package org.keycloak.models.jpa;

import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
import javax.persistence.EntityManager;
import javax.persistence.LockModeType;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Base64;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.UserCredentialStore;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.jpa.entities.CredentialEntity;
import org.keycloak.models.jpa.entities.UserEntity;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:BOOT-INF/lib/keycloak-model-jpa-11.0.2.jar:org/keycloak/models/jpa/JpaUserCredentialStore.class */
public class JpaUserCredentialStore implements UserCredentialStore {
    public static final int PRIORITY_DIFFERENCE = 10;
    protected static final Logger logger = Logger.getLogger((Class<?>) JpaUserCredentialStore.class);
    private final KeycloakSession session;
    protected final EntityManager em;

    public JpaUserCredentialStore(KeycloakSession keycloakSession, EntityManager entityManager) {
        this.session = keycloakSession;
        this.em = entityManager;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public void updateCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        CredentialEntity credentialEntity = (CredentialEntity) this.em.find(CredentialEntity.class, credentialModel.getId());
        if (checkCredentialEntity(credentialEntity, userModel)) {
            credentialEntity.setCreatedDate(credentialModel.getCreatedDate());
            credentialEntity.setUserLabel(credentialModel.getUserLabel());
            credentialEntity.setType(credentialModel.getType());
            credentialEntity.setSecretData(credentialModel.getSecretData());
            credentialEntity.setCredentialData(credentialModel.getCredentialData());
        }
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        return toModel(createCredentialEntity(realmModel, userModel, credentialModel));
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public boolean removeStoredCredential(RealmModel realmModel, UserModel userModel, String str) {
        return removeCredentialEntity(realmModel, userModel, str) != null;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel getStoredCredentialById(RealmModel realmModel, UserModel userModel, String str) {
        CredentialEntity credentialEntity = (CredentialEntity) this.em.find(CredentialEntity.class, str);
        if (checkCredentialEntity(credentialEntity, userModel)) {
            return toModel(credentialEntity);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialModel toModel(CredentialEntity credentialEntity) {
        CredentialModel credentialModel = new CredentialModel();
        credentialModel.setId(credentialEntity.getId());
        credentialModel.setType(credentialEntity.getType());
        credentialModel.setCreatedDate(credentialEntity.getCreatedDate());
        credentialModel.setUserLabel(credentialEntity.getUserLabel());
        if (credentialEntity.getSalt() != null) {
            credentialEntity.setSecretData(credentialEntity.getSecretData().replace("__SALT__", Base64.encodeBytes(credentialEntity.getSalt())));
            credentialEntity.setSalt(null);
        }
        credentialModel.setSecretData(credentialEntity.getSecretData());
        credentialModel.setCredentialData(credentialEntity.getCredentialData());
        return credentialModel;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public List<CredentialModel> getStoredCredentials(RealmModel realmModel, UserModel userModel) {
        return (List) getStoredCredentialEntities(realmModel, userModel).stream().map(this::toModel).collect(Collectors.toList());
    }

    private List<CredentialEntity> getStoredCredentialEntities(RealmModel realmModel, UserModel userModel) {
        return this.em.createNamedQuery("credentialByUser", CredentialEntity.class).setParameter("user", this.em.getReference(UserEntity.class, userModel.getId())).getResultList();
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public List<CredentialModel> getStoredCredentialsByType(RealmModel realmModel, UserModel userModel, String str) {
        return (List) getStoredCredentials(realmModel, userModel).stream().filter(credentialModel -> {
            return str.equals(credentialModel.getType());
        }).collect(Collectors.toList());
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public CredentialModel getStoredCredentialByNameAndType(RealmModel realmModel, UserModel userModel, String str, String str2) {
        List list = (List) getStoredCredentials(realmModel, userModel).stream().filter(credentialModel -> {
            return str2.equals(credentialModel.getType()) && str.equals(credentialModel.getUserLabel());
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            return null;
        }
        return (CredentialModel) list.get(0);
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialEntity createCredentialEntity(RealmModel realmModel, UserModel userModel, CredentialModel credentialModel) {
        CredentialEntity credentialEntity = new CredentialEntity();
        credentialEntity.setId(credentialModel.getId() == null ? KeycloakModelUtils.generateId() : credentialModel.getId());
        credentialEntity.setCreatedDate(credentialModel.getCreatedDate());
        credentialEntity.setUserLabel(credentialModel.getUserLabel());
        credentialEntity.setType(credentialModel.getType());
        credentialEntity.setSecretData(credentialModel.getSecretData());
        credentialEntity.setCredentialData(credentialModel.getCredentialData());
        credentialEntity.setUser((UserEntity) this.em.getReference(UserEntity.class, userModel.getId()));
        List<CredentialEntity> storedCredentialEntities = getStoredCredentialEntities(realmModel, userModel);
        credentialEntity.setPriority(storedCredentialEntities.isEmpty() ? 10 : storedCredentialEntities.get(storedCredentialEntities.size() - 1).getPriority() + 10);
        this.em.persist(credentialEntity);
        return credentialEntity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialEntity removeCredentialEntity(RealmModel realmModel, UserModel userModel, String str) {
        CredentialEntity credentialEntity = (CredentialEntity) this.em.find(CredentialEntity.class, str, LockModeType.PESSIMISTIC_WRITE);
        if (!checkCredentialEntity(credentialEntity, userModel)) {
            return null;
        }
        int priority = credentialEntity.getPriority();
        for (CredentialEntity credentialEntity2 : getStoredCredentialEntities(realmModel, userModel)) {
            if (credentialEntity2.getPriority() > priority) {
                credentialEntity2.setPriority(credentialEntity2.getPriority() - 10);
            }
        }
        this.em.remove(credentialEntity);
        this.em.flush();
        return credentialEntity;
    }

    @Override // org.keycloak.credential.UserCredentialStore
    public boolean moveCredentialTo(RealmModel realmModel, UserModel userModel, String str, String str2) {
        List<CredentialEntity> storedCredentialEntities = getStoredCredentialEntities(realmModel, userModel);
        ArrayList<CredentialEntity> arrayList = new ArrayList();
        arrayList.addAll(storedCredentialEntities);
        int i = -1;
        int i2 = -1;
        CredentialEntity credentialEntity = null;
        int i3 = 0;
        for (CredentialEntity credentialEntity2 : arrayList) {
            if (str.equals(credentialEntity2.getId())) {
                i = i3;
                credentialEntity = credentialEntity2;
            } else if (str2 != null && str2.equals(credentialEntity2.getId())) {
                i2 = i3;
            }
            i3++;
        }
        if (i == -1) {
            logger.warnf("Not found credential with id [%s] of user [%s]", str, userModel.getUsername());
            return false;
        }
        if (str2 != null && i2 == -1) {
            logger.warnf("Can't move up credential with id [%s] of user [%s]", str, userModel.getUsername());
            return false;
        }
        int i4 = str2 == null ? 0 : i2 + 1;
        arrayList.add(i4, credentialEntity);
        arrayList.remove(i4 < i ? i + 1 : i);
        int i5 = 0;
        for (CredentialEntity credentialEntity3 : arrayList) {
            i5 += 10;
            if (credentialEntity3.getPriority() != i5) {
                credentialEntity3.setPriority(i5);
                logger.tracef("Priority of credential [%s] of user [%s] changed to [%d]", credentialEntity3.getId(), userModel.getUsername(), Integer.valueOf(i5));
            }
        }
        return true;
    }

    private boolean checkCredentialEntity(CredentialEntity credentialEntity, UserModel userModel) {
        return (credentialEntity == null || credentialEntity.getUser() == null || !credentialEntity.getUser().getId().equals(userModel.getId())) ? false : true;
    }
}
