package org.keycloak.ipatuura_user_spi;

import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialAuthentication;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialInputValidator;
import org.keycloak.ipatuura_user_spi.schemas.SCIMError;
import org.keycloak.ipatuura_user_spi.schemas.SCIMUser;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStoragePrivateUtil;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.user.ImportedUserValidation;
import org.keycloak.storage.user.UserLookupProvider;
import org.keycloak.storage.user.UserQueryProvider;
import org.keycloak.storage.user.UserRegistrationProvider;

/* loaded from: input_file:org/keycloak/ipatuura_user_spi/IpatuuraUserStorageProvider.class */
public class IpatuuraUserStorageProvider implements UserStorageProvider, UserLookupProvider, CredentialInputValidator, CredentialAuthentication, UserRegistrationProvider, UserQueryProvider, ImportedUserValidation {
    protected KeycloakSession session;
    protected ComponentModel model;
    protected Ipatuura ipatuura;
    private static final Logger logger = Logger.getLogger(IpatuuraUserStorageProvider.class);
    protected final Set<String> supportedCredentialTypes = new HashSet();
    protected IpatuuraUserStorageProviderFactory factory;

    public IpatuuraUserStorageProvider(KeycloakSession keycloakSession, ComponentModel componentModel, Ipatuura ipatuura, IpatuuraUserStorageProviderFactory ipatuuraUserStorageProviderFactory) {
        this.session = keycloakSession;
        this.model = componentModel;
        this.ipatuura = ipatuura;
        this.factory = ipatuuraUserStorageProviderFactory;
        this.supportedCredentialTypes.add("password");
    }

    public UserModel getUserByEmail(RealmModel realmModel, String str) {
        return null;
    }

    public UserModel getUserById(RealmModel realmModel, String str) {
        return getUserByUsername(realmModel, new StorageId(str).getExternalId());
    }

    public UserModel getUserByUsername(RealmModel realmModel, String str) {
        int indexOf = str.indexOf("@");
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        UserModel userByUsername = UserStoragePrivateUtil.userLocalStorage(this.session).getUserByUsername(realmModel, str);
        if (userByUsername == null) {
            return createUserInKeycloak(realmModel, str);
        }
        logger.debug("User already exists in keycloak");
        return userByUsername;
    }

    protected UserModel createUserInKeycloak(RealmModel realmModel, String str) {
        SCIMUser userByUsername = this.ipatuura.getUserByUsername(str);
        if (userByUsername.getTotalResults().intValue() == 0) {
            return null;
        }
        UserModel addUser = UserStoragePrivateUtil.userLocalStorage(this.session).addUser(realmModel, str);
        addUser.setEmail(this.ipatuura.getEmail(userByUsername));
        addUser.setFirstName(this.ipatuura.getFirstName(userByUsername));
        addUser.setLastName(this.ipatuura.getLastName(userByUsername));
        addUser.setFederationLink(this.model.getId());
        addUser.setEnabled(this.ipatuura.getActive(userByUsername));
        for (String str2 : this.ipatuura.getGroupsList(userByUsername)) {
            GroupModel groupModel = (GroupModel) this.session.groups().searchForGroupByNameStream(realmModel, str2, false, (Integer) null, (Integer) null).findFirst().orElse(null);
            if (groupModel == null) {
                logger.debugv("No group found, creating group: {0}", str2);
                groupModel = this.session.groups().createGroup(realmModel, str2);
            }
            addUser.joinGroup(groupModel);
        }
        logger.debugv("Creating SCIM user {0} in keycloak", str);
        return new IpatuuraUserModelDelegate(this.ipatuura, addUser, this.model);
    }

    public void close() {
    }

    public Set<String> getSupportedCredentialTypes() {
        return new HashSet(this.supportedCredentialTypes);
    }

    public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String str) {
        return getSupportedCredentialTypes().contains(str);
    }

    public boolean supportsCredentialType(String str) {
        return getSupportedCredentialTypes().contains(str);
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) {
        if (!supportsCredentialType(credentialInput.getType()) || !(credentialInput instanceof UserCredentialModel)) {
            return false;
        }
        if (userModel.credentialManager().isConfiguredLocally(credentialInput.getType())) {
            logger.debugv("Local password validation for {0}", userModel.getUsername());
            return false;
        }
        logger.debugv("Delegated password validation for {0}", userModel.getUsername());
        return this.ipatuura.isValid(userModel.getUsername(), credentialInput.getChallengeResponse());
    }

    public UserModel validate(RealmModel realmModel, UserModel userModel) {
        Ipatuura ipatuura = this.ipatuura;
        SCIMUser userByUsername = ipatuura.getUserByUsername(userModel.getUsername());
        String firstName = ipatuura.getFirstName(userByUsername);
        String lastName = ipatuura.getLastName(userByUsername);
        String email = ipatuura.getEmail(userByUsername);
        if (!userModel.getFirstName().equals(firstName)) {
            userModel.setFirstName(firstName);
        }
        if (!userModel.getLastName().equals(lastName)) {
            userModel.setLastName(lastName);
        }
        if (!userModel.getEmail().equals(email)) {
            userModel.setEmail(email);
        }
        return new IpatuuraUserModelDelegate(this.ipatuura, userModel, this.model);
    }

    public UserModel addUser(RealmModel realmModel, String str) {
        SimpleHttp.Response createUser = this.ipatuura.createUser(str);
        try {
            if (createUser.getStatus() == 201) {
                createUser.close();
                return createUserInKeycloak(realmModel, str);
            }
            logger.warn("Unexpected create status code returned");
            logger.warn(((SCIMError) createUser.asJson(SCIMError.class)).getDetail());
            createUser.close();
            return null;
        } catch (IOException e) {
            logger.errorv("Error: {0}", e.getMessage());
            throw new RuntimeException(e);
        }
    }

    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        logger.debugv("Removing user: {0}", userModel.getUsername());
        SimpleHttp.Response deleteUser = this.ipatuura.deleteUser(userModel.getUsername());
        try {
            Boolean valueOf = Boolean.valueOf(deleteUser.getStatus() == 204);
            deleteUser.close();
            return valueOf.booleanValue();
        } catch (IOException e) {
            logger.errorv("Error: {0}", e.getMessage());
            throw new RuntimeException(e);
        }
    }

    private Stream<UserModel> performSearch(RealmModel realmModel, String str) {
        LinkedList linkedList = new LinkedList();
        Ipatuura ipatuura = this.ipatuura;
        SCIMUser userByUsername = ipatuura.getUserByUsername(str);
        if (userByUsername.getTotalResults().intValue() <= 0) {
            return linkedList.stream();
        }
        logger.debug("User found by username!");
        if (UserStoragePrivateUtil.userLocalStorage(this.session).getUserByUsername(realmModel, str) == null) {
            linkedList.add(getUserByUsername(realmModel, ipatuura.getUserName(userByUsername)));
        } else {
            logger.debug("User exists!");
        }
        return linkedList.stream();
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel, Integer num, Integer num2) {
        return Stream.empty();
    }

    public int getUsersCount(RealmModel realmModel) {
        try {
            SimpleHttp.Response clientRequest = this.ipatuura.clientRequest("/Users", "GET", null);
            SCIMUser sCIMUser = (SCIMUser) clientRequest.asJson(SCIMUser.class);
            clientRequest.close();
            return sCIMUser.getTotalResults().intValue();
        } catch (Exception e) {
            logger.errorv("Error: {0}", e.getMessage());
            throw new RuntimeException(e);
        }
    }

    public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realmModel, String str, String str2) {
        return Stream.empty();
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, Map<String, String> map, Integer num, Integer num2) {
        String str = map.get("keycloak.session.realm.users.query.search");
        return str == null ? Stream.empty() : performSearch(realmModel, str);
    }

    public boolean supportsCredentialAuthenticationFor(String str) {
        return "kerberos".equals(str);
    }

    public CredentialValidationOutput authenticate(RealmModel realmModel, CredentialInput credentialInput) {
        HashMap hashMap = new HashMap();
        String str = null;
        String token = this.factory.createSCIMAuthenticator().getToken(this.session);
        if (token != null) {
            str = this.ipatuura.gssAuth(token);
            int indexOf = str.indexOf("@");
            if (indexOf != -1) {
                str = str.substring(0, indexOf);
            }
            logger.debug("GSSAPI authenticating with user " + str);
        }
        UserModel userByUsername = getUserByUsername(realmModel, str);
        if (userByUsername == null) {
            logger.debug("CredentialValidationOutput failed");
            return CredentialValidationOutput.failed();
        }
        logger.debug("CredentialValidationOutput success!");
        return new CredentialValidationOutput(userByUsername, CredentialValidationOutput.Status.AUTHENTICATED, hashMap);
    }
}
