package org.keycloak.credential;

import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.SubjectCredentialManager;
import org.keycloak.models.UserModel;
import org.keycloak.storage.AbstractStorageManager;
import org.keycloak.storage.DatastoreProvider;
import org.keycloak.storage.LegacyStoreManagers;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderFactory;
import org.keycloak.storage.UserStorageProviderModel;

/* loaded from: input_file:org/keycloak/credential/LegacyUserCredentialManager.class */
public class LegacyUserCredentialManager extends AbstractStorageManager<UserStorageProvider, UserStorageProviderModel> implements SubjectCredentialManager {
    private final UserModel user;
    private final KeycloakSession session;
    private final RealmModel realm;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/credential/LegacyUserCredentialManager$UserStorageCredentialConfigured.class */
    public enum UserStorageCredentialConfigured {
        CONFIGURED,
        USER_STORAGE_DISABLED,
        NOT_CONFIGURED
    }

    public LegacyUserCredentialManager(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        super(keycloakSession, UserStorageProviderFactory.class, UserStorageProvider.class, UserStorageProviderModel::new, "user");
        this.user = userModel;
        this.session = keycloakSession;
        this.realm = realmModel;
    }

    public boolean isValid(List<CredentialInput> list) {
        if (!isValid(this.user)) {
            return false;
        }
        LinkedList linkedList = new LinkedList(list);
        String federationLink = StorageId.isLocalStorage(this.user.getId()) ? this.user.getFederationLink() : StorageId.providerId(this.user.getId());
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(this.realm, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return false;
            }
            CredentialInputValidator credentialInputValidator = (CredentialInputValidator) getStorageProviderInstance(storageProviderModel, CredentialInputValidator.class);
            if (credentialInputValidator != null) {
                validate(this.realm, this.user, linkedList, credentialInputValidator);
            }
        }
        getCredentialProviders(this.session, CredentialInputValidator.class).forEach(credentialInputValidator2 -> {
            validate(this.realm, this.user, linkedList, credentialInputValidator2);
        });
        return linkedList.isEmpty();
    }

    public boolean updateCredential(CredentialInput credentialInput) {
        String federationLink = StorageId.isLocalStorage(this.user.getId()) ? this.user.getFederationLink() : StorageId.providerId(this.user.getId());
        if (!StorageId.isLocalStorage(this.user.getId())) {
            throwExceptionIfInvalidUser(this.user);
        }
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(this.realm, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return false;
            }
            CredentialInputUpdater credentialInputUpdater = (CredentialInputUpdater) getStorageProviderInstance(storageProviderModel, CredentialInputUpdater.class);
            if (credentialInputUpdater != null && credentialInputUpdater.supportsCredentialType(credentialInput.getType()) && credentialInputUpdater.updateCredential(this.realm, this.user, credentialInput)) {
                return true;
            }
        }
        return getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater2 -> {
            return credentialInputUpdater2.supportsCredentialType(credentialInput.getType());
        }).anyMatch(credentialInputUpdater3 -> {
            return credentialInputUpdater3.updateCredential(this.realm, this.user, credentialInput);
        });
    }

    public void updateStoredCredential(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        getStoreForUser(this.user).updateCredential(this.realm, this.user, credentialModel);
    }

    public CredentialModel createStoredCredential(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        return getStoreForUser(this.user).createCredential(this.realm, this.user, credentialModel);
    }

    public boolean removeStoredCredentialById(String str) {
        throwExceptionIfInvalidUser(this.user);
        return getStoreForUser(this.user).removeStoredCredential(this.realm, this.user, str);
    }

    public CredentialModel getStoredCredentialById(String str) {
        return getStoreForUser(this.user).getStoredCredentialById(this.realm, this.user, str);
    }

    public Stream<CredentialModel> getStoredCredentialsStream() {
        return getStoreForUser(this.user).getStoredCredentialsStream(this.realm, this.user);
    }

    public Stream<CredentialModel> getStoredCredentialsByTypeStream(String str) {
        return getStoreForUser(this.user).getStoredCredentialsByTypeStream(this.realm, this.user, str);
    }

    public CredentialModel getStoredCredentialByNameAndType(String str, String str2) {
        return getStoreForUser(this.user).getStoredCredentialByNameAndType(this.realm, this.user, str, str2);
    }

    public boolean moveStoredCredentialTo(String str, String str2) {
        throwExceptionIfInvalidUser(this.user);
        return getStoreForUser(this.user).moveCredentialTo(this.realm, this.user, str, str2);
    }

    public void updateCredentialLabel(String str, String str2) {
        throwExceptionIfInvalidUser(this.user);
        CredentialModel storedCredentialById = getStoredCredentialById(str);
        storedCredentialById.setUserLabel(str2);
        updateStoredCredential(storedCredentialById);
    }

    public void disableCredentialType(String str) {
        String federationLink = StorageId.isLocalStorage(this.user.getId()) ? this.user.getFederationLink() : StorageId.providerId(this.user.getId());
        if (!StorageId.isLocalStorage(this.user.getId())) {
            throwExceptionIfInvalidUser(this.user);
        }
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(this.realm, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return;
            }
            CredentialInputUpdater credentialInputUpdater = (CredentialInputUpdater) getStorageProviderInstance(storageProviderModel, CredentialInputUpdater.class);
            if (credentialInputUpdater.supportsCredentialType(str)) {
                credentialInputUpdater.disableCredentialType(this.realm, this.user, str);
            }
        }
        getCredentialProviders(this.session, CredentialInputUpdater.class).filter(credentialInputUpdater2 -> {
            return credentialInputUpdater2.supportsCredentialType(str);
        }).forEach(credentialInputUpdater3 -> {
            credentialInputUpdater3.disableCredentialType(this.realm, this.user, str);
        });
    }

    public Stream<String> getDisableableCredentialTypesStream() {
        Stream<String> empty = Stream.empty();
        String federationLink = StorageId.isLocalStorage(this.user) ? this.user.getFederationLink() : StorageId.resolveProviderId(this.user);
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(this.realm, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return empty;
            }
            CredentialInputUpdater credentialInputUpdater = (CredentialInputUpdater) getStorageProviderInstance(storageProviderModel, CredentialInputUpdater.class);
            if (credentialInputUpdater != null) {
                empty = credentialInputUpdater.getDisableableCredentialTypesStream(this.realm, this.user);
            }
        }
        return Stream.concat(empty, getCredentialProviders(this.session, CredentialInputUpdater.class).flatMap(credentialInputUpdater2 -> {
            return credentialInputUpdater2.getDisableableCredentialTypesStream(this.realm, this.user);
        })).distinct();
    }

    public boolean isConfiguredFor(String str) {
        switch (isConfiguredThroughUserStorage(this.realm, this.user, str)) {
            case CONFIGURED:
                return true;
            case USER_STORAGE_DISABLED:
                return false;
            default:
                return isConfiguredLocally(str);
        }
    }

    public boolean isConfiguredLocally(String str) {
        return getCredentialProviders(this.session, CredentialInputValidator.class).anyMatch(credentialInputValidator -> {
            return credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(this.realm, this.user, str);
        });
    }

    public Stream<String> getConfiguredUserStorageCredentialTypesStream() {
        return getCredentialProviders(this.session, CredentialProvider.class).map((v0) -> {
            return v0.getType();
        }).filter(str -> {
            return UserStorageCredentialConfigured.CONFIGURED == isConfiguredThroughUserStorage(this.realm, this.user, str);
        });
    }

    public CredentialModel createCredentialThroughProvider(CredentialModel credentialModel) {
        throwExceptionIfInvalidUser(this.user);
        return (CredentialModel) this.session.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).map(providerFactory -> {
            return this.session.getProvider(CredentialProvider.class, providerFactory.getId());
        }).filter(credentialProvider -> {
            return Objects.equals(credentialProvider.getType(), credentialModel.getType());
        }).map(credentialProvider2 -> {
            return credentialProvider2.createCredential(this.realm, this.user, credentialProvider2.getCredentialFromModel(credentialModel));
        }).findFirst().orElse(null);
    }

    private UserStorageCredentialConfigured isConfiguredThroughUserStorage(RealmModel realmModel, UserModel userModel, String str) {
        String federationLink = StorageId.isLocalStorage(userModel) ? userModel.getFederationLink() : StorageId.resolveProviderId(userModel);
        if (federationLink != null) {
            UserStorageProviderModel storageProviderModel = getStorageProviderModel(realmModel, federationLink);
            if (storageProviderModel == null || !storageProviderModel.isEnabled()) {
                return UserStorageCredentialConfigured.USER_STORAGE_DISABLED;
            }
            CredentialInputValidator credentialInputValidator = (CredentialInputValidator) getStorageProviderInstance(storageProviderModel, CredentialInputValidator.class);
            if (credentialInputValidator != null && credentialInputValidator.supportsCredentialType(str) && credentialInputValidator.isConfiguredFor(realmModel, userModel, str)) {
                return UserStorageCredentialConfigured.CONFIGURED;
            }
        }
        return UserStorageCredentialConfigured.NOT_CONFIGURED;
    }

    private boolean isValid(UserModel userModel) {
        Objects.requireNonNull(userModel);
        return userModel.getServiceAccountClientLink() == null;
    }

    private void validate(RealmModel realmModel, UserModel userModel, List<CredentialInput> list, CredentialInputValidator credentialInputValidator) {
        list.removeIf(credentialInput -> {
            return credentialInputValidator.supportsCredentialType(credentialInput.getType()) && credentialInputValidator.isValid(realmModel, userModel, credentialInput);
        });
    }

    private static <T> Stream<T> getCredentialProviders(KeycloakSession keycloakSession, Class<T> cls) {
        return (Stream<T>) keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).filter(providerFactory -> {
            return Types.supports(cls, providerFactory, CredentialProviderFactory.class);
        }).map(providerFactory2 -> {
            return keycloakSession.getProvider(CredentialProvider.class, providerFactory2.getId());
        });
    }

    private void throwExceptionIfInvalidUser(UserModel userModel) {
        if (!isValid(userModel)) {
            throw new RuntimeException("You can not manage credentials for this user");
        }
    }

    private UserCredentialStore getStoreForUser(UserModel userModel) {
        LegacyStoreManagers provider = this.session.getProvider(DatastoreProvider.class);
        return StorageId.isLocalStorage(userModel.getId()) ? provider.userLocalStorage() : provider.userFederatedStorage();
    }
}
