package org.keycloak.credential;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.cache.OnUserCache;
import org.keycloak.provider.ProviderFactory;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageManager;
import org.keycloak.storage.UserStorageProvider;

/* loaded from: input_file:org/keycloak/credential/UserCredentialStoreManager.class */
public class UserCredentialStoreManager implements UserCredentialManager, OnUserCache {
    protected KeycloakSession session;

    public UserCredentialStoreManager(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    protected UserCredentialStore getStoreForUser(UserModel userModel) {
        return StorageId.isLocalStorage(userModel) ? this.session.userLocalStorage() : this.session.userFederatedStorage();
    }

    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        getStoreForUser(userModel).updateCredential(realmModel, userModel, credentialModel);
    }

    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        return getStoreForUser(userModel).createCredential(realmModel, userModel, credentialModel);
    }

    public boolean removeStoredCredential(RealmModel realmModel, UserModel userModel, String str) {
        return getStoreForUser(userModel).removeStoredCredential(realmModel, userModel, str);
    }

    public CredentialModel getStoredCredentialById(RealmModel realmModel, UserModel userModel, String str) {
        return getStoreForUser(userModel).getStoredCredentialById(realmModel, userModel, str);
    }

    public List<CredentialModel> getStoredCredentials(RealmModel realmModel, UserModel userModel) {
        return getStoreForUser(userModel).getStoredCredentials(realmModel, userModel);
    }

    public List<CredentialModel> getStoredCredentialsByType(RealmModel realmModel, UserModel userModel, String str) {
        return getStoreForUser(userModel).getStoredCredentialsByType(realmModel, userModel, str);
    }

    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, UserModel userModel, String str, String str2) {
        return getStoreForUser(userModel).getStoredCredentialByNameAndType(realmModel, userModel, str, str2);
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, CredentialInput... credentialInputArr) {
        return isValid(realmModel, userModel, Arrays.asList(credentialInputArr));
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, List<CredentialInput> list) {
        UserStorageProvider storageProvider;
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(list);
        if (!StorageId.isLocalStorage(userModel)) {
            CredentialInputValidator storageProvider2 = UserStorageManager.getStorageProvider(this.session, realmModel, StorageId.resolveProviderId(userModel));
            if (storageProvider2 instanceof CredentialInputValidator) {
                Iterator<CredentialInput> it = linkedList.iterator();
                while (it.hasNext()) {
                    CredentialInput next = it.next();
                    CredentialInputValidator credentialInputValidator = storageProvider2;
                    if (credentialInputValidator.supportsCredentialType(next.getType()) && credentialInputValidator.isValid(realmModel, userModel, next)) {
                        it.remove();
                    }
                }
            }
        } else if (userModel.getFederationLink() != null && (storageProvider = UserStorageManager.getStorageProvider(this.session, realmModel, userModel.getFederationLink())) != null && (storageProvider instanceof CredentialInputValidator)) {
            validate(realmModel, userModel, linkedList, (CredentialInputValidator) storageProvider);
        }
        if (linkedList.isEmpty()) {
            return true;
        }
        Iterator it2 = getCredentialProviders(realmModel, CredentialInputValidator.class).iterator();
        while (it2.hasNext()) {
            validate(realmModel, userModel, linkedList, (CredentialInputValidator) it2.next());
        }
        return linkedList.isEmpty();
    }

    private void validate(RealmModel realmModel, UserModel userModel, List<CredentialInput> list, CredentialInputValidator credentialInputValidator) {
        Iterator<CredentialInput> it = list.iterator();
        while (it.hasNext()) {
            CredentialInput next = it.next();
            if (credentialInputValidator.supportsCredentialType(next.getType()) && credentialInputValidator.isValid(realmModel, userModel, next)) {
                it.remove();
            }
        }
    }

    protected <T> List<T> getCredentialProviders(RealmModel realmModel, Class<T> cls) {
        LinkedList linkedList = new LinkedList();
        for (ProviderFactory providerFactory : this.session.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class)) {
            if (Types.supports(cls, providerFactory, CredentialProviderFactory.class)) {
                linkedList.add(this.session.getProvider(CredentialProvider.class, providerFactory.getId()));
            }
        }
        return linkedList;
    }

    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) {
        CredentialInputUpdater storageProvider;
        if (!StorageId.isLocalStorage(userModel)) {
            CredentialInputUpdater storageProvider2 = UserStorageManager.getStorageProvider(this.session, realmModel, StorageId.resolveProviderId(userModel));
            if (storageProvider2 instanceof CredentialInputUpdater) {
                CredentialInputUpdater credentialInputUpdater = storageProvider2;
                if (credentialInputUpdater.supportsCredentialType(credentialInput.getType()) && credentialInputUpdater.updateCredential(realmModel, userModel, credentialInput)) {
                    return;
                }
            }
        } else if (userModel.getFederationLink() != null && (storageProvider = UserStorageManager.getStorageProvider(this.session, realmModel, userModel.getFederationLink())) != null && (storageProvider instanceof CredentialInputUpdater) && storageProvider.updateCredential(realmModel, userModel, credentialInput)) {
            return;
        }
        for (CredentialInputUpdater credentialInputUpdater2 : getCredentialProviders(realmModel, CredentialInputUpdater.class)) {
            if (credentialInputUpdater2.supportsCredentialType(credentialInput.getType()) && credentialInputUpdater2.updateCredential(realmModel, userModel, credentialInput)) {
                return;
            }
        }
    }

    public void disableCredentialType(RealmModel realmModel, UserModel userModel, String str) {
        CredentialInputUpdater storageProvider;
        if (!StorageId.isLocalStorage(userModel)) {
            CredentialInputUpdater storageProvider2 = UserStorageManager.getStorageProvider(this.session, realmModel, StorageId.resolveProviderId(userModel));
            if (storageProvider2 instanceof CredentialInputUpdater) {
                CredentialInputUpdater credentialInputUpdater = storageProvider2;
                if (credentialInputUpdater.supportsCredentialType(str)) {
                    credentialInputUpdater.disableCredentialType(realmModel, userModel, str);
                }
            }
        } else if (userModel.getFederationLink() != null && (storageProvider = UserStorageManager.getStorageProvider(this.session, realmModel, userModel.getFederationLink())) != null && (storageProvider instanceof CredentialInputUpdater)) {
            storageProvider.disableCredentialType(realmModel, userModel, str);
        }
        for (CredentialInputUpdater credentialInputUpdater2 : getCredentialProviders(realmModel, CredentialInputUpdater.class)) {
            if (credentialInputUpdater2.supportsCredentialType(str)) {
                credentialInputUpdater2.disableCredentialType(realmModel, userModel, str);
            }
        }
    }

    public Set<String> getDisableableCredentialTypes(RealmModel realmModel, UserModel userModel) {
        CredentialInputUpdater storageProvider;
        HashSet hashSet = new HashSet();
        if (!StorageId.isLocalStorage(userModel)) {
            CredentialInputUpdater storageProvider2 = UserStorageManager.getStorageProvider(this.session, realmModel, StorageId.resolveProviderId(userModel));
            if (storageProvider2 instanceof CredentialInputUpdater) {
                hashSet.addAll(storageProvider2.getDisableableCredentialTypes(realmModel, userModel));
            }
        } else if (userModel.getFederationLink() != null && (storageProvider = UserStorageManager.getStorageProvider(this.session, realmModel, userModel.getFederationLink())) != null && (storageProvider instanceof CredentialInputUpdater)) {
            hashSet.addAll(storageProvider.getDisableableCredentialTypes(realmModel, userModel));
        }
        Iterator it = getCredentialProviders(realmModel, CredentialInputUpdater.class).iterator();
        while (it.hasNext()) {
            hashSet.addAll(((CredentialInputUpdater) it.next()).getDisableableCredentialTypes(realmModel, userModel));
        }
        return hashSet;
    }

    public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String str) {
        CredentialInputValidator storageProvider;
        if (!StorageId.isLocalStorage(userModel)) {
            CredentialInputValidator storageProvider2 = UserStorageManager.getStorageProvider(this.session, realmModel, StorageId.resolveProviderId(userModel));
            if (storageProvider2 instanceof CredentialInputValidator) {
                CredentialInputValidator credentialInputValidator = storageProvider2;
                if (credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(realmModel, userModel, str)) {
                    return true;
                }
            }
        } else if (userModel.getFederationLink() != null && (storageProvider = UserStorageManager.getStorageProvider(this.session, realmModel, userModel.getFederationLink())) != null && (storageProvider instanceof CredentialInputValidator) && storageProvider.isConfiguredFor(realmModel, userModel, str)) {
            return true;
        }
        return isConfiguredLocally(realmModel, userModel, str);
    }

    public boolean isConfiguredLocally(RealmModel realmModel, UserModel userModel, String str) {
        for (CredentialInputValidator credentialInputValidator : getCredentialProviders(realmModel, CredentialInputValidator.class)) {
            if (credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(realmModel, userModel, str)) {
                return true;
            }
        }
        return false;
    }

    public CredentialValidationOutput authenticate(KeycloakSession keycloakSession, RealmModel realmModel, CredentialInput credentialInput) {
        CredentialValidationOutput authenticate;
        CredentialValidationOutput authenticate2;
        for (CredentialAuthentication credentialAuthentication : UserStorageManager.getStorageProviders(keycloakSession, realmModel, CredentialAuthentication.class)) {
            if (credentialAuthentication.supportsCredentialAuthenticationFor(credentialInput.getType()) && (authenticate2 = credentialAuthentication.authenticate(realmModel, credentialInput)) != null) {
                return authenticate2;
            }
        }
        for (CredentialAuthentication credentialAuthentication2 : getCredentialProviders(realmModel, CredentialAuthentication.class)) {
            if (credentialAuthentication2.supportsCredentialAuthenticationFor(credentialInput.getType()) && (authenticate = credentialAuthentication2.authenticate(realmModel, credentialInput)) != null) {
                return authenticate;
            }
        }
        return null;
    }

    public void onCache(RealmModel realmModel, CachedUserModel cachedUserModel, UserModel userModel) {
        Iterator it = getCredentialProviders(realmModel, OnUserCache.class).iterator();
        while (it.hasNext()) {
            ((OnUserCache) it.next()).onCache(realmModel, cachedUserModel, userModel);
        }
    }

    public void close() {
    }
}
