package org.keycloak.models.jpa;

import jakarta.persistence.EntityManager;
import jakarta.persistence.NoResultException;
import jakarta.persistence.criteria.CriteriaBuilder;
import jakarta.persistence.criteria.CriteriaDelete;
import jakarta.persistence.criteria.CriteriaQuery;
import jakarta.persistence.criteria.Expression;
import jakarta.persistence.criteria.MapJoin;
import jakarta.persistence.criteria.Order;
import jakarta.persistence.criteria.Predicate;
import jakarta.persistence.criteria.Root;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Stream;
import org.hibernate.Session;
import org.jboss.logging.Logger;
import org.keycloak.broker.provider.IdentityProvider;
import org.keycloak.broker.provider.IdentityProviderFactory;
import org.keycloak.broker.social.SocialIdentityProvider;
import org.keycloak.connections.jpa.JpaConnectionProvider;
import org.keycloak.models.IDPProvider;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.jpa.entities.IdentityProviderEntity;
import org.keycloak.models.jpa.entities.RealmAttributes;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.utils.StreamsUtil;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/models/jpa/JpaIDPProvider.class */
public class JpaIDPProvider implements IDPProvider {
    protected static final Logger logger = Logger.getLogger(IDPProvider.class);
    private final EntityManager em;
    private final KeycloakSession session;

    public JpaIDPProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        this.em = ((JpaConnectionProvider) keycloakSession.getProvider(JpaConnectionProvider.class)).getEntityManager();
    }

    public IdentityProviderModel create(IdentityProviderModel identityProviderModel) {
        IdentityProviderEntity identityProviderEntity = new IdentityProviderEntity();
        if (identityProviderModel.getInternalId() == null) {
            identityProviderEntity.setInternalId(KeycloakModelUtils.generateId());
        } else {
            identityProviderEntity.setInternalId(identityProviderModel.getInternalId());
        }
        identityProviderEntity.setAlias(identityProviderModel.getAlias());
        identityProviderEntity.setRealmId(getRealm().getId());
        identityProviderEntity.setDisplayName(identityProviderModel.getDisplayName());
        identityProviderEntity.setProviderId(identityProviderModel.getProviderId());
        identityProviderEntity.setEnabled(identityProviderModel.isEnabled());
        identityProviderEntity.setStoreToken(identityProviderModel.isStoreToken());
        identityProviderEntity.setAddReadTokenRoleOnCreate(identityProviderModel.isAddReadTokenRoleOnCreate());
        identityProviderEntity.setTrustEmail(identityProviderModel.isTrustEmail());
        identityProviderEntity.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault());
        identityProviderEntity.setFirstBrokerLoginFlowId(identityProviderModel.getFirstBrokerLoginFlowId());
        identityProviderEntity.setPostBrokerLoginFlowId(identityProviderModel.getPostBrokerLoginFlowId());
        identityProviderEntity.setOrganizationId(identityProviderModel.getOrganizationId());
        identityProviderEntity.setConfig(identityProviderModel.getConfig());
        identityProviderEntity.setLinkOnly(identityProviderModel.isLinkOnly());
        identityProviderEntity.setHideOnLogin(identityProviderModel.isHideOnLogin());
        this.em.persist(identityProviderEntity);
        this.em.flush();
        identityProviderModel.setInternalId(identityProviderEntity.getInternalId());
        return identityProviderModel;
    }

    public void update(final IdentityProviderModel identityProviderModel) {
        IdentityProviderEntity entityById = getEntityById(identityProviderModel.getInternalId(), true);
        entityById.setAlias(identityProviderModel.getAlias());
        entityById.setDisplayName(identityProviderModel.getDisplayName());
        entityById.setEnabled(identityProviderModel.isEnabled());
        entityById.setTrustEmail(identityProviderModel.isTrustEmail());
        entityById.setAuthenticateByDefault(identityProviderModel.isAuthenticateByDefault());
        entityById.setFirstBrokerLoginFlowId(identityProviderModel.getFirstBrokerLoginFlowId());
        entityById.setPostBrokerLoginFlowId(identityProviderModel.getPostBrokerLoginFlowId());
        entityById.setOrganizationId(identityProviderModel.getOrganizationId());
        entityById.setAddReadTokenRoleOnCreate(identityProviderModel.isAddReadTokenRoleOnCreate());
        entityById.setStoreToken(identityProviderModel.isStoreToken());
        entityById.setConfig(identityProviderModel.getConfig());
        entityById.setLinkOnly(identityProviderModel.isLinkOnly());
        entityById.setHideOnLogin(identityProviderModel.isHideOnLogin());
        this.em.flush();
        final RealmModel realm = getRealm();
        this.session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderUpdatedEvent() { // from class: org.keycloak.models.jpa.JpaIDPProvider.1
            public RealmModel getRealm() {
                return realm;
            }

            public IdentityProviderModel getUpdatedIdentityProvider() {
                return identityProviderModel;
            }

            public KeycloakSession getKeycloakSession() {
                return JpaIDPProvider.this.session;
            }
        });
    }

    public boolean remove(String str) {
        IdentityProviderEntity entityByAlias = getEntityByAlias(str);
        if (entityByAlias == null) {
            return false;
        }
        final IdentityProviderModel model = toModel(entityByAlias);
        this.em.remove(entityByAlias);
        this.em.flush();
        final RealmModel realm = getRealm();
        this.session.getKeycloakSessionFactory().publish(new RealmModel.IdentityProviderRemovedEvent() { // from class: org.keycloak.models.jpa.JpaIDPProvider.2
            public RealmModel getRealm() {
                return realm;
            }

            public IdentityProviderModel getRemovedIdentityProvider() {
                return model;
            }

            public KeycloakSession getKeycloakSession() {
                return JpaIDPProvider.this.session;
            }
        });
        return true;
    }

    public void removeAll() {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaDelete createCriteriaDelete = criteriaBuilder.createCriteriaDelete(IdentityProviderEntity.class);
        createCriteriaDelete.where(criteriaBuilder.equal(createCriteriaDelete.from(IdentityProviderEntity.class).get("realmId"), getRealm().getId()));
        this.em.createQuery(createCriteriaDelete).executeUpdate();
    }

    public IdentityProviderModel getById(String str) {
        return toModel(getEntityById(str, false));
    }

    public IdentityProviderModel getByAlias(String str) {
        return toModel(getEntityByAlias(str));
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x00a1. Please report as an issue. */
    public Stream<IdentityProviderModel> getAllStream(Map<String, String> map, Integer num, Integer num2) {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(IdentityProviderEntity.class);
        Root<IdentityProviderEntity> from = createQuery.from(IdentityProviderEntity.class);
        ArrayList arrayList = new ArrayList();
        arrayList.add(criteriaBuilder.equal(from.get("realmId"), getRealm().getId()));
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                if (!StringUtil.isBlank(key)) {
                    boolean z = -1;
                    switch (key.hashCode()) {
                        case -1609594047:
                            if (key.equals("enabled")) {
                                z = true;
                                break;
                            }
                            break;
                        case -1463914200:
                            if (key.equals("hideOnLogin")) {
                                z = 2;
                                break;
                            }
                            break;
                        case -927042130:
                            if (key.equals("organizationId")) {
                                z = 5;
                                break;
                            }
                            break;
                        case -906336856:
                            if (key.equals("search")) {
                                z = 6;
                                break;
                            }
                            break;
                        case -596706667:
                            if (key.equals("authenticateByDefault")) {
                                z = false;
                                break;
                            }
                            break;
                        case 507937097:
                            if (key.equals(RealmAttributes.FIRST_BROKER_LOGIN_FLOW_ID)) {
                                z = 4;
                                break;
                            }
                            break;
                        case 1194047174:
                            if (key.equals("linkOnly")) {
                                z = 3;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                        case true:
                        case true:
                        case true:
                            if (Boolean.parseBoolean(value)) {
                                arrayList.add(criteriaBuilder.isTrue(from.get(key)));
                                break;
                            } else {
                                arrayList.add(criteriaBuilder.isFalse(from.get(key)));
                                break;
                            }
                        case true:
                        case true:
                            if (StringUtil.isBlank(value)) {
                                arrayList.add(criteriaBuilder.isNull(from.get(key)));
                                break;
                            } else {
                                arrayList.add(criteriaBuilder.equal(from.get(key), value));
                                break;
                            }
                        case true:
                            if (StringUtil.isNotBlank(value)) {
                                arrayList.add(getAliasSearchPredicate(value, criteriaBuilder, from));
                                break;
                            } else {
                                break;
                            }
                        default:
                            String str = (String) ((Session) this.em.unwrap(Session.class)).doReturningWork(connection -> {
                                return connection.getMetaData().getDatabaseProductName();
                            });
                            MapJoin joinMap = from.joinMap("config");
                            Predicate equal = criteriaBuilder.equal(joinMap.key(), key);
                            if (str.equals("Oracle")) {
                                arrayList.add(criteriaBuilder.and(equal, criteriaBuilder.equal(criteriaBuilder.function("DBMS_LOB.COMPARE", Integer.class, new Expression[]{joinMap.value(), criteriaBuilder.literal(value)}), 0)));
                                break;
                            } else {
                                arrayList.add(criteriaBuilder.and(equal, criteriaBuilder.equal(joinMap.value(), value)));
                                break;
                            }
                    }
                }
            }
        }
        createQuery.orderBy(new Order[]{criteriaBuilder.asc(from.get("alias"))});
        return StreamsUtil.closing(PaginationUtils.paginateQuery(this.em.createQuery(createQuery.select(from).where((Predicate[]) arrayList.toArray(i -> {
            return new Predicate[i];
        }))), num, num2).getResultStream()).map(this::toModel);
    }

    public Stream<String> getByFlow(String str, String str2, Integer num, Integer num2) {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(String.class);
        Root<IdentityProviderEntity> from = createQuery.from(IdentityProviderEntity.class);
        ArrayList arrayList = new ArrayList();
        arrayList.add(criteriaBuilder.equal(from.get("realmId"), getRealm().getId()));
        if (StringUtil.isNotBlank(str)) {
            arrayList.add(criteriaBuilder.or(criteriaBuilder.equal(from.get(RealmAttributes.FIRST_BROKER_LOGIN_FLOW_ID), str), criteriaBuilder.equal(from.get("postBrokerLoginFlowId"), str)));
        }
        if (StringUtil.isNotBlank(str2)) {
            arrayList.add(getAliasSearchPredicate(str2, criteriaBuilder, from));
        }
        createQuery.orderBy(new Order[]{criteriaBuilder.asc(from.get("alias"))});
        return StreamsUtil.closing(PaginationUtils.paginateQuery(this.em.createQuery(createQuery.select(from.get("alias")).where((Predicate[]) arrayList.toArray(i -> {
            return new Predicate[i];
        }))), num, num2).getResultStream());
    }

    public long count() {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(Long.class);
        Root from = createQuery.from(IdentityProviderEntity.class);
        createQuery.select(criteriaBuilder.count(createQuery.from(IdentityProviderEntity.class)));
        createQuery.where(criteriaBuilder.equal(from.get("realmId"), getRealm().getId()));
        return ((Long) this.em.createQuery(createQuery).getSingleResult()).longValue();
    }

    public void close() {
    }

    private IdentityProviderEntity getEntityById(String str, boolean z) {
        if (str == null) {
            if (z) {
                throw new ModelException("Identity Provider with null internal id does not exist");
            }
            return null;
        }
        IdentityProviderEntity identityProviderEntity = (IdentityProviderEntity) this.em.find(IdentityProviderEntity.class, str);
        if (identityProviderEntity == null) {
            if (z) {
                throw new ModelException("Identity Provider with internal id [" + str + "] does not exist");
            }
            return null;
        }
        if (getRealm().getId().equals(identityProviderEntity.getRealmId())) {
            return identityProviderEntity;
        }
        throw new ModelException("Identity Provider with internal id [" + identityProviderEntity.getInternalId() + "] does not belong to realm [" + getRealm().getName() + "]");
    }

    private IdentityProviderEntity getEntityByAlias(String str) {
        CriteriaBuilder criteriaBuilder = this.em.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(IdentityProviderEntity.class);
        Root from = createQuery.from(IdentityProviderEntity.class);
        try {
            return (IdentityProviderEntity) this.em.createQuery(createQuery.select(from).where(criteriaBuilder.and(criteriaBuilder.equal(from.get("realmId"), getRealm().getId()), criteriaBuilder.equal(from.get("alias"), str)))).getSingleResult();
        } catch (NoResultException e) {
            return null;
        }
    }

    private Predicate getAliasSearchPredicate(String str, CriteriaBuilder criteriaBuilder, Root<IdentityProviderEntity> root) {
        if (str.startsWith("\"") && str.endsWith("\"")) {
            return criteriaBuilder.equal(root.get("alias"), str.substring(1, str.length() - 1));
        }
        String replace = str.replace("%", "\\%").replace("_", "\\_").replace("*", "%");
        if (!replace.endsWith("%")) {
            replace = replace + "%";
        }
        return criteriaBuilder.like(criteriaBuilder.lower(root.get("alias")), replace.toLowerCase(), '\\');
    }

    private IdentityProviderModel toModel(IdentityProviderEntity identityProviderEntity) {
        if (identityProviderEntity == null) {
            return null;
        }
        IdentityProviderModel modelFromProviderFactory = getModelFromProviderFactory(identityProviderEntity.getProviderId());
        modelFromProviderFactory.setProviderId(identityProviderEntity.getProviderId());
        modelFromProviderFactory.setAlias(identityProviderEntity.getAlias());
        modelFromProviderFactory.setDisplayName(identityProviderEntity.getDisplayName());
        modelFromProviderFactory.setInternalId(identityProviderEntity.getInternalId());
        modelFromProviderFactory.setConfig(new HashMap(identityProviderEntity.getConfig()));
        modelFromProviderFactory.setEnabled(identityProviderEntity.isEnabled());
        modelFromProviderFactory.setLinkOnly(identityProviderEntity.isLinkOnly());
        modelFromProviderFactory.setHideOnLogin(identityProviderEntity.isHideOnLogin());
        modelFromProviderFactory.setTrustEmail(identityProviderEntity.isTrustEmail());
        modelFromProviderFactory.setAuthenticateByDefault(identityProviderEntity.isAuthenticateByDefault());
        modelFromProviderFactory.setFirstBrokerLoginFlowId(identityProviderEntity.getFirstBrokerLoginFlowId());
        modelFromProviderFactory.setPostBrokerLoginFlowId(identityProviderEntity.getPostBrokerLoginFlowId());
        modelFromProviderFactory.setOrganizationId(identityProviderEntity.getOrganizationId());
        modelFromProviderFactory.setStoreToken(identityProviderEntity.isStoreToken());
        modelFromProviderFactory.setAddReadTokenRoleOnCreate(identityProviderEntity.isAddReadTokenRoleOnCreate());
        return modelFromProviderFactory;
    }

    private IdentityProviderModel getModelFromProviderFactory(String str) {
        IdentityProviderFactory providerFactory = this.session.getKeycloakSessionFactory().getProviderFactory(IdentityProvider.class, str);
        if (providerFactory == null) {
            providerFactory = (IdentityProviderFactory) this.session.getKeycloakSessionFactory().getProviderFactory(SocialIdentityProvider.class, str);
        }
        if (providerFactory != null) {
            return providerFactory.createConfig();
        }
        logger.warn("Couldn't find a suitable identity provider factory for " + str);
        return new IdentityProviderModel();
    }

    private RealmModel getRealm() {
        RealmModel realm = this.session.getContext().getRealm();
        if (realm == null) {
            throw new IllegalStateException("Session not bound to a realm");
        }
        return realm;
    }
}
