package org.keycloak.testsuite.federation;

import java.util.HashSet;
import java.util.Map;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.Time;
import org.keycloak.component.ComponentModel;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialInputUpdater;
import org.keycloak.credential.CredentialInputValidator;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.hash.PasswordHashProvider;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OTPPolicy;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.credential.PasswordUserCredentialModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageUtil;
import org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage;
import org.keycloak.storage.user.UserLookupProvider;
import org.keycloak.storage.user.UserQueryProvider;
import org.keycloak.storage.user.UserRegistrationProvider;

/* loaded from: input_file:org/keycloak/testsuite/federation/BackwardsCompatibilityUserStorage.class */
public class BackwardsCompatibilityUserStorage implements UserLookupProvider, UserStorageProvider, UserRegistrationProvider, CredentialInputUpdater, CredentialInputValidator, UserQueryProvider {
    private static final Logger log = Logger.getLogger(BackwardsCompatibilityUserStorage.class);
    protected final Map<String, MyUser> users;
    protected final ComponentModel model;
    protected final KeycloakSession session;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/keycloak/testsuite/federation/BackwardsCompatibilityUserStorage$MyUser.class */
    public static class MyUser {
        private String username;
        private CredentialModel hashedPassword;
        private CredentialModel otp;

        private MyUser(String str) {
            this.username = str;
        }

        public CredentialModel getOtp() {
            return this.otp;
        }
    }

    public BackwardsCompatibilityUserStorage(KeycloakSession keycloakSession, ComponentModel componentModel, Map<String, MyUser> map) {
        this.session = keycloakSession;
        this.model = componentModel;
        this.users = map;
    }

    private static String translateUserName(String str) {
        if (str == null) {
            return null;
        }
        return str.toLowerCase();
    }

    public UserModel getUserById(RealmModel realmModel, String str) {
        String externalId = new StorageId(str).getExternalId();
        if (this.users.containsKey(translateUserName(externalId))) {
            return createUser(realmModel, externalId);
        }
        return null;
    }

    private UserModel createUser(RealmModel realmModel, final String str) {
        return new AbstractUserAdapterFederatedStorage(this.session, realmModel, this.model) { // from class: org.keycloak.testsuite.federation.BackwardsCompatibilityUserStorage.1
            public String getUsername() {
                return str;
            }

            public void setUsername(String str2) {
                if (!str2.equals(str)) {
                    throw new RuntimeException("Unsupported to change username");
                }
            }
        };
    }

    public boolean supportsCredentialType(String str) {
        if ("password".equals(str) || isOTPType(str)) {
            return true;
        }
        log.infof("Unsupported credential type: %s", str);
        return false;
    }

    private boolean isOTPType(String str) {
        return "otp".equals(str) || "hotp".equals(str) || "totp".equals(str);
    }

    public boolean updateCredential(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) {
        if (!(credentialInput instanceof UserCredentialModel)) {
            return false;
        }
        if (!credentialInput.getType().equals("password")) {
            if (!isOTPType(credentialInput.getType())) {
                log.infof("Attempt to update unsupported credential of type: %s", credentialInput.getType());
                return false;
            }
            UserCredentialModel userCredentialModel = (UserCredentialModel) credentialInput;
            assertNull(userCredentialModel.getDevice());
            assertNull(userCredentialModel.getAlgorithm());
            OTPPolicy oTPPolicy = this.session.getContext().getRealm().getOTPPolicy();
            CredentialModel credentialModel = new CredentialModel();
            credentialModel.setType(credentialInput.getType());
            credentialModel.setCreatedDate(Long.valueOf(Time.currentTimeMillis()));
            credentialModel.setValue(userCredentialModel.getValue());
            credentialModel.setCounter(oTPPolicy.getInitialCounter());
            credentialModel.setDigits(oTPPolicy.getDigits());
            credentialModel.setAlgorithm(oTPPolicy.getAlgorithm());
            credentialModel.setPeriod(oTPPolicy.getPeriod());
            this.users.get(translateUserName(userModel.getUsername())).otp = credentialModel;
            return true;
        }
        if (!(credentialInput instanceof PasswordUserCredentialModel)) {
            log.warn("Input is not PasswordUserCredentialModel");
            return false;
        }
        PasswordUserCredentialModel passwordUserCredentialModel = (PasswordUserCredentialModel) credentialInput;
        assertNull(passwordUserCredentialModel.getDevice());
        assertNull(passwordUserCredentialModel.getAlgorithm());
        PasswordPolicy passwordPolicy = this.session.getContext().getRealm().getPasswordPolicy();
        PasswordHashProvider hashProvider = getHashProvider(passwordPolicy);
        CredentialModel credentialModel2 = new CredentialModel();
        credentialModel2.setType("password");
        credentialModel2.setCreatedDate(Long.valueOf(Time.currentTimeMillis()));
        hashProvider.encode(passwordUserCredentialModel.getValue(), passwordPolicy.getHashIterations(), credentialModel2);
        assertNotNull(credentialModel2.getAlgorithm());
        assertNotNull(credentialModel2.getValue());
        assertNotNull(credentialModel2.getSalt());
        this.users.get(translateUserName(userModel.getUsername())).hashedPassword = credentialModel2;
        UserCache userCache = UserStorageUtil.userCache(this.session);
        if (userCache == null) {
            return true;
        }
        userCache.evict(realmModel, userModel);
        return true;
    }

    protected PasswordHashProvider getHashProvider(PasswordPolicy passwordPolicy) {
        return (passwordPolicy == null || passwordPolicy.getHashAlgorithm() == null) ? this.session.getProvider(PasswordHashProvider.class) : this.session.getProvider(PasswordHashProvider.class, passwordPolicy.getHashAlgorithm());
    }

    public void disableCredentialType(RealmModel realmModel, UserModel userModel, String str) {
        if (isOTPType(str)) {
            getMyUser(userModel).otp = null;
        } else {
            log.infof("Unsupported to disable credential of type: %s", str);
        }
    }

    private MyUser getMyUser(UserModel userModel) {
        return this.users.get(translateUserName(userModel.getUsername()));
    }

    public Stream<String> getDisableableCredentialTypesStream(RealmModel realmModel, UserModel userModel) {
        HashSet hashSet = new HashSet();
        MyUser myUser = getMyUser(userModel);
        if (myUser != null && myUser.otp != null) {
            hashSet.add("otp");
        }
        return hashSet.stream();
    }

    public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String str) {
        if ("password".equals(str)) {
            return true;
        }
        MyUser myUser = getMyUser(userModel);
        if (myUser == null) {
            return false;
        }
        if (isOTPType(str) && myUser.otp != null) {
            return true;
        }
        log.infof("Not supported credentialType '%s' for user '%s'", str, userModel.getUsername());
        return false;
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) {
        MyUser myUser = this.users.get(translateUserName(userModel.getUsername()));
        if (myUser == null) {
            return false;
        }
        if (credentialInput.getType().equals("password")) {
            if (!(credentialInput instanceof PasswordUserCredentialModel)) {
                return false;
            }
            CredentialModel credentialModel = myUser.hashedPassword;
            if (credentialModel == null) {
                log.warnf("Password not set for user %s", userModel.getUsername());
                return false;
            }
            PasswordUserCredentialModel passwordUserCredentialModel = (PasswordUserCredentialModel) credentialInput;
            assertNull(passwordUserCredentialModel.getDevice());
            assertNull(passwordUserCredentialModel.getAlgorithm());
            return getHashProvider(this.session.getContext().getRealm().getPasswordPolicy()).verify(passwordUserCredentialModel.getValue(), credentialModel);
        }
        if (!isOTPType(credentialInput.getType())) {
            log.infof("Not supported to validate credential of type '%s' for user '%s'", credentialInput.getType(), userModel.getUsername());
            return false;
        }
        UserCredentialModel userCredentialModel = (UserCredentialModel) credentialInput;
        if (DummyUserFederationProvider.HARDCODED_OTP.equals(userCredentialModel.getValue())) {
            return true;
        }
        CredentialModel credentialModel2 = myUser.otp;
        if (credentialModel2 != null) {
            return new TimeBasedOTP(credentialModel2.getAlgorithm(), credentialModel2.getDigits(), credentialModel2.getPeriod(), realmModel.getOTPPolicy().getLookAheadWindow()).validateTOTP(userCredentialModel.getValue(), credentialModel2.getValue().getBytes());
        }
        log.warnf("Not found credential for the user %s", userModel.getUsername());
        return false;
    }

    public UserModel getUserByUsername(RealmModel realmModel, String str) {
        if (this.users.containsKey(translateUserName(str))) {
            return createUser(realmModel, str);
        }
        return null;
    }

    public UserModel getUserByEmail(RealmModel realmModel, String str) {
        return null;
    }

    public UserModel addUser(RealmModel realmModel, String str) {
        this.users.put(translateUserName(str), new MyUser(str));
        return createUser(realmModel, str);
    }

    public boolean removeUser(RealmModel realmModel, UserModel userModel) {
        return this.users.remove(translateUserName(userModel.getUsername())) != null;
    }

    public int getUsersCount(RealmModel realmModel) {
        return this.users.size();
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, String str) {
        return searchForUserStream(realmModel, str, (Integer) (-1), (Integer) (-1));
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, String str, Integer num, Integer num2) {
        UserModel userByUsername = getUserByUsername(realmModel, str);
        return userByUsername == null ? Stream.empty() : Stream.of(userByUsername);
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, Map<String, String> map) {
        return searchForUserStream(realmModel, map, (Integer) null, (Integer) null);
    }

    public Stream<UserModel> searchForUserStream(RealmModel realmModel, Map<String, String> map, Integer num, Integer num2) {
        return searchForUserStream(realmModel, map.get("keycloak.session.realm.users.query.search"), num, num2);
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel, Integer num, Integer num2) {
        return Stream.empty();
    }

    public Stream<UserModel> getGroupMembersStream(RealmModel realmModel, GroupModel groupModel) {
        return Stream.empty();
    }

    public Stream<UserModel> searchForUserByUserAttributeStream(RealmModel realmModel, String str, String str2) {
        return Stream.empty();
    }

    public void close() {
    }

    private void assertNull(Object obj) {
        if (obj != null) {
            throw new AssertionError("Object wasn't null");
        }
    }

    private void assertNotNull(Object obj) {
        if (obj == null) {
            throw new AssertionError("Object was null");
        }
    }

    private void assertEquals(Object obj, Object obj2) {
        if (!obj.equals(obj2)) {
            throw new AssertionError("Objects not equals");
        }
    }
}
