package org.openremote.manager.security;

import jakarta.persistence.Query;
import jakarta.persistence.Tuple;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import java.util.stream.Stream;
import org.openremote.container.persistence.PersistenceService;
import org.openremote.container.security.AuthContext;
import org.openremote.container.security.IdentityProvider;
import org.openremote.manager.syslog.SyslogService;
import org.openremote.model.event.shared.RealmFilter;
import org.openremote.model.query.AssetQuery;
import org.openremote.model.query.UserQuery;
import org.openremote.model.query.filter.StringPredicate;
import org.openremote.model.security.ClientRole;
import org.openremote.model.security.Credential;
import org.openremote.model.security.Realm;
import org.openremote.model.security.Role;
import org.openremote.model.security.User;
import org.openremote.model.security.UserAttribute;
import org.openremote.model.util.TextUtil;

/* loaded from: input_file:org/openremote/manager/security/ManagerIdentityProvider.class */
public interface ManagerIdentityProvider extends IdentityProvider {

    /* renamed from: org.openremote.manager.security.ManagerIdentityProvider$1, reason: invalid class name */
    /* loaded from: input_file:org/openremote/manager/security/ManagerIdentityProvider$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openremote$model$query$UserQuery$OrderBy$Property = new int[UserQuery.OrderBy.Property.values().length];

        static {
            try {
                $SwitchMap$org$openremote$model$query$UserQuery$OrderBy$Property[UserQuery.OrderBy.Property.CREATED_ON.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openremote$model$query$UserQuery$OrderBy$Property[UserQuery.OrderBy.Property.FIRST_NAME.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openremote$model$query$UserQuery$OrderBy$Property[UserQuery.OrderBy.Property.LAST_NAME.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$openremote$model$query$UserQuery$OrderBy$Property[UserQuery.OrderBy.Property.USERNAME.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$openremote$model$query$UserQuery$OrderBy$Property[UserQuery.OrderBy.Property.EMAIL.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    User[] queryUsers(UserQuery userQuery);

    User getUser(String str);

    User getUserByUsername(String str, String str2);

    User createUpdateUser(String str, User user, String str2, boolean z);

    void deleteUser(String str, String str2);

    void resetPassword(String str, String str2, Credential credential);

    String resetSecret(String str, String str2, String str3);

    Role[] getRoles(String str, String str2);

    void updateClientRoles(String str, String str2, Role[] roleArr);

    Role[] getUserRoles(String str, String str2, String str3);

    Role[] getUserRealmRoles(String str, String str2);

    void updateUserRoles(String str, String str2, String str3, String... strArr);

    void updateUserRealmRoles(String str, String str2, String... strArr);

    boolean isMasterRealmAdmin(String str);

    boolean isRestrictedUser(AuthContext authContext);

    boolean isUserInRealm(String str, String str2);

    Realm[] getRealms();

    Realm getRealm(String str);

    void updateRealm(Realm realm);

    Realm createRealm(Realm realm);

    void deleteRealm(String str);

    boolean isRealmActiveAndAccessible(AuthContext authContext, Realm realm);

    boolean isRealmActiveAndAccessible(AuthContext authContext, String str);

    boolean realmExists(String str);

    boolean canSubscribeWith(AuthContext authContext, RealmFilter<?> realmFilter, ClientRole... clientRoleArr);

    String getFrontendURI();

    default String[] addRealmRoles(String str, String str2, String... strArr) {
        Set set = (Set) Arrays.stream(getUserRealmRoles(str, str2)).filter(role -> {
            return role.isAssigned().booleanValue() || Arrays.stream(strArr).anyMatch(str3 -> {
                return role.getName().equals(str3);
            });
        }).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toCollection(LinkedHashSet::new));
        set.addAll(Arrays.asList(strArr));
        return (String[]) set.toArray(new String[0]);
    }

    static User[] getUsersFromDb(PersistenceService persistenceService, UserQuery userQuery) {
        StringBuilder sb = new StringBuilder();
        ArrayList arrayList = new ArrayList();
        UserQuery userQuery2 = userQuery != null ? userQuery : new UserQuery();
        if (userQuery2.serviceUsers != null) {
            if (userQuery2.usernames == null) {
                userQuery2.usernames = new StringPredicate[1];
                StringPredicate[] stringPredicateArr = new StringPredicate[1];
                stringPredicateArr[0] = new StringPredicate(AssetQuery.Match.BEGIN, "service-account-").negate(!userQuery2.serviceUsers.booleanValue());
                userQuery2.usernames(stringPredicateArr);
            } else {
                userQuery2.usernames = (StringPredicate[]) Arrays.copyOf(userQuery2.usernames, userQuery2.usernames.length + 1);
                userQuery2.usernames[userQuery2.usernames.length - 1] = new StringPredicate(AssetQuery.Match.BEGIN, "service-account-").negate(!userQuery2.serviceUsers.booleanValue());
            }
        }
        sb.append("SELECT u.*, (SELECT C.SECRET FROM PUBLIC.CLIENT C WHERE C.ID = SERVICE_ACCOUNT_CLIENT_LINK) as secret, r.name as realm");
        sb.append(" FROM public.user_entity u join PUBLIC.REALM r on r.ID = u.REALM_ID");
        if (userQuery2.assets != null || userQuery2.pathPredicate != null) {
            sb.append(" join user_asset_link ua on ua.user_id = u.id");
        }
        sb.append(" WHERE TRUE");
        if (userQuery2.realmPredicate != null && !TextUtil.isNullOrEmpty(userQuery2.realmPredicate.name)) {
            sb.append(" AND r.name = ?").append(arrayList.size() + 1);
            arrayList.add(userQuery2.realmPredicate.name);
        }
        if (userQuery2.assets != null) {
            sb.append(" AND ua.asset_id IN (?").append(arrayList.size() + 1).append(")");
            arrayList.add(Arrays.asList(userQuery2.assets));
        }
        if (userQuery2.pathPredicate != null && userQuery2.pathPredicate.path != null && userQuery2.pathPredicate.path.length > 0) {
            sb.append(" AND ?").append(arrayList.size() + 1).append("\\:\\:text[] <@ get_asset_tree_path(ua.asset_id)");
            arrayList.add("{" + String.join(",", userQuery2.pathPredicate.path) + "}");
        }
        if (userQuery2.ids != null && userQuery2.ids.length > 0) {
            sb.append(" AND u.id IN (?").append(arrayList.size() + 1).append(")");
            arrayList.add(Arrays.asList(userQuery2.ids));
        }
        if (userQuery2.usernames != null && userQuery2.usernames.length > 0) {
            sb.append(" and (FALSE");
            for (StringPredicate stringPredicate : userQuery2.usernames) {
                int size = arrayList.size() + 1;
                stringPredicate.caseSensitive = false;
                sb.append(" or upper(u.username)");
                sb.append(StringPredicate.toSQLParameter(stringPredicate, size, false));
                arrayList.add(stringPredicate.prepareValue());
            }
            sb.append(")");
        }
        boolean z = userQuery2.clientRoles != null && userQuery2.clientRoles.length > 0;
        boolean z2 = userQuery2.realmRoles != null && userQuery2.realmRoles.length > 0;
        if (z || z2) {
            sb.append(" and (FALSE");
            BiConsumer biConsumer = (stringPredicateArr2, bool) -> {
                Arrays.stream(stringPredicateArr2).forEach(stringPredicate2 -> {
                    sb.append(" OR ");
                    if (stringPredicate2.negate) {
                        sb.append("NOT ");
                    }
                    sb.append("EXISTS (SELECT urm.user_id from public.user_role_mapping urm join public.keycloak_role kr on urm.role_id = kr.id where urm.user_id = u.id and ");
                    if (!bool.booleanValue()) {
                        sb.append("not ");
                    }
                    sb.append("kr.client_role and");
                    sb.append(stringPredicate2.caseSensitive ? " kr.name" : " upper(kr.name)");
                    sb.append(StringPredicate.toSQLParameter(stringPredicate2, arrayList.size() + 1, stringPredicate2.negate));
                    arrayList.add(stringPredicate2.prepareValue());
                    sb.append(")");
                });
            };
            if (z) {
                biConsumer.accept(userQuery2.clientRoles, true);
            }
            if (z2) {
                biConsumer.accept(userQuery2.realmRoles, false);
            }
            sb.append(")");
        }
        if (userQuery2.attributes != null && userQuery2.attributes.length > 0) {
            sb.append(" AND (TRUE");
            Arrays.stream(userQuery2.attributes).forEach(attributeValuePredicate -> {
                sb.append(" AND ");
                if (attributeValuePredicate.negated) {
                    sb.append("NOT ");
                }
                sb.append("EXISTS (SELECT att.user_id from public.user_attribute att where att.user_id = u.id and");
                sb.append(attributeValuePredicate.name.caseSensitive ? " att.name" : " upper(att.name)");
                sb.append(StringPredicate.toSQLParameter(attributeValuePredicate.name, arrayList.size() + 1, attributeValuePredicate.negated));
                arrayList.add(attributeValuePredicate.name.prepareValue());
                if (attributeValuePredicate.value != null) {
                    sb.append(" and ");
                    sb.append(attributeValuePredicate.name.caseSensitive ? "att.value" : "upper(att.value)");
                    sb.append(StringPredicate.toSQLParameter(attributeValuePredicate.value, arrayList.size() + 1, attributeValuePredicate.negated));
                    arrayList.add(attributeValuePredicate.value.prepareValue());
                }
                sb.append(")");
            });
            sb.append(")");
        }
        if (userQuery2.orderBy != null && userQuery2.orderBy.property != null) {
            sb.append(" ORDER BY");
            switch (AnonymousClass1.$SwitchMap$org$openremote$model$query$UserQuery$OrderBy$Property[userQuery2.orderBy.property.ordinal()]) {
                case 1:
                    sb.append(" u.created_on");
                    break;
                case 2:
                    sb.append(" u.first_name");
                    break;
                case 3:
                    sb.append(" u.last_name");
                    break;
                case 4:
                    sb.append(" replace(u.username, '").append("service-account-").append("', '')");
                    break;
                case SyslogService.OR_SYSLOG_MAX_AGE_DAYS_DEFAULT /* 5 */:
                    sb.append(" u.email");
                    break;
                default:
                    throw new UnsupportedOperationException("Unsupported order by value: " + String.valueOf(userQuery2.orderBy.property));
            }
            if (userQuery2.orderBy.descending) {
                sb.append(" DESC");
            }
        }
        List list = (List) persistenceService.doReturningTransaction(entityManager -> {
            Query createNativeQuery = entityManager.createNativeQuery(sb.toString(), User.class);
            IntStream.rangeClosed(1, arrayList.size()).forEach(i -> {
                createNativeQuery.setParameter(i, arrayList.get(i - 1));
            });
            if (userQuery2.limit != null && userQuery2.limit.intValue() > 0) {
                createNativeQuery.setMaxResults(userQuery2.limit.intValue());
            }
            if (userQuery2.offset != null && userQuery2.offset.intValue() > 0) {
                createNativeQuery.setFirstResult(userQuery.offset.intValue());
            }
            return createNativeQuery.getResultList();
        });
        if (userQuery2.select != null && userQuery2.select.basic) {
            list.forEach(user -> {
                user.setAttributes((UserAttribute[]) null);
                user.setEmail((String) null);
                user.setRealmId((String) null);
                user.setSecret((String) null);
            });
        }
        return (User[]) list.toArray(new User[0]);
    }

    static User getUserByUsernameFromDb(PersistenceService persistenceService, String str, String str2) {
        return (User) persistenceService.doReturningTransaction(entityManager -> {
            List resultList = entityManager.createQuery("select u from User u where u.realm = :realm and u.username = :username", User.class).setParameter("realm", str).setParameter("username", str2).getResultList();
            if (resultList.size() > 0) {
                return (User) resultList.get(0);
            }
            return null;
        });
    }

    static User getUserByIdFromDb(PersistenceService persistenceService, String str) {
        return (User) persistenceService.doReturningTransaction(entityManager -> {
            List resultList = entityManager.createQuery("select u from User u where u.id = :userId", User.class).setParameter("userId", str).getResultList();
            if (resultList.size() > 0) {
                return (User) resultList.get(0);
            }
            return null;
        });
    }

    static List<String> getUserIds(PersistenceService persistenceService, String str, List<String> list) {
        List list2 = list.stream().map((v0) -> {
            return v0.toLowerCase();
        }).toList();
        return (List) persistenceService.doReturningTransaction(entityManager -> {
            Map map = (Map) entityManager.createQuery("select u.username, u.id from User u join Realm r on r.id = u.realmId where u.username in :usernames and r.name = :realm", Tuple.class).setParameter("usernames", list2).setParameter("realm", str).getResultList().stream().collect(Collectors.toMap(tuple -> {
                return (String) tuple.get(0);
            }, tuple2 -> {
                return (String) tuple2.get(1);
            }));
            Stream stream = list2.stream();
            Objects.requireNonNull(map);
            return (List) stream.map((v1) -> {
                return r1.get(v1);
            }).collect(Collectors.toList());
        });
    }

    static Realm[] getRealmsFromDb(PersistenceService persistenceService) {
        return (Realm[]) persistenceService.doReturningTransaction(entityManager -> {
            List resultList = entityManager.createNativeQuery("select *, (select ra.VALUE from PUBLIC.REALM_ATTRIBUTE ra where ra.REALM_ID = r.ID and ra.name = 'displayName') as displayName from public.realm r  where r.not_before is null or r.not_before = 0 or r.not_before <= extract('epoch' from now())", Realm.class).getResultList();
            resultList.sort((realm, realm2) -> {
                if (realm.getName().equals("master")) {
                    return -1;
                }
                if (realm2.getName().equals("master")) {
                    return 1;
                }
                return realm.getName().compareTo(realm2.getName());
            });
            resultList.forEach(realm3 -> {
                realm3.getRealmRoles().size();
            });
            return (Realm[]) resultList.toArray(new Realm[resultList.size()]);
        });
    }

    static Realm getRealmFromDb(PersistenceService persistenceService, String str) {
        return (Realm) persistenceService.doReturningTransaction(entityManager -> {
            List resultList = entityManager.createQuery("select r from Realm r where r.name = :realm", Realm.class).setParameter("realm", str).getResultList();
            resultList.forEach(realm -> {
                realm.getRealmRoles().size();
            });
            if (resultList.size() == 1) {
                return (Realm) resultList.get(0);
            }
            return null;
        });
    }

    static boolean realmExistsFromDb(PersistenceService persistenceService, String str) {
        return ((Boolean) persistenceService.doReturningTransaction(entityManager -> {
            return Boolean.valueOf(((Long) entityManager.createNativeQuery("select count(*) from public.realm r where r.name = :realm and r.enabled = true and (r.not_before is null or r.not_before = 0 or r.not_before <= extract('epoch' from now()))", Long.class).setParameter("realm", str).getSingleResult()).longValue() > 0);
        })).booleanValue();
    }

    static boolean userInRealmFromDb(PersistenceService persistenceService, String str, String str2) {
        return ((Boolean) persistenceService.doReturningTransaction(entityManager -> {
            User user = (User) entityManager.find(User.class, str);
            return Boolean.valueOf(user != null && str2.equals(user.getRealm()));
        })).booleanValue();
    }
}
