package org.keycloak.models.map.storage.file;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.FileVisitOption;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.FileTime;
import java.util.Arrays;
import java.util.HashMap;
import java.util.IdentityHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.common.util.StackUtil;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.map.common.AbstractEntity;
import org.keycloak.models.map.common.ExpirationUtils;
import org.keycloak.models.map.common.HasRealmId;
import org.keycloak.models.map.common.StringKeyConverter;
import org.keycloak.models.map.common.UpdatableEntity;
import org.keycloak.models.map.realm.MapRealmEntity;
import org.keycloak.models.map.storage.CrudOperations;
import org.keycloak.models.map.storage.ModelEntityUtil;
import org.keycloak.models.map.storage.QueryParameters;
import org.keycloak.models.map.storage.chm.MapFieldPredicates;
import org.keycloak.models.map.storage.chm.MapModelCriteriaBuilder;
import org.keycloak.models.map.storage.file.common.MapEntityContext;
import org.keycloak.models.map.storage.file.yaml.PathWriter;
import org.keycloak.models.map.storage.file.yaml.YamlParser;
import org.keycloak.models.map.storage.file.yaml.YamlWritingMechanism;
import org.keycloak.storage.SearchableModelField;
import org.keycloak.utils.StreamsUtil;
import org.snakeyaml.engine.v2.api.DumpSettings;
import org.snakeyaml.engine.v2.emitter.Emitter;

/* loaded from: input_file:org/keycloak/models/map/storage/file/FileCrudOperations.class */
public abstract class FileCrudOperations<V extends AbstractEntity & UpdatableEntity, M> implements CrudOperations<V, M>, HasRealmId {
    private String defaultRealmId;
    private final Class<V> entityClass;
    private final Function<String, Path> dataDirectoryFunc;
    private final Function<V, String[]> suggestedPath;
    private final boolean isExpirableEntity;
    private final Map<SearchableModelField<? super M>, MapModelCriteriaBuilder.UpdatePredicatesFunc<String, V, M>> fieldPredicates;
    public static final String FILE_SUFFIX = ".yaml";
    private static final String ESCAPING_CHARACTER = "=";
    private static final Logger LOG = Logger.getLogger(FileCrudOperations.class);
    private static final Map<Class<?>, Map<SearchableModelField<?>, MapModelCriteriaBuilder.UpdatePredicatesFunc<?, ?, ?>>> ENTITY_FIELD_PREDICATES = new HashMap();
    public static final String SEARCHABLE_FIELD_REALM_ID_FIELD_NAME = ClientModel.SearchableFields.REALM_ID.getName();
    public static final DumpSettings DUMP_SETTINGS = DumpSettings.builder().setIndent(4).setIndicatorIndent(2).setIndentWithIndicator(false).build();
    private static final Pattern RESERVED_CHARACTERS = Pattern.compile("[%<:>\"/\\\\|?*=]");
    public static final String ID_COMPONENT_SEPARATOR = ":";
    private static final Pattern ID_COMPONENT_SEPARATOR_PATTERN = Pattern.compile(Pattern.quote(ID_COMPONENT_SEPARATOR) + "+");

    public FileCrudOperations(Class<V> cls, Function<String, Path> function, Function<V, String[]> function2, boolean z) {
        this.entityClass = cls;
        this.dataDirectoryFunc = function;
        this.suggestedPath = function2;
        this.isExpirableEntity = z;
        this.fieldPredicates = new IdentityHashMap(getPredicates(cls));
        this.fieldPredicates.keySet().stream().filter(searchableModelField -> {
            return Objects.equals(SEARCHABLE_FIELD_REALM_ID_FIELD_NAME, searchableModelField.getName());
        }).findAny().ifPresent(searchableModelField2 -> {
            this.fieldPredicates.replace(searchableModelField2, (mapModelCriteriaBuilder, operator, objArr) -> {
                return mapModelCriteriaBuilder;
            });
        });
    }

    public static <V extends AbstractEntity & UpdatableEntity, M> Map<SearchableModelField<? super M>, MapModelCriteriaBuilder.UpdatePredicatesFunc<String, V, M>> getPredicates(Class<V> cls) {
        return (Map) ENTITY_FIELD_PREDICATES.computeIfAbsent(cls, cls2 -> {
            IdentityHashMap identityHashMap = new IdentityHashMap(MapFieldPredicates.getPredicates(ModelEntityUtil.getModelType(cls)));
            identityHashMap.keySet().stream().filter(searchableModelField -> {
                return Objects.equals(SEARCHABLE_FIELD_REALM_ID_FIELD_NAME, searchableModelField.getName());
            }).findAny().ifPresent(searchableModelField2 -> {
                identityHashMap.replace(searchableModelField2, (mapModelCriteriaBuilder, operator, objArr) -> {
                    return mapModelCriteriaBuilder;
                });
            });
            return identityHashMap;
        });
    }

    protected Path getPathForEscapedId(String[] strArr) {
        Path dataDirectory = getDataDirectory();
        Path path = dataDirectory;
        for (String str : strArr) {
            path = path.resolve(str).normalize();
            if (!path.getParent().equals(dataDirectory)) {
                LOG.warnf("Path traversal detected: %s", Arrays.toString(strArr));
                return null;
            }
            dataDirectory = path;
        }
        return path.resolveSibling(path.getFileName() + ".yaml");
    }

    protected Path getPathForEscapedId(String str) {
        if (str == null) {
            throw new IllegalStateException("Invalid ID to escape");
        }
        return getPathForEscapedId(ID_COMPONENT_SEPARATOR_PATTERN.split(str));
    }

    private static String[] escapeId(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        if (strArr.length == 1 && strArr[0] == null) {
            return null;
        }
        return (String[]) Stream.of((Object[]) strArr).map(FileCrudOperations::escapeId).toArray(i -> {
            return new String[i];
        });
    }

    private static String escapeId(String str) {
        Objects.requireNonNull(str, "ID must be non-null");
        StringBuilder sb = new StringBuilder();
        Matcher matcher = RESERVED_CHARACTERS.matcher(str);
        while (matcher.find()) {
            matcher.appendReplacement(sb, String.format("=%02x", Integer.valueOf(matcher.group().charAt(0))));
        }
        matcher.appendTail(sb);
        return Path.of(sb.toString(), new String[0]).toString();
    }

    public static boolean canParseFile(Path path) {
        String path2 = path.getFileName().toString();
        try {
            if (Files.isRegularFile(path, new LinkOption[0]) && Files.size(path) > 0 && !path2.startsWith(".") && path2.endsWith(FILE_SUFFIX)) {
                if (Files.isReadable(path)) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            return false;
        }
    }

    protected V parse(Path path) {
        getLastModifiedTime(path);
        V v = (V) ((AbstractEntity) YamlParser.parse(path, new MapEntityContext(this.entityClass)));
        if (v == null) {
            LOG.debugf("Could not parse %s%s", path, StackUtil.getShortStackTrace());
            return null;
        }
        String path2 = path.getFileName().toString();
        String substring = path2.substring(0, path2.length() - FILE_SUFFIX.length());
        String determineKeyFromValue = determineKeyFromValue(v, substring);
        if (determineKeyFromValue == null) {
            LOG.tracef("Determined ID from filename: %s%s", substring);
            determineKeyFromValue = substring;
        } else if (!determineKeyFromValue.endsWith(substring)) {
            LOG.warnf("Id \"%s\" does not conform with filename \"%s\", expected: %s", determineKeyFromValue, path2, escapeId(determineKeyFromValue));
        }
        v.setId(determineKeyFromValue);
        v.clearUpdatedFlag();
        return v;
    }

    public V create(V v) {
        writeYamlContents(getPathForEscapedId(v.getId()), v);
        return v;
    }

    public String determineKeyFromValue(V v, String str) {
        String[] apply = this.suggestedPath.apply(v);
        if (apply == null || apply.length == 0) {
            return str;
        }
        if (apply[apply.length - 1] == null) {
            apply[apply.length - 1] = str;
        }
        String join = String.join(ID_COMPONENT_SEPARATOR, escapeId(apply));
        if (LOG.isTraceEnabled()) {
            LOG.tracef("determineKeyFromValue: got %s (%s) for %s", join, join == null ? null : String.join(" [/] ", apply), v);
        }
        return join;
    }

    public String determineKeyFromValue(V v) {
        boolean z;
        String[] apply = this.suggestedPath.apply(v);
        if (apply == null || apply.length == 0) {
            z = v.getId() == null;
            String[] strArr = new String[1];
            strArr[0] = v.getId() == null ? StringKeyConverter.StringKey.INSTANCE.yieldNewUniqueKey() : v.getId();
            apply = strArr;
        } else if (apply[apply.length - 1] == null) {
            z = true;
            apply[apply.length - 1] = StringKeyConverter.StringKey.INSTANCE.yieldNewUniqueKey();
        } else {
            z = false;
        }
        String[] escapeId = escapeId(apply);
        Path pathForEscapedId = getPathForEscapedId(escapeId);
        Path parent = pathForEscapedId.getParent();
        if (!Files.isDirectory(parent, new LinkOption[0])) {
            try {
                Files.createDirectories(parent, new FileAttribute[0]);
            } catch (IOException e) {
                throw new IllegalStateException("Directory does not exist and cannot be created: " + parent, e);
            }
        }
        for (int i = 0; i < 100; i++) {
            LOG.tracef("Attempting to create file %s", pathForEscapedId, StackUtil.getShortStackTrace());
            try {
                String join = String.join(ID_COMPONENT_SEPARATOR, escapeId);
                touch(join, pathForEscapedId);
                LOG.tracef("determineKeyFromValue: got %s for created %s", join, v);
                return join;
            } catch (FileAlreadyExistsException e2) {
                if (!z) {
                    throw new ModelDuplicateException("File " + pathForEscapedId + " already exists!");
                }
                escapeId[escapeId.length - 1] = StringKeyConverter.StringKey.INSTANCE.yieldNewUniqueKey();
                pathForEscapedId = getPathForEscapedId(escapeId);
            } catch (IOException e3) {
                throw new IllegalStateException("Could not create file " + pathForEscapedId, e3);
            }
        }
        return null;
    }

    public V read(String str) {
        return (V) ((AbstractEntity) Optional.ofNullable(str).map(this::getPathForEscapedId).filter(Files::isReadable).map(this::parse).orElse(null));
    }

    public MapModelCriteriaBuilder<String, V, M> createCriteriaBuilder() {
        return new MapModelCriteriaBuilder<>(StringKeyConverter.StringKey.INSTANCE, this.fieldPredicates);
    }

    public Stream<V> read(QueryParameters<M> queryParameters) {
        setRealmId((String) queryParameters.getModelCriteriaBuilder().flashToModelCriteriaBuilder(FileCriteriaBuilder.criteria()).getSingleRestrictionArgument(SEARCHABLE_FIELD_REALM_ID_FIELD_NAME));
        Path dataDirectory = getDataDirectory();
        if (!Files.isDirectory(dataDirectory, new LinkOption[0])) {
            return Stream.empty();
        }
        try {
            Stream<Path> walk = Files.walk(dataDirectory, this.entityClass == MapRealmEntity.class ? 1 : 3, new FileVisitOption[0]);
            try {
                List list = (List) walk.collect(Collectors.toList());
                if (walk != null) {
                    walk.close();
                }
                Stream filter = list.stream().filter(FileCrudOperations::canParseFile).map(this::parse).filter(obj -> {
                    return Objects.nonNull(obj);
                });
                MapModelCriteriaBuilder flashToModelCriteriaBuilder = queryParameters.getModelCriteriaBuilder().flashToModelCriteriaBuilder(createCriteriaBuilder());
                Predicate keyFilter = flashToModelCriteriaBuilder.getKeyFilter();
                Predicate and = this.isExpirableEntity ? flashToModelCriteriaBuilder.getEntityFilter().and(ExpirationUtils::isNotExpired) : flashToModelCriteriaBuilder.getEntityFilter();
                Stream filter2 = filter.filter(abstractEntity -> {
                    return keyFilter.test(abstractEntity.getId()) && and.test(abstractEntity);
                });
                if (!queryParameters.getOrderBy().isEmpty()) {
                    filter2 = filter2.sorted(MapFieldPredicates.getComparator(queryParameters.getOrderBy().stream()));
                }
                return StreamsUtil.paginatedStream(filter2, queryParameters.getOffset(), queryParameters.getLimit());
            } finally {
            }
        } catch (IOException | UncheckedIOException e) {
            LOG.warnf(e, "Error listing %s", dataDirectory);
            return Stream.empty();
        }
    }

    public V update(V v) {
        String id = v.getId();
        Path pathForEscapedId = getPathForEscapedId(id);
        if (pathForEscapedId == null) {
            throw new IllegalArgumentException("Invalid path: " + id);
        }
        checkIsSafeToModify(pathForEscapedId);
        synchronized (FileMapStorageProviderFactory.class) {
            writeYamlContents(pathForEscapedId, v);
        }
        return v;
    }

    public boolean delete(String str) {
        return ((Boolean) Optional.ofNullable(str).map(this::getPathForEscapedId).map(this::removeIfExists).orElse(false)).booleanValue();
    }

    public long delete(QueryParameters<M> queryParameters) {
        return read(queryParameters).map(obj -> {
            return ((AbstractEntity) obj).getId();
        }).map(this::delete).filter(bool -> {
            return bool.booleanValue();
        }).count();
    }

    public long getCount(QueryParameters<M> queryParameters) {
        return read(queryParameters).count();
    }

    public String getRealmId() {
        return this.defaultRealmId;
    }

    public void setRealmId(String str) {
        this.defaultRealmId = str;
    }

    private Path getDataDirectory() {
        return this.dataDirectoryFunc.apply(this.defaultRealmId == null ? null : escapeId(this.defaultRealmId));
    }

    private void writeYamlContents(Path path, V v) {
        Path resolveSibling = path.resolveSibling("." + getTxId() + "-" + path.getFileName());
        try {
            PathWriter pathWriter = new PathWriter(resolveSibling);
            try {
                Emitter emitter = new Emitter(DUMP_SETTINGS, pathWriter);
                Objects.requireNonNull(emitter);
                YamlWritingMechanism yamlWritingMechanism = new YamlWritingMechanism(emitter::emit);
                try {
                    new MapEntityContext(this.entityClass).writeValue(v, yamlWritingMechanism);
                    yamlWritingMechanism.close();
                    registerRenameOnCommit(resolveSibling, path);
                    pathWriter.close();
                } catch (Throwable th) {
                    try {
                        yamlWritingMechanism.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Cannot write " + path, e);
        }
    }

    protected abstract void touch(String str, Path path) throws IOException;

    protected abstract boolean removeIfExists(Path path);

    protected abstract void registerRenameOnCommit(Path path, Path path2);

    protected abstract String getTxId();

    protected abstract FileTime getLastModifiedTime(Path path);

    protected abstract void checkIsSafeToModify(Path path);
}
