package org.keycloak.storage;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.Profile;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialAuthentication;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.CredentialProviderFactory;
import org.keycloak.models.AbstractKeycloakTransaction;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.CredentialValidationOutput;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserProvider;
import org.keycloak.models.cache.CachedUserModel;
import org.keycloak.models.cache.OnUserCache;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.ComponentUtil;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ReadOnlyUserModelDelegate;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.storage.client.ClientStorageProvider;
import org.keycloak.storage.federated.UserFederatedStorageProvider;
import org.keycloak.storage.managers.UserStorageSyncManager;
import org.keycloak.storage.user.ImportedUserValidation;
import org.keycloak.storage.user.UserBulkUpdateProvider;
import org.keycloak.storage.user.UserCountMethodsProvider;
import org.keycloak.storage.user.UserLookupProvider;
import org.keycloak.storage.user.UserQueryMethodsProvider;
import org.keycloak.storage.user.UserRegistrationProvider;
import org.keycloak.userprofile.AttributeMetadata;
import org.keycloak.userprofile.UserProfileDecorator;
import org.keycloak.userprofile.UserProfileMetadata;
import org.keycloak.utils.StreamsUtil;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/storage/UserStorageManager.class */
public class UserStorageManager extends AbstractStorageManager<UserStorageProvider, UserStorageProviderModel> implements UserProvider, OnUserCache, OnCreateComponent, OnUpdateComponent, UserProfileDecorator {
    private static final Logger logger = Logger.getLogger(UserStorageManager.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:org/keycloak/storage/UserStorageManager$CountQuery.class */
    public interface CountQuery {
        int query(Object obj, Integer num, Integer num2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:org/keycloak/storage/UserStorageManager$PaginatedQuery.class */
    public interface PaginatedQuery {
        Stream<UserModel> query(Object obj, Integer num, Integer num2);
    }

    public UserStorageManager(KeycloakSession keycloakSession) {
        super(keycloakSession, UserStorageProviderFactory.class, UserStorageProvider.class, UserStorageProviderModel::new, "user");
    }

    protected UserProvider localStorage() {
        return this.session.getProvider(DatastoreProvider.class).userLocalStorage();
    }

    private UserFederatedStorageProvider getFederatedStorage() {
        return UserStorageUtil.userFederatedStorage(this.session);
    }

    protected UserModel importValidation(RealmModel realmModel, UserModel userModel) {
        if (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION) && userModel != null) {
            this.session.getProvider(OrganizationProvider.class);
            if (isOrganizationDisabled(this.session, userModel)) {
                return new ReadOnlyUserModelDelegate(userModel) { // from class: org.keycloak.storage.UserStorageManager.1
                    public boolean isEnabled() {
                        return false;
                    }
                };
            }
        }
        if (userModel == null || userModel.getFederationLink() == null) {
            return userModel;
        }
        UserStorageProviderModel storageProviderModel = getStorageProviderModel(realmModel, userModel.getFederationLink());
        if (storageProviderModel == null) {
            logger.debugf("Removed user with federation link of unknown storage provider '%s'", userModel.getUsername());
            deleteInvalidUser(realmModel, userModel);
            return null;
        }
        if (!storageProviderModel.isEnabled()) {
            return new ReadOnlyUserModelDelegate(userModel) { // from class: org.keycloak.storage.UserStorageManager.2
                public boolean isEnabled() {
                    return false;
                }
            };
        }
        ImportedUserValidation importedUserValidation = (ImportedUserValidation) getStorageProviderInstance(storageProviderModel, ImportedUserValidation.class, true);
        if (importedUserValidation == null) {
            return userModel;
        }
        UserModel validate = importedUserValidation.validate(realmModel, userModel);
        if (validate != null) {
            return validate;
        }
        deleteInvalidUser(realmModel, userModel);
        return null;
    }

    private static <T> Stream<T> getCredentialProviders(KeycloakSession keycloakSession, Class<T> cls) {
        return (Stream<T>) keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).filter(providerFactory -> {
            return Types.supports(cls, providerFactory, CredentialProviderFactory.class);
        }).map(providerFactory2 -> {
            return keycloakSession.getProvider(CredentialProvider.class, providerFactory2.getId());
        });
    }

    public CredentialValidationOutput getUserByCredential(RealmModel realmModel, CredentialInput credentialInput) {
        CredentialValidationOutput.Status authStatus;
        CredentialValidationOutput credentialValidationOutput = null;
        for (CredentialAuthentication credentialAuthentication : (List) Stream.concat(getEnabledStorageProviders(realmModel, CredentialAuthentication.class), getCredentialProviders(this.session, CredentialAuthentication.class)).filter(credentialAuthentication2 -> {
            return credentialAuthentication2.supportsCredentialAuthenticationFor(credentialInput.getType());
        }).collect(Collectors.toList())) {
            CredentialValidationOutput authenticate = credentialAuthentication.authenticate(realmModel, credentialInput);
            if (Objects.nonNull(authenticate) && ((authStatus = authenticate.getAuthStatus()) == CredentialValidationOutput.Status.AUTHENTICATED || authStatus == CredentialValidationOutput.Status.CONTINUE || authStatus == CredentialValidationOutput.Status.FAILED)) {
                logger.tracef("Attempt to authenticate credential '%s' with provider '%s' finished with '%s'.", credentialInput.getType(), credentialAuthentication, authStatus);
                if (authStatus == CredentialValidationOutput.Status.AUTHENTICATED) {
                    logger.tracef("Authenticated user is '%s'", authenticate.getAuthenticatedUser().getUsername());
                }
                credentialValidationOutput = authenticate;
                return credentialValidationOutput;
            }
            logger.tracef("Did not authenticate user by provider '%s' with the credential type '%s'. Will try to fallback to other user storage providers", credentialAuthentication, credentialInput.getType());
        }
        return credentialValidationOutput;
    }

    protected void deleteInvalidUser(RealmModel realmModel, UserModel userModel) {
        String id = userModel.getId();
        String username = userModel.getUsername();
        UserCache userCache = UserStorageUtil.userCache(this.session);
        if (userCache != null) {
            userCache.evict(realmModel, userModel);
        }
        KeycloakModelUtils.runJobInTransaction(this.session.getKeycloakSessionFactory(), keycloakSession -> {
            UserModel userById;
            RealmModel realm = keycloakSession.realms().getRealm(realmModel.getId());
            if (realm == null || (userById = UserStoragePrivateUtil.userLocalStorage(keycloakSession).getUserById(realm, id)) == null) {
                return;
            }
            try {
                new UserManager(keycloakSession).removeUser(realm, userById, UserStoragePrivateUtil.userLocalStorage(keycloakSession));
                logger.debugf("Removed invalid user '%s'", username);
            } catch (ModelException e) {
                logger.debugf(e, "ModelException thrown during deleteInvalidUser with username '%s'", username);
            }
        });
    }

    protected Stream<UserModel> importValidation(RealmModel realmModel, Stream<UserModel> stream) {
        return stream.map(userModel -> {
            return importValidation(realmModel, userModel);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        });
    }

    protected Stream<UserModel> query(PaginatedQuery paginatedQuery, RealmModel realmModel, Integer num, Integer num2) {
        return query(paginatedQuery, (obj, num3, num4) -> {
            return (int) paginatedQuery.query(obj, num3, num4).count();
        }, realmModel, num, num2);
    }

    protected Stream<UserModel> query(PaginatedQuery paginatedQuery, CountQuery countQuery, RealmModel realmModel, Integer num, Integer num2) {
        AtomicInteger atomicInteger;
        if (num2 != null && num2.intValue() == 0) {
            return Stream.empty();
        }
        Stream concat = Stream.concat(Stream.of(localStorage()), getEnabledStorageProviders(realmModel, UserQueryMethodsProvider.class));
        UserFederatedStorageProvider federatedStorage = getFederatedStorage();
        if (federatedStorage != null) {
            concat = Stream.concat(concat, Stream.of(federatedStorage));
        }
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        if (num == null || num.intValue() <= 0) {
            atomicInteger = new AtomicInteger(0);
        } else {
            AtomicBoolean atomicBoolean2 = new AtomicBoolean(true);
            atomicInteger = new AtomicInteger(num.intValue());
            concat = ((List) concat.filter(obj -> {
                if (!atomicBoolean2.get()) {
                    return true;
                }
                if (!(obj instanceof UserCountMethodsProvider)) {
                    logger.tracef("We encountered a provider (%s) that does not implement count queries therefore we can't say how many users it can provide.", obj.getClass().getSimpleName());
                    atomicBoolean2.set(false);
                    atomicBoolean.set(true);
                    return true;
                }
                long query = countQuery.query(obj, 0, Integer.valueOf(atomicInteger.get() + 1));
                logger.tracef("This provider (%s) is able to return %d users.", obj.getClass().getSimpleName(), Long.valueOf(query));
                if (query == atomicInteger.get()) {
                    atomicInteger.set(0);
                    atomicBoolean2.set(false);
                    return false;
                }
                if (query > atomicInteger.get()) {
                    atomicBoolean2.set(false);
                    return true;
                }
                logger.tracef("This provider (%s) cannot provide enough users to pass firstResult so we are going to filter it out and change firstResult for next provider: %d - %d = %d", new Object[]{obj.getClass().getSimpleName(), Integer.valueOf(atomicInteger.get()), Long.valueOf(query), Long.valueOf(atomicInteger.get() - query)});
                atomicInteger.set((int) (atomicInteger.get() - query));
                return false;
            }).collect(Collectors.toList())).stream();
        }
        if (atomicBoolean.get() && atomicInteger.get() > 0) {
            logger.tracef("In the providerStream there is a provider that does not support count queries and we need to skip some users.", new Object[0]);
            if (num2 == null || num2.intValue() < 0) {
                return StreamsUtil.paginatedStream(concat.flatMap(obj2 -> {
                    return paginatedQuery.query(obj2, null, null);
                }), Integer.valueOf(atomicInteger.get()), (Integer) null);
            }
            AtomicInteger atomicInteger2 = new AtomicInteger(atomicInteger.get() + num2.intValue());
            return StreamsUtil.paginatedStream(concat.flatMap(obj3 -> {
                return paginatedQuery.query(obj3, null, Integer.valueOf(atomicInteger2.get()));
            }).peek(userModel -> {
                atomicInteger2.updateAndGet(i -> {
                    return i > 0 ? i - 1 : i;
                });
            }), Integer.valueOf(atomicInteger.get()), num2);
        }
        if (num2 == null || num2.intValue() < 0) {
            AtomicInteger atomicInteger3 = atomicInteger;
            return concat.flatMap(obj4 -> {
                return paginatedQuery.query(obj4, Integer.valueOf(atomicInteger3.getAndSet(0)), null);
            });
        }
        AtomicInteger atomicInteger4 = new AtomicInteger(num2.intValue());
        AtomicInteger atomicInteger5 = atomicInteger;
        return concat.filter(obj5 -> {
            return atomicInteger4.get() != 0;
        }).flatMap(obj6 -> {
            return paginatedQuery.query(obj6, Integer.valueOf(atomicInteger5.getAndSet(0)), Integer.valueOf(atomicInteger4.get()));
        }).peek(userModel2 -> {
            atomicInteger4.updateAndGet(i -> {
                return i > 0 ? i - 1 : i;
            });
        });
    }

    private static Stream<UserModel> removeDuplicates(Stream<UserModel> stream) {
        return stream.filter(StreamsUtil.distinctByKey((v0) -> {
            return v0.getId();
        }));
    }

    public UserModel addUser(RealmModel realmModel, String str) {
        return str.startsWith("service-account-") ? localStorage().addUser(realmModel, str) : (UserModel) getEnabledStorageProviders(realmModel, UserRegistrationProvider.class).map(userRegistrationProvider -> {
            return userRegistrationProvider.addUser(realmModel, str);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).findFirst().orElseGet(() -> {
            return localStorage().addUser(realmModel, str.toLowerCase());
        });
    }

    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        if (getFederatedStorage() != null && userModel.getServiceAccountClientLink() == null) {
            getFederatedStorage().preRemove(realmModel, userModel);
        }
        publishUserPreRemovedEvent(realmModel, userModel);
        StorageId storageId = new StorageId(userModel.getId());
        if (storageId.getProviderId() == null) {
            String federationLink = userModel.getFederationLink();
            return localStorage().removeUser(realmModel, userModel) && (federationLink == null || ((Boolean) Optional.ofNullable((UserRegistrationProvider) getStorageProviderInstance(realmModel, federationLink, UserRegistrationProvider.class)).map(userRegistrationProvider -> {
                return Boolean.valueOf(userRegistrationProvider.removeUser(realmModel, userModel));
            }).orElse(false)).booleanValue());
        }
        UserRegistrationProvider userRegistrationProvider2 = (UserRegistrationProvider) getStorageProviderInstance(realmModel, storageId.getProviderId(), UserRegistrationProvider.class);
        if (userRegistrationProvider2 == null) {
            throw new ModelException("Could not resolve UserRegistrationProvider: " + storageId.getProviderId());
        }
        return userRegistrationProvider2.removeUser(realmModel, userModel);
    }

    public UserModel getUserById(RealmModel realmModel, String str) {
        StorageId storageId = new StorageId(str);
        if (storageId.getProviderId() == null) {
            return importValidation(realmModel, localStorage().getUserById(realmModel, str));
        }
        UserLookupProvider userLookupProvider = (UserLookupProvider) getStorageProviderInstance(realmModel, storageId.getProviderId(), UserLookupProvider.class);
        if (userLookupProvider == null) {
            return null;
        }
        return userLookupProvider.getUserById(realmModel, str);
    }

    public UserModel getUserByUsername(RealmModel realmModel, String str) {
        UserModel userByUsername = localStorage().getUserByUsername(realmModel, str);
        return userByUsername != null ? importValidation(realmModel, userByUsername) : (UserModel) mapEnabledStorageProvidersWithTimeout(realmModel, UserLookupProvider.class, userLookupProvider -> {
            return userLookupProvider.getUserByUsername(realmModel, str);
        }).findFirst().orElse(null);
    }

    public UserModel getUserByEmail(RealmModel realmModel, String str) {
        UserModel importValidation;
        UserModel userByEmail = localStorage().getUserByEmail(realmModel, str);
        return (userByEmail == null || (importValidation = importValidation(realmModel, userByEmail)) == null || !str.equalsIgnoreCase(importValidation.getEmail())) ? (UserModel) mapEnabledStorageProvidersWithTimeout(realmModel, UserLookupProvider.class, userLookupProvider -> {
            return userLookupProvider.getUserByEmail(realmModel, str);
        }).findFirst().orElse(null) : importValidation;
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel, Integer num, Integer num2) {
        return importValidation(realmModel, query((obj, num3, num4) -> {
            return obj instanceof UserQueryMethodsProvider ? ((UserQueryMethodsProvider) obj).getGroupMembersStream(realmModel, groupModel, num3, num4) : obj instanceof UserFederatedStorageProvider ? ((UserFederatedStorageProvider) obj).getMembershipStream(realmModel, groupModel, num3, num4).map(str -> {
                return getUserById(realmModel, str);
            }) : Stream.empty();
        }, realmModel, num, num2));
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel, String str, Boolean bool, Integer num, Integer num2) {
        return importValidation(realmModel, query((obj, num3, num4) -> {
            return obj instanceof UserQueryMethodsProvider ? ((UserQueryMethodsProvider) obj).getGroupMembersStream(realmModel, groupModel, str, bool, num3, num4) : obj instanceof UserFederatedStorageProvider ? StreamsUtil.paginatedStream(((UserFederatedStorageProvider) obj).getMembershipStream(realmModel, groupModel, (Integer) null, (Integer) null).map(str2 -> {
                return getUserById(realmModel, str2);
            }).filter(userModel -> {
                if (StringUtil.isBlank(str)) {
                    return true;
                }
                return Boolean.TRUE.equals(bool) ? str.equals(userModel.getUsername()) || str.equals(userModel.getEmail()) || str.equals(userModel.getFirstName()) || str.equals(userModel.getLastName()) : ((String) Optional.ofNullable(userModel.getUsername()).orElse("")).toLowerCase().contains(str.toLowerCase()) || ((String) Optional.ofNullable(userModel.getEmail()).orElse("")).toLowerCase().contains(str.toLowerCase()) || ((String) Optional.ofNullable(userModel.getFirstName()).orElse("")).toLowerCase().contains(str.toLowerCase()) || ((String) Optional.ofNullable(userModel.getLastName()).orElse("")).toLowerCase().contains(str.toLowerCase());
            }), num3, num4) : Stream.empty();
        }, realmModel, num, num2));
    }

    public Stream<UserModel> getRoleMembersStream(RealmModel realmModel, RoleModel roleModel, Integer num, Integer num2) {
        return importValidation(realmModel, query((obj, num3, num4) -> {
            return obj instanceof UserQueryMethodsProvider ? ((UserQueryMethodsProvider) obj).getRoleMembersStream(realmModel, roleModel, num3, num4) : obj instanceof UserFederatedStorageProvider ? ((UserFederatedStorageProvider) obj).getRoleMembersStream(realmModel, roleModel, num3, num4).map(str -> {
                return getUserById(realmModel, str);
            }) : Stream.empty();
        }, realmModel, num, num2));
    }

    public int getUsersCount(RealmModel realmModel, boolean z) {
        return localStorage().getUsersCount(realmModel, z) + ((Integer) mapEnabledStorageProvidersWithTimeout(realmModel, UserCountMethodsProvider.class, userCountMethodsProvider -> {
            return Integer.valueOf(userCountMethodsProvider.getUsersCount(realmModel));
        }).reduce(0, (v0, v1) -> {
            return Integer.sum(v0, v1);
        })).intValue();
    }

    public int getUsersCount(RealmModel realmModel) {
        return getUsersCount(realmModel, false);
    }

    public int getUsersCount(RealmModel realmModel, Set<String> set) {
        return localStorage().getUsersCount(realmModel, set);
    }

    public int getUsersCount(RealmModel realmModel, String str) {
        return localStorage().getUsersCount(realmModel, str);
    }

    public int getUsersCount(RealmModel realmModel, String str, Set<String> set) {
        return localStorage().getUsersCount(realmModel, str, set);
    }

    public int getUsersCount(RealmModel realmModel, Map<String, String> map) {
        return localStorage().getUsersCount(realmModel, map);
    }

    public int getUsersCount(RealmModel realmModel, Map<String, String> map, Set<String> set) {
        return localStorage().getUsersCount(realmModel, map, set);
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, Map<String, String> map, Integer num, Integer num2) {
        return importValidation(realmModel, query((obj, num3, num4) -> {
            return obj instanceof UserQueryMethodsProvider ? ((UserQueryMethodsProvider) obj).searchForUserStream(realmModel, map, num3, num4) : Stream.empty();
        }, (obj2, num5, num6) -> {
            if (obj2 instanceof UserCountMethodsProvider) {
                return ((UserCountMethodsProvider) obj2).getUsersCount(realmModel, map);
            }
            return 0;
        }, realmModel, num, num2));
    }

    public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realmModel, String str, String str2) {
        return importValidation(realmModel, removeDuplicates(query((obj, num, num2) -> {
            return obj instanceof UserQueryMethodsProvider ? StreamsUtil.paginatedStream(((UserQueryMethodsProvider) obj).searchForUserByUserAttributeStream(realmModel, str, str2), num, num2) : obj instanceof UserFederatedStorageProvider ? StreamsUtil.paginatedStream(((UserFederatedStorageProvider) obj).getUsersByUserAttributeStream(realmModel, str, str2).map(str3 -> {
                return getUserById(realmModel, str3);
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }), num, num2) : Stream.empty();
        }, realmModel, null, null)));
    }

    public void grantToAllUsers(RealmModel realmModel, RoleModel roleModel) {
        localStorage().grantToAllUsers(realmModel, roleModel);
        consumeEnabledStorageProvidersWithTimeout(realmModel, UserBulkUpdateProvider.class, userBulkUpdateProvider -> {
            userBulkUpdateProvider.grantToAllUsers(realmModel, roleModel);
        });
    }

    public void preRemove(RealmModel realmModel) {
        localStorage().preRemove(realmModel);
        if (getFederatedStorage() != null) {
            getFederatedStorage().preRemove(realmModel);
        }
        consumeEnabledStorageProvidersWithTimeout(realmModel, UserStorageProvider.class, userStorageProvider -> {
            userStorageProvider.preRemove(realmModel);
        });
    }

    public void preRemove(RealmModel realmModel, GroupModel groupModel) {
        localStorage().preRemove(realmModel, groupModel);
        if (getFederatedStorage() != null) {
            getFederatedStorage().preRemove(realmModel, groupModel);
        }
        consumeEnabledStorageProvidersWithTimeout(realmModel, UserStorageProvider.class, userStorageProvider -> {
            userStorageProvider.preRemove(realmModel, groupModel);
        });
    }

    public void preRemove(RealmModel realmModel, RoleModel roleModel) {
        localStorage().preRemove(realmModel, roleModel);
        if (getFederatedStorage() != null) {
            getFederatedStorage().preRemove(realmModel, roleModel);
        }
        consumeEnabledStorageProvidersWithTimeout(realmModel, UserStorageProvider.class, userStorageProvider -> {
            userStorageProvider.preRemove(realmModel, roleModel);
        });
    }

    public UserModel addUser(RealmModel realmModel, String str, String str2, boolean z, boolean z2) {
        return localStorage().addUser(realmModel, str, str2.toLowerCase(), z, z2);
    }

    public void addFederatedIdentity(final RealmModel realmModel, final UserModel userModel, final FederatedIdentityModel federatedIdentityModel) {
        if (StorageId.isLocalStorage(userModel)) {
            localStorage().addFederatedIdentity(realmModel, userModel, federatedIdentityModel);
        } else {
            getFederatedStorage().addFederatedIdentity(realmModel, userModel.getId(), federatedIdentityModel);
        }
        this.session.getKeycloakSessionFactory().publish(new FederatedIdentityModel.FederatedIdentityCreatedEvent() { // from class: org.keycloak.storage.UserStorageManager.3
            public KeycloakSession getKeycloakSession() {
                return UserStorageManager.this.session;
            }

            public RealmModel getRealm() {
                return realmModel;
            }

            public UserModel getUser() {
                return userModel;
            }

            public FederatedIdentityModel getFederatedIdentity() {
                return federatedIdentityModel;
            }
        });
    }

    public void updateFederatedIdentity(RealmModel realmModel, UserModel userModel, FederatedIdentityModel federatedIdentityModel) {
        if (StorageId.isLocalStorage(userModel)) {
            localStorage().updateFederatedIdentity(realmModel, userModel, federatedIdentityModel);
        } else {
            getFederatedStorage().updateFederatedIdentity(realmModel, userModel.getId(), federatedIdentityModel);
        }
    }

    public boolean removeFederatedIdentity(final RealmModel realmModel, final UserModel userModel, String str) {
        FederatedIdentityModel federatedIdentity;
        if (StorageId.isLocalStorage(userModel)) {
            UserProvider localStorage = localStorage();
            federatedIdentity = localStorage.getFederatedIdentity(realmModel, userModel, str);
            localStorage.removeFederatedIdentity(realmModel, userModel, str);
        } else {
            UserFederatedStorageProvider federatedStorage = getFederatedStorage();
            federatedIdentity = federatedStorage.getFederatedIdentity(userModel.getId(), str, realmModel);
            federatedStorage.removeFederatedIdentity(realmModel, userModel.getId(), str);
        }
        if (federatedIdentity == null) {
            return false;
        }
        final FederatedIdentityModel federatedIdentityModel = federatedIdentity;
        this.session.getKeycloakSessionFactory().publish(new FederatedIdentityModel.FederatedIdentityRemovedEvent() { // from class: org.keycloak.storage.UserStorageManager.4
            public KeycloakSession getKeycloakSession() {
                return UserStorageManager.this.session;
            }

            public RealmModel getRealm() {
                return realmModel;
            }

            public UserModel getUser() {
                return userModel;
            }

            public FederatedIdentityModel getFederatedIdentity() {
                return federatedIdentityModel;
            }
        });
        return true;
    }

    public void preRemove(RealmModel realmModel, IdentityProviderModel identityProviderModel) {
        localStorage().preRemove(realmModel, identityProviderModel);
        getFederatedStorage().preRemove(realmModel, identityProviderModel);
    }

    public void addConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        if (StorageId.isLocalStorage(str)) {
            localStorage().addConsent(realmModel, str, userConsentModel);
        } else {
            getFederatedStorage().addConsent(realmModel, str, userConsentModel);
        }
    }

    public UserConsentModel getConsentByClient(RealmModel realmModel, String str, String str2) {
        return StorageId.isLocalStorage(str) ? localStorage().getConsentByClient(realmModel, str, str2) : getFederatedStorage().getConsentByClient(realmModel, str, str2);
    }

    public Stream<UserConsentModel> getConsentsStream(RealmModel realmModel, String str) {
        return StorageId.isLocalStorage(str) ? localStorage().getConsentsStream(realmModel, str) : getFederatedStorage().getConsentsStream(realmModel, str);
    }

    public void updateConsent(RealmModel realmModel, String str, UserConsentModel userConsentModel) {
        if (StorageId.isLocalStorage(str)) {
            localStorage().updateConsent(realmModel, str, userConsentModel);
        } else {
            getFederatedStorage().updateConsent(realmModel, str, userConsentModel);
        }
    }

    public boolean revokeConsentForClient(RealmModel realmModel, String str, String str2) {
        return StorageId.isLocalStorage(str) ? localStorage().revokeConsentForClient(realmModel, str, str2) : getFederatedStorage().revokeConsentForClient(realmModel, str, str2);
    }

    public void setNotBeforeForUser(RealmModel realmModel, UserModel userModel, int i) {
        if (StorageId.isLocalStorage(userModel)) {
            localStorage().setNotBeforeForUser(realmModel, userModel, i);
        } else {
            getFederatedStorage().setNotBeforeForUser(realmModel, userModel.getId(), i);
        }
    }

    public int getNotBeforeOfUser(RealmModel realmModel, UserModel userModel) {
        return StorageId.isLocalStorage(userModel) ? localStorage().getNotBeforeOfUser(realmModel, userModel) : getFederatedStorage().getNotBeforeOfUser(realmModel, userModel.getId());
    }

    public UserModel getUserByFederatedIdentity(RealmModel realmModel, FederatedIdentityModel federatedIdentityModel) {
        String userByFederatedIdentity;
        UserModel userByFederatedIdentity2 = localStorage().getUserByFederatedIdentity(realmModel, federatedIdentityModel);
        if (userByFederatedIdentity2 != null) {
            return importValidation(realmModel, userByFederatedIdentity2);
        }
        if (getFederatedStorage() == null || (userByFederatedIdentity = getFederatedStorage().getUserByFederatedIdentity(federatedIdentityModel, realmModel)) == null) {
            return null;
        }
        return getUserById(realmModel, userByFederatedIdentity);
    }

    public UserModel getServiceAccount(ClientModel clientModel) {
        return localStorage().getServiceAccount(clientModel);
    }

    public Stream<FederatedIdentityModel> getFederatedIdentitiesStream(RealmModel realmModel, UserModel userModel) {
        if (userModel == null) {
            throw new IllegalStateException("Federated user no longer valid");
        }
        Stream federatedIdentitiesStream = StorageId.isLocalStorage(userModel) ? localStorage().getFederatedIdentitiesStream(realmModel, userModel) : Stream.empty();
        if (getFederatedStorage() != null) {
            federatedIdentitiesStream = Stream.concat(federatedIdentitiesStream, getFederatedStorage().getFederatedIdentitiesStream(userModel.getId(), realmModel));
        }
        return federatedIdentitiesStream.distinct();
    }

    public FederatedIdentityModel getFederatedIdentity(RealmModel realmModel, UserModel userModel, String str) {
        FederatedIdentityModel federatedIdentity;
        if (userModel == null) {
            throw new IllegalStateException("Federated user no longer valid");
        }
        if (StorageId.isLocalStorage(userModel) && (federatedIdentity = localStorage().getFederatedIdentity(realmModel, userModel, str)) != null) {
            return federatedIdentity;
        }
        if (getFederatedStorage() != null) {
            return getFederatedStorage().getFederatedIdentity(userModel.getId(), str, realmModel);
        }
        return null;
    }

    public void preRemove(RealmModel realmModel, ClientModel clientModel) {
        localStorage().preRemove(realmModel, clientModel);
        if (getFederatedStorage() != null) {
            getFederatedStorage().preRemove(realmModel, clientModel);
        }
    }

    public void preRemove(ProtocolMapperModel protocolMapperModel) {
        localStorage().preRemove(protocolMapperModel);
        if (getFederatedStorage() != null) {
            getFederatedStorage().preRemove(protocolMapperModel);
        }
    }

    public void preRemove(ClientScopeModel clientScopeModel) {
        localStorage().preRemove(clientScopeModel);
        if (getFederatedStorage() != null) {
            getFederatedStorage().preRemove(clientScopeModel);
        }
    }

    public void preRemove(RealmModel realmModel, ComponentModel componentModel) {
        if (componentModel.getProviderType().equals(ClientStorageProvider.class.getName())) {
            localStorage().preRemove(realmModel, componentModel);
            if (getFederatedStorage() != null) {
                getFederatedStorage().preRemove(realmModel, componentModel);
                return;
            }
            return;
        }
        if (componentModel.getProviderType().equals(UserStorageProvider.class.getName())) {
            localStorage().preRemove(realmModel, componentModel);
            if (getFederatedStorage() != null) {
                getFederatedStorage().preRemove(realmModel, componentModel);
            }
            UserStorageSyncManager.notifyToRefreshPeriodicSync(this.session, realmModel, new UserStorageProviderModel(componentModel), true);
        }
    }

    public void removeImportedUsers(RealmModel realmModel, String str) {
        localStorage().removeImportedUsers(realmModel, str);
    }

    public void unlinkUsers(RealmModel realmModel, String str) {
        localStorage().unlinkUsers(realmModel, str);
    }

    public void close() {
    }

    public void onCreate(final KeycloakSession keycloakSession, final RealmModel realmModel, final ComponentModel componentModel) {
        if (ComponentUtil.getComponentFactory(keycloakSession, componentModel) instanceof UserStorageProviderFactory) {
            keycloakSession.getTransactionManager().enlistAfterCompletion(new AbstractKeycloakTransaction() { // from class: org.keycloak.storage.UserStorageManager.5
                protected void commitImpl() {
                    UserStorageSyncManager.notifyToRefreshPeriodicSync(keycloakSession, realmModel, new UserStorageProviderModel(componentModel), false);
                }

                protected void rollbackImpl() {
                }
            });
        }
    }

    public void onUpdate(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel, ComponentModel componentModel2) {
        if (ComponentUtil.getComponentFactory(keycloakSession, componentModel2) instanceof UserStorageProviderFactory) {
            UserStorageProviderModel userStorageProviderModel = new UserStorageProviderModel(componentModel);
            UserStorageProviderModel userStorageProviderModel2 = new UserStorageProviderModel(componentModel2);
            if (userStorageProviderModel.getChangedSyncPeriod() == userStorageProviderModel2.getChangedSyncPeriod() && userStorageProviderModel.getFullSyncPeriod() == userStorageProviderModel2.getFullSyncPeriod() && userStorageProviderModel.isImportEnabled() == userStorageProviderModel2.isImportEnabled()) {
                return;
            }
            UserStorageSyncManager.notifyToRefreshPeriodicSync(keycloakSession, realmModel, new UserStorageProviderModel(componentModel2), false);
        }
    }

    public void onCache(RealmModel realmModel, CachedUserModel cachedUserModel, UserModel userModel) {
        if (StorageId.isLocalStorage(cachedUserModel)) {
            if (UserStoragePrivateUtil.userLocalStorage(this.session) instanceof OnUserCache) {
                UserStoragePrivateUtil.userLocalStorage(this.session).onCache(realmModel, cachedUserModel, userModel);
            }
        } else {
            OnUserCache onUserCache = (OnUserCache) getStorageProviderInstance(realmModel, StorageId.resolveProviderId(cachedUserModel), OnUserCache.class);
            if (onUserCache != null) {
                onUserCache.onCache(realmModel, cachedUserModel, userModel);
            }
        }
    }

    public List<AttributeMetadata> decorateUserProfile(String str, UserProfileMetadata userProfileMetadata) {
        UserProfileDecorator userProfileDecorator;
        UserStorageProviderModel storageProviderModel = getStorageProviderModel(this.session.getContext().getRealm(), str);
        return (storageProviderModel == null || (userProfileDecorator = (UserProfileDecorator) getStorageProviderInstance(storageProviderModel, UserProfileDecorator.class)) == null) ? Collections.emptyList() : userProfileDecorator.decorateUserProfile(str, userProfileMetadata);
    }

    private boolean isOrganizationDisabled(KeycloakSession keycloakSession, UserModel userModel) {
        OrganizationProvider provider = keycloakSession.getProvider(OrganizationProvider.class);
        return provider.getByMember(userModel).anyMatch(organizationModel -> {
            return (provider.isEnabled() && organizationModel.isManaged(userModel) && !organizationModel.isEnabled()) || (!provider.isEnabled() && organizationModel.isManaged(userModel));
        });
    }

    private void publishUserPreRemovedEvent(final RealmModel realmModel, final UserModel userModel) {
        this.session.getKeycloakSessionFactory().publish(new UserModel.UserPreRemovedEvent() { // from class: org.keycloak.storage.UserStorageManager.6
            public RealmModel getRealm() {
                return realmModel;
            }

            public UserModel getUser() {
                return userModel;
            }

            public KeycloakSession getKeycloakSession() {
                return UserStorageManager.this.session;
            }
        });
    }
}
