package org.keycloak.authentication.authenticators.broker;

import javax.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowException;
import org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.1.0.Final.jar:org/keycloak/authentication/authenticators/broker/IdpConfirmLinkAuthenticator.class */
public class IdpConfirmLinkAuthenticator extends AbstractIdpAuthenticator {
    protected static ServicesLogger logger = ServicesLogger.ROOT_LOGGER;

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        String note = authenticationFlowContext.getClientSession().getNote(AbstractIdpAuthenticator.EXISTING_USER_INFO);
        if (note == null) {
            logger.noDuplicationDetected();
            authenticationFlowContext.attempted();
        } else {
            ExistingUserInfo deserialize = ExistingUserInfo.deserialize(note);
            authenticationFlowContext.challenge(authenticationFlowContext.form().setStatus(Response.Status.OK).setAttribute("identityProviderBrokerCtx", brokeredIdentityContext).setError(Messages.FEDERATED_IDENTITY_CONFIRM_LINK_MESSAGE, deserialize.getDuplicateAttributeName(), deserialize.getDuplicateAttributeValue()).createIdpLinkConfirmLinkPage());
        }
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void actionImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        String first = authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("submitAction");
        if (first != null && first.equals("updateProfile")) {
            authenticationFlowContext.getClientSession().setNote(AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE, "true");
            authenticationFlowContext.getClientSession().removeNote(AbstractIdpAuthenticator.EXISTING_USER_INFO);
            authenticationFlowContext.resetFlow();
        } else {
            if (first == null || !first.equals("linkAccount")) {
                throw new AuthenticationFlowException("Unknown action: " + first, AuthenticationFlowError.INTERNAL_ERROR);
            }
            authenticationFlowContext.success();
        }
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return false;
    }
}
