package it.schm.keycloak.storage.crowd;

import com.atlassian.crowd.embedded.api.SearchRestriction;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.user.UserWithAttributes;
import com.atlassian.crowd.search.query.entity.restriction.BooleanRestriction;
import com.atlassian.crowd.search.query.entity.restriction.BooleanRestrictionImpl;
import com.atlassian.crowd.search.query.entity.restriction.MatchMode;
import com.atlassian.crowd.search.query.entity.restriction.PropertyImpl;
import com.atlassian.crowd.search.query.entity.restriction.TermRestriction;
import com.atlassian.crowd.service.client.CrowdClient;
import it.schm.keycloak.storage.crowd.group.CrowdGroupMapper;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.jboss.logging.Logger;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialInputValidator;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.user.UserLookupProvider;
import org.keycloak.storage.user.UserQueryProvider;

/* loaded from: input_file:it/schm/keycloak/storage/crowd/CrowdStorageProvider.class */
public class CrowdStorageProvider implements UserStorageProvider, UserLookupProvider, UserQueryProvider, CredentialInputValidator {
    private static final Logger logger = Logger.getLogger(CrowdStorageProvider.class);
    protected static final SearchRestriction NOOP_SEARCH_RESTRICTION = new TermRestriction(new PropertyImpl("name", String.class), MatchMode.CONTAINS, StringUtils.EMPTY);
    private static final Map<String, String> PARAM_MAP = new HashMap();
    private KeycloakSession session;
    private CrowdClient client;
    private ComponentModel model;

    public CrowdStorageProvider(KeycloakSession keycloakSession, ComponentModel componentModel, CrowdClient crowdClient) {
        this.session = keycloakSession;
        this.model = componentModel;
        this.client = crowdClient;
    }

    public UserModel getUserByUsername(String str, RealmModel realmModel) {
        try {
            return convertToKeycloakUser(realmModel, this.client.getUserWithAttributes(str));
        } catch (ApplicationPermissionException | InvalidAuthenticationException | OperationFailedException e) {
            logger.error(e);
            throw new ModelException(e);
        } catch (UserNotFoundException e2) {
            return null;
        }
    }

    public UserModel getUserById(String str, RealmModel realmModel) {
        return getUserByUsername(StorageId.externalId(str), realmModel);
    }

    public UserModel getUserByEmail(String str, RealmModel realmModel) {
        HashMap hashMap = new HashMap();
        hashMap.put("email", str);
        return searchForUser(hashMap, realmModel, 0, 1).stream().findFirst().orElse(null);
    }

    public int getUsersCount(RealmModel realmModel) {
        try {
            return this.client.searchUserNames(NOOP_SEARCH_RESTRICTION, 0, Integer.MAX_VALUE).size();
        } catch (ApplicationPermissionException | InvalidAuthenticationException | OperationFailedException e) {
            logger.error(e);
            throw new ModelException(e);
        }
    }

    public List<UserModel> getUsers(RealmModel realmModel) {
        return getUsers(realmModel, 0, Integer.MAX_VALUE);
    }

    public List<UserModel> getUsers(RealmModel realmModel, int i, int i2) {
        return searchForUser(StringUtils.EMPTY, realmModel, i, i2);
    }

    public List<UserModel> searchForUser(String str, RealmModel realmModel) {
        return searchForUser(str, realmModel, 0, Integer.MAX_VALUE);
    }

    public List<UserModel> searchForUser(String str, RealmModel realmModel, int i, int i2) {
        HashMap hashMap = new HashMap();
        hashMap.put("first", str);
        hashMap.put("last", str);
        hashMap.put("email", str);
        hashMap.put("username", str);
        return searchForUser(hashMap, realmModel, i, i2);
    }

    public List<UserModel> searchForUser(Map<String, String> map, RealmModel realmModel) {
        return searchForUser(map, realmModel, 0, Integer.MAX_VALUE);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [com.atlassian.crowd.embedded.api.SearchRestriction] */
    public List<UserModel> searchForUser(Map<String, String> map, RealmModel realmModel, int i, int i2) {
        BooleanRestrictionImpl booleanRestrictionImpl;
        if (map.isEmpty()) {
            booleanRestrictionImpl = NOOP_SEARCH_RESTRICTION;
        } else {
            booleanRestrictionImpl = new BooleanRestrictionImpl(BooleanRestriction.BooleanLogic.OR, (List) map.entrySet().stream().map(entry -> {
                return new TermRestriction(new PropertyImpl((String) PARAM_MAP.getOrDefault(entry.getKey(), entry.getKey()), String.class), MatchMode.CONTAINS, entry.getValue());
            }).collect(Collectors.toList()));
        }
        try {
            return (List) this.client.searchUsersWithAttributes(booleanRestrictionImpl, i, i2).stream().map(userWithAttributes -> {
                return convertToKeycloakUser(realmModel, userWithAttributes);
            }).collect(Collectors.toList());
        } catch (ApplicationPermissionException | InvalidAuthenticationException | OperationFailedException e) {
            logger.error(e);
            throw new ModelException(e);
        }
    }

    public List<UserModel> searchForUserByUserAttribute(String str, String str2, RealmModel realmModel) {
        HashMap hashMap = new HashMap();
        hashMap.put(str, str2);
        return searchForUser(hashMap, realmModel, 0, Integer.MAX_VALUE);
    }

    public List<UserModel> getGroupMembers(RealmModel realmModel, GroupModel groupModel) {
        return getGroupMembers(realmModel, groupModel, 0, Integer.MAX_VALUE);
    }

    public List<UserModel> getGroupMembers(RealmModel realmModel, GroupModel groupModel, int i, int i2) {
        try {
            return (List) this.client.getUsersOfGroup(groupModel.getName(), i, i2).stream().map(user -> {
                return convertToKeycloakUser(realmModel, (UserWithAttributes) user);
            }).collect(Collectors.toList());
        } catch (ApplicationPermissionException | InvalidAuthenticationException | OperationFailedException e) {
            logger.error(e);
            throw new ModelException(e);
        } catch (GroupNotFoundException e2) {
            return Collections.emptyList();
        }
    }

    public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String str) {
        return supportsCredentialType(str);
    }

    public boolean supportsCredentialType(String str) {
        return str.equals("password");
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) {
        if (!supportsCredentialType(credentialInput.getType())) {
            return false;
        }
        try {
            return this.client.authenticateUser(userModel.getUsername(), credentialInput.getChallengeResponse()) != null;
        } catch (ApplicationPermissionException | InvalidAuthenticationException | OperationFailedException e) {
            logger.error(e);
            throw new ModelException(e);
        } catch (ExpiredCredentialException | InactiveAccountException | UserNotFoundException e2) {
            return false;
        }
    }

    public void close() {
    }

    private CrowdUserAdapter convertToKeycloakUser(RealmModel realmModel, UserWithAttributes userWithAttributes) {
        return new CrowdGroupMapper(this.model, this.client).onLoadUser(new CrowdUserAdapter(this.session, realmModel, this.model, userWithAttributes));
    }

    static {
        PARAM_MAP.put("first", "firstName");
        PARAM_MAP.put("last", "lastName");
        PARAM_MAP.put("username", "name");
    }
}
