package org.keycloak.credential;

import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.cache.OnUserCache;
import org.keycloak.models.cache.UserCache;
import org.keycloak.storage.AbstractStorageManager;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderFactory;
import org.keycloak.storage.UserStorageProviderModel;

/* loaded from: input_file:org/keycloak/credential/UserCredentialStoreManager.class */
public class UserCredentialStoreManager extends AbstractStorageManager<UserStorageProvider, UserStorageProviderModel> implements UserCredentialManager.Streams, OnUserCache {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/credential/UserCredentialStoreManager$UserStorageCredentialConfigured.class */
    public enum UserStorageCredentialConfigured {
        CONFIGURED,
        USER_STORAGE_DISABLED,
        NOT_CONFIGURED
    }

    public UserCredentialStoreManager(KeycloakSession keycloakSession) {
        super(keycloakSession, UserStorageProviderFactory.class, UserStorageProvider.class, UserStorageProviderModel::new, "user");
    }

    protected UserCredentialStore getStoreForUser(UserModel userModel) {
        return StorageId.isLocalStorage(userModel) ? this.session.userLocalStorage() : this.session.userFederatedStorage();
    }

    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(userModel);
        getStoreForUser(userModel).updateCredential(realmModel, userModel, credentialModel);
    }

    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(userModel);
        return getStoreForUser(userModel).createCredential(realmModel, userModel, credentialModel);
    }

    public boolean removeStoredCredential(RealmModel realmModel, UserModel userModel, String str) {
        throwExceptionIfInvalidUser(userModel);
        boolean removeStoredCredential = getStoreForUser(userModel).removeStoredCredential(realmModel, userModel, str);
        UserCache userCache = this.session.userCache();
        if (userCache != null) {
            userCache.evict(realmModel, userModel);
        }
        return removeStoredCredential;
    }

    public CredentialModel getStoredCredentialById(RealmModel realmModel, UserModel userModel, String str) {
        return getStoreForUser(userModel).getStoredCredentialById(realmModel, userModel, str);
    }

    public Stream<CredentialModel> getStoredCredentialsStream(RealmModel realmModel, UserModel userModel) {
        return getStoreForUser(userModel).getStoredCredentialsStream(realmModel, userModel);
    }

    public Stream<CredentialModel> getStoredCredentialsByTypeStream(RealmModel realmModel, UserModel userModel, String str) {
        return getStoreForUser(userModel).getStoredCredentialsByTypeStream(realmModel, userModel, str);
    }

    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, UserModel userModel, String str, String str2) {
        return getStoreForUser(userModel).getStoredCredentialByNameAndType(realmModel, userModel, str, str2);
    }

    public boolean moveCredentialTo(RealmModel realmModel, UserModel userModel, String str, String str2) {
        throwExceptionIfInvalidUser(userModel);
        return getStoreForUser(userModel).moveCredentialTo(realmModel, userModel, str, str2);
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, CredentialInput... credentialInputArr) {
        return isValid(realmModel, userModel, Arrays.asList(credentialInputArr));
    }

    public CredentialModel createCredentialThroughProvider(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(userModel);
        List list = (List) this.session.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class).stream().map(providerFactory -> {
            return this.session.getProvider(CredentialProvider.class, providerFactory.getId());
        }).filter(credentialProvider -> {
            return credentialProvider.getType().equals(credentialModel.getType());
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            return null;
        }
        return ((CredentialProvider) list.get(0)).createCredential(realmModel, userModel, ((CredentialProvider) list.get(0)).getCredentialFromModel(credentialModel));
    }

    public void updateCredentialLabel(RealmModel realmModel, UserModel userModel, String str, String str2) {
        throwExceptionIfInvalidUser(userModel);
        CredentialModel storedCredentialById = getStoredCredentialById(realmModel, userModel, str);
        storedCredentialById.setUserLabel(str2);
        getStoreForUser(userModel).updateCredential(realmModel, userModel, storedCredentialById);
        UserCache userCache = this.session.userCache();
        if (userCache != null) {
            userCache.evict(realmModel, userModel);
        }
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, List<CredentialInput> list) {
        if (!isValid(userModel)) {
            return false;
        }
        LinkedList linkedList = new LinkedList(list);
        String federationLink = StorageId.isLocalStorage(userModel) ? userModel.getFederationLink() : StorageId.resolveProviderId(userModel);
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(realmModel, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return false;
            }
            CredentialInputValidator credentialInputValidator = (CredentialInputValidator) getStorageProviderInstance(storageProviderModel, CredentialInputValidator.class);
            if (credentialInputValidator != null) {
                validate(realmModel, userModel, linkedList, credentialInputValidator);
            }
        }
        if (linkedList.isEmpty()) {
            return true;
        }
        getCredentialProviders(this.session, CredentialInputValidator.class).forEach(credentialInputValidator2 -> {
            validate(realmModel, userModel, linkedList, credentialInputValidator2);
        });
        return linkedList.isEmpty();
    }

    private void validate(RealmModel realmModel, UserModel userModel, List<CredentialInput> list, CredentialInputValidator credentialInputValidator) {
        list.removeIf(credentialInput -> {
            return credentialInputValidator.supportsCredentialType(credentialInput.getType()) && credentialInputValidator.isValid(realmModel, userModel, credentialInput);
        });
    }

    public static <T> Stream<T> getCredentialProviders(KeycloakSession keycloakSession, Class<T> cls) {
        return (Stream<T>) keycloakSession.getKeycloakSessionFactory().getProviderFactories(CredentialProvider.class).stream().filter(providerFactory -> {
            return Types.supports(cls, providerFactory, CredentialProviderFactory.class);
        }).map(providerFactory2 -> {
            return keycloakSession.getProvider(CredentialProvider.class, providerFactory2.getId());
        });
    }

    public boolean updateCredential(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) {
        String federationLink = StorageId.isLocalStorage(userModel) ? userModel.getFederationLink() : StorageId.resolveProviderId(userModel);
        if (!StorageId.isLocalStorage(userModel)) {
            throwExceptionIfInvalidUser(userModel);
        }
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(realmModel, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return false;
            }
            CredentialInputUpdater credentialInputUpdater = (CredentialInputUpdater) getStorageProviderInstance(storageProviderModel, CredentialInputUpdater.class);
            if (credentialInputUpdater != null && credentialInputUpdater.supportsCredentialType(credentialInput.getType()) && credentialInputUpdater.updateCredential(realmModel, userModel, credentialInput)) {
                return true;
            }
        }
        return getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater2 -> {
            return credentialInputUpdater2.supportsCredentialType(credentialInput.getType());
        }).anyMatch(credentialInputUpdater3 -> {
            return credentialInputUpdater3.updateCredential(realmModel, userModel, credentialInput);
        });
    }

    public void disableCredentialType(RealmModel realmModel, UserModel userModel, String str) {
        String federationLink = StorageId.isLocalStorage(userModel) ? userModel.getFederationLink() : StorageId.resolveProviderId(userModel);
        if (!StorageId.isLocalStorage(userModel)) {
            throwExceptionIfInvalidUser(userModel);
        }
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(realmModel, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return;
            }
            CredentialInputUpdater credentialInputUpdater = (CredentialInputUpdater) getStorageProviderInstance(storageProviderModel, CredentialInputUpdater.class);
            if (credentialInputUpdater.supportsCredentialType(str)) {
                credentialInputUpdater.disableCredentialType(realmModel, userModel, str);
            }
        }
        getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater2 -> {
            return credentialInputUpdater2.supportsCredentialType(str);
        }).forEach(credentialInputUpdater3 -> {
            credentialInputUpdater3.disableCredentialType(realmModel, userModel, str);
        });
    }

    public Stream<String> getDisableableCredentialTypesStream(RealmModel realmModel, UserModel userModel) {
        Stream<String> empty = Stream.empty();
        String federationLink = StorageId.isLocalStorage(userModel) ? userModel.getFederationLink() : StorageId.resolveProviderId(userModel);
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(realmModel, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return empty;
            }
            CredentialInputUpdater credentialInputUpdater = (CredentialInputUpdater) getStorageProviderInstance(storageProviderModel, CredentialInputUpdater.class);
            if (credentialInputUpdater != null) {
                empty = credentialInputUpdater.getDisableableCredentialTypesStream(realmModel, userModel);
            }
        }
        return Stream.concat(empty, getCredentialProviders(this.session, CredentialInputUpdater.class).flatMap(credentialInputUpdater2 -> {
            return credentialInputUpdater2.getDisableableCredentialTypesStream(realmModel, userModel);
        })).distinct();
    }

    public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String str) {
        switch (isConfiguredThroughUserStorage(realmModel, userModel, str)) {
            case CONFIGURED:
                return true;
            case USER_STORAGE_DISABLED:
                return false;
            default:
                return isConfiguredLocally(realmModel, userModel, str);
        }
    }

    private UserStorageCredentialConfigured isConfiguredThroughUserStorage(RealmModel realmModel, UserModel userModel, String str) {
        String federationLink = StorageId.isLocalStorage(userModel) ? userModel.getFederationLink() : StorageId.resolveProviderId(userModel);
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(realmModel, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return UserStorageCredentialConfigured.USER_STORAGE_DISABLED;
            }
            CredentialInputValidator credentialInputValidator = (CredentialInputValidator) getStorageProviderInstance(storageProviderModel, CredentialInputValidator.class);
            if (credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(realmModel, userModel, str)) {
                return UserStorageCredentialConfigured.CONFIGURED;
            }
        }
        return UserStorageCredentialConfigured.NOT_CONFIGURED;
    }

    public boolean isConfiguredLocally(RealmModel realmModel, UserModel userModel, String str) {
        return getCredentialProviders(this.session, CredentialInputValidator.class).anyMatch(credentialInputValidator -> {
            return credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(realmModel, userModel, str);
        });
    }

    public CredentialValidationOutput authenticate(KeycloakSession keycloakSession, RealmModel realmModel, CredentialInput credentialInput) {
        return (CredentialValidationOutput) Stream.concat(getEnabledStorageProviders(realmModel, CredentialAuthentication.class), getCredentialProviders(keycloakSession, CredentialAuthentication.class)).filter(credentialAuthentication -> {
            return credentialAuthentication.supportsCredentialAuthenticationFor(credentialInput.getType());
        }).map(credentialAuthentication2 -> {
            return credentialAuthentication2.authenticate(realmModel, credentialInput);
        }).findFirst().orElse(null);
    }

    public void onCache(RealmModel realmModel, CachedUserModel cachedUserModel, UserModel userModel) {
        getCredentialProviders(this.session, OnUserCache.class).forEach(onUserCache -> {
            onUserCache.onCache(realmModel, cachedUserModel, userModel);
        });
    }

    public Stream<String> getConfiguredUserStorageCredentialTypesStream(RealmModel realmModel, UserModel userModel) {
        return getCredentialProviders(this.session, CredentialProvider.class).map((v0) -> {
            return v0.getType();
        }).filter(str -> {
            return UserStorageCredentialConfigured.CONFIGURED == isConfiguredThroughUserStorage(realmModel, userModel, str);
        });
    }

    public void close() {
    }

    private boolean isValid(UserModel userModel) {
        return userModel != null && userModel.getServiceAccountClientLink() == null;
    }

    private void throwExceptionIfInvalidUser(UserModel userModel) {
        if (userModel != null && !isValid(userModel)) {
            throw new RuntimeException("You can not manage credentials for this user");
        }
    }
}
