package org.keycloak.authentication.authenticators.browser;

import java.util.Map;
import org.apache.activemq.artemis.core.protocol.stomp.Stomp;
import org.apache.xalan.templates.Constants;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.ScriptModel;
import org.keycloak.models.UserModel;
import org.keycloak.scripting.InvocableScriptAdapter;
import org.keycloak.scripting.ScriptExecutionException;
import org.keycloak.scripting.ScriptingProvider;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/authentication/authenticators/browser/ScriptBasedAuthenticator.class */
public class ScriptBasedAuthenticator implements Authenticator {
    private static final Logger LOGGER = Logger.getLogger((Class<?>) ScriptBasedAuthenticator.class);
    static final String SCRIPT_CODE = "scriptCode";
    static final String SCRIPT_NAME = "scriptName";
    static final String SCRIPT_DESCRIPTION = "scriptDescription";
    static final String ACTION_FUNCTION_NAME = "action";
    static final String AUTHENTICATE_FUNCTION_NAME = "authenticate";

    @Override // org.keycloak.authentication.Authenticator
    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        tryInvoke("authenticate", authenticationFlowContext);
    }

    @Override // org.keycloak.authentication.Authenticator
    public void action(AuthenticationFlowContext authenticationFlowContext) {
        tryInvoke("action", authenticationFlowContext);
    }

    private void tryInvoke(String str, AuthenticationFlowContext authenticationFlowContext) {
        if (!hasAuthenticatorConfig(authenticationFlowContext)) {
            authenticationFlowContext.success();
            return;
        }
        InvocableScriptAdapter invocableScriptAdapter = getInvocableScriptAdapter(authenticationFlowContext);
        if (invocableScriptAdapter.isDefined(str)) {
            try {
                invocableScriptAdapter.invokeFunction(str, authenticationFlowContext);
            } catch (ScriptExecutionException e) {
                LOGGER.error(e);
                authenticationFlowContext.failure(AuthenticationFlowError.INTERNAL_ERROR);
            }
        }
    }

    private boolean hasAuthenticatorConfig(AuthenticationFlowContext authenticationFlowContext) {
        return (authenticationFlowContext == null || authenticationFlowContext.getAuthenticatorConfig() == null || authenticationFlowContext.getAuthenticatorConfig().getConfig() == null || authenticationFlowContext.getAuthenticatorConfig().getConfig().isEmpty()) ? false : true;
    }

    private InvocableScriptAdapter getInvocableScriptAdapter(AuthenticationFlowContext authenticationFlowContext) {
        Map<String, String> config = authenticationFlowContext.getAuthenticatorConfig().getConfig();
        String str = config.get(SCRIPT_NAME);
        String str2 = config.get(SCRIPT_CODE);
        String str3 = config.get(SCRIPT_DESCRIPTION);
        RealmModel realm = authenticationFlowContext.getRealm();
        ScriptingProvider scriptingProvider = (ScriptingProvider) authenticationFlowContext.getSession().getProvider(ScriptingProvider.class);
        ScriptModel createScript = scriptingProvider.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, str, str2, str3);
        return scriptingProvider.prepareInvocableScript(createScript, bindings -> {
            bindings.put(Constants.ELEMNAME_SCRIPT_STRING, createScript);
            bindings.put("realm", authenticationFlowContext.getRealm());
            bindings.put("user", authenticationFlowContext.getUser());
            bindings.put(Stomp.Headers.Connected.SESSION, authenticationFlowContext.getSession());
            bindings.put("httpRequest", authenticationFlowContext.getHttpRequest());
            bindings.put("LOG", LOGGER);
        });
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    @Override // org.keycloak.authentication.Authenticator
    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }
}
