
        }
    }

    protected void removeConsentByClientStorageProvider(RealmModel realmModel, String str) {
        this.em.createNamedQuery("deleteUserConsentClientScopesByClientStorageProvider").setParameter("clientStorageProvider", str).executeUpdate();
        this.em.createNamedQuery("deleteUserConsentsByClientStorageProvider").setParameter("clientStorageProvider", str).executeUpdate();
    }

    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        this.credentialStore.updateCredential(realmModel, userModel, credentialModel);
    }

    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        CredentialEntity createCredentialEntity = this.credentialStore.createCredentialEntity(realmModel, userModel, credentialModel);
        UserEntity userInEntityManagerContext = userInEntityManagerContext(userModel.getId());
        if (userInEntityManagerContext != null) {
            userInEntityManagerContext.getCredentials().add(createCredentialEntity);
        }
        return toModel(createCredentialEntity);
    }

    public boolean removeStoredCredential(RealmModel realmModel, UserModel userModel, String str) {
        CredentialEntity removeCredentialEntity = this.credentialStore.removeCredentialEntity(realmModel, userModel, str);
        UserEntity userInEntityManagerContext = userInEntityManagerContext(userModel.getId());
        if (removeCredentialEntity != null && userInEntityManagerContext != null) {
            userInEntityManagerContext.getCredentials().remove(removeCredentialEntity);
        }
        return removeCredentialEntity != null;
    }

    public CredentialModel getStoredCredentialById(RealmModel realmModel, UserModel userModel, String str) {
        return this.credentialStore.getStoredCredentialById(realmModel, userModel, str);
    }

    protected CredentialModel toModel(CredentialEntity credentialEntity) {
        return this.credentialStore.toModel(credentialEntity);
    }

    public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realmModel, UserModel userModel) {
        return this.credentialStore.getStoredCredentialsStream(realmModel, userModel);
    }

    public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realmModel, UserModel userModel, String str) {
        UserEntity userInEntityManagerContext = userInEntityManagerContext(userModel.getId());
        return userInEntityManagerContext != null ? userInEntityManagerContext.getCredentials().stream().filter(credentialEntity -> {
            return str.equals(credentialEntity.getType());
        }).sorted(Comparator.comparingInt((v0) -> {
            return v0.getPriority();
        })).map(this::toModel) : this.credentialStore.getStoredCredentialsByTypeStream(realmModel, userModel, str);
    }

    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, UserModel userModel, String str, String str2) {
        return this.credentialStore.getStoredCredentialByNameAndType(realmModel, userModel, str, str2);
    }

    public boolean moveCredentialTo(RealmModel realmModel, UserModel userModel, String str, String str2) {
        return this.credentialStore.moveCredentialTo(realmModel, userModel, str, str2);
    }

    protected void ensureEmailConstraint(List<UserEntity> list, RealmModel realmModel) {
        UserEntity userEntity = list.get(0);
        if (list.size() > 1) {
            throw new ModelDuplicateException("Multiple users with email '" + userEntity.getEmail() + "' exist in Keycloak.");
        }
        if (realmModel.isDuplicateEmailsAllowed() || userEntity.getEmail() == null || userEntity.getEmail().equals(userEntity.getEmailConstraint())) {
            return;
        }
        userEntity.setEmailConstraint(userEntity.getEmail());
        this.em.persist(userEntity);
    }

    private UserEntity userInEntityManagerContext(String str) {
        UserEntity userEntity = (UserEntity) this.em.getReference(UserEntity.class, str);
        if (this.em.getEntityManagerFactory().getPersistenceUnitUtil().isLoaded(userEntity)) {
            return userEntity;
        }
        return null;
    }
}
