package org.keycloak.authentication;

import java.util.Iterator;
import java.util.List;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/authentication/DefaultAuthenticationFlow.class */
public class DefaultAuthenticationFlow implements AuthenticationFlow {
    private static final Logger logger = Logger.getLogger((Class<?>) DefaultAuthenticationFlow.class);
    Response alternativeChallenge = null;
    AuthenticationExecutionModel challengedAlternativeExecution = null;
    boolean alternativeSuccessful = false;
    List<AuthenticationExecutionModel> executions;
    Iterator<AuthenticationExecutionModel> executionIterator;
    AuthenticationProcessor processor;
    AuthenticationFlowModel flow;

    public DefaultAuthenticationFlow(AuthenticationProcessor authenticationProcessor, AuthenticationFlowModel authenticationFlowModel) {
        this.processor = authenticationProcessor;
        this.flow = authenticationFlowModel;
        this.executions = authenticationProcessor.getRealm().getAuthenticationExecutions(authenticationFlowModel.getId());
        this.executionIterator = this.executions.iterator();
    }

    protected boolean isProcessed(AuthenticationExecutionModel authenticationExecutionModel) {
        if (authenticationExecutionModel.isDisabled()) {
            return true;
        }
        ClientSessionModel.ExecutionStatus executionStatus = this.processor.getClientSession().getExecutionStatus().get(authenticationExecutionModel.getId());
        if (executionStatus == null) {
            return false;
        }
        return executionStatus == ClientSessionModel.ExecutionStatus.SUCCESS || executionStatus == ClientSessionModel.ExecutionStatus.SKIPPED || executionStatus == ClientSessionModel.ExecutionStatus.ATTEMPTED || executionStatus == ClientSessionModel.ExecutionStatus.SETUP_REQUIRED;
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public Response processAction(String str) {
        logger.debugv("processAction: {0}", str);
        while (this.executionIterator.hasNext()) {
            AuthenticationExecutionModel next = this.executionIterator.next();
            logger.debugv("check: {0} requirement: {1}", next.getAuthenticator(), next.getRequirement().toString());
            if (isProcessed(next)) {
                logger.debug("execution is processed");
                if (!this.alternativeSuccessful && next.isAlternative() && this.processor.isSuccessful(next)) {
                    this.alternativeSuccessful = true;
                }
            } else {
                if (next.isAuthenticatorFlow()) {
                    Response processAction = this.processor.createFlowExecution(next.getFlowId(), next).processAction(str);
                    if (processAction != null) {
                        return processAction;
                    }
                    this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.SUCCESS);
                    if (next.isAlternative()) {
                        this.alternativeSuccessful = true;
                    }
                    return processFlow();
                }
                if (next.getId().equals(str)) {
                    AuthenticatorFactory authenticatorFactory = (AuthenticatorFactory) this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, next.getAuthenticator());
                    if (authenticatorFactory == null) {
                        throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + next.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
                    }
                    Authenticator create = authenticatorFactory.create2(this.processor.getSession());
                    AuthenticationProcessor.Result createAuthenticatorContext = this.processor.createAuthenticatorContext(next, create, this.executions);
                    logger.debugv("action: {0}", next.getAuthenticator());
                    create.action(createAuthenticatorContext);
                    Response processResult = processResult(createAuthenticatorContext);
                    if (processResult != null) {
                        return processResult;
                    }
                    this.processor.getClientSession().removeNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
                    if (createAuthenticatorContext.status == FlowStatus.SUCCESS) {
                        this.processor.setActionSuccessful();
                    }
                    return processFlow();
                }
            }
        }
        throw new AuthenticationFlowException("action is not in current execution", AuthenticationFlowError.INTERNAL_ERROR);
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public Response processFlow() {
        logger.debug("processFlow");
        while (this.executionIterator.hasNext()) {
            AuthenticationExecutionModel next = this.executionIterator.next();
            logger.debugv("check execution: {0} requirement: {1}", next.getAuthenticator(), next.getRequirement().toString());
            if (isProcessed(next)) {
                logger.debug("execution is processed");
                if (!this.alternativeSuccessful && next.isAlternative() && this.processor.isSuccessful(next)) {
                    this.alternativeSuccessful = true;
                }
            } else if (next.isAlternative() && this.alternativeSuccessful) {
                logger.debug("Skip alternative execution");
                this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
            } else if (next.isAuthenticatorFlow()) {
                logger.debug("execution is flow");
                Response processFlow = this.processor.createFlowExecution(next.getFlowId(), next).processFlow();
                if (processFlow == null) {
                    this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.SUCCESS);
                    if (next.isAlternative()) {
                        this.alternativeSuccessful = true;
                    }
                } else {
                    if (next.isAlternative()) {
                        this.alternativeChallenge = processFlow;
                        this.challengedAlternativeExecution = next;
                        return processFlow;
                    }
                    if (next.isRequired()) {
                        this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
                        return processFlow;
                    }
                    if (next.isOptional()) {
                        this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
                    } else {
                        this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
                    }
                }
            } else {
                AuthenticatorFactory authenticatorFactory = (AuthenticatorFactory) this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, next.getAuthenticator());
                if (authenticatorFactory == null) {
                    throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + next.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
                }
                Authenticator create = authenticatorFactory.create2(this.processor.getSession());
                logger.debugv("authenticator: {0}", authenticatorFactory.getId());
                UserModel authenticatedUser = this.processor.getClientSession().getAuthenticatedUser();
                if (create.requiresUser() && authenticatedUser == null) {
                    if (this.alternativeChallenge == null) {
                        throw new AuthenticationFlowException("authenticator: " + authenticatorFactory.getId(), AuthenticationFlowError.UNKNOWN_USER);
                    }
                    this.processor.getClientSession().setExecutionStatus(this.challengedAlternativeExecution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
                    return this.alternativeChallenge;
                }
                if (create.requiresUser() && authenticatedUser != null && !create.configuredFor(this.processor.getSession(), this.processor.getRealm(), authenticatedUser)) {
                    if (next.isRequired()) {
                        if (!authenticatorFactory.isUserSetupAllowed()) {
                            throw new AuthenticationFlowException(AuthenticationFlowError.CREDENTIAL_SETUP_REQUIRED);
                        }
                        logger.debugv("authenticator SETUP_REQUIRED: {0}", authenticatorFactory.getId());
                        this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
                        create.setRequiredActions(this.processor.getSession(), this.processor.getRealm(), this.processor.getClientSession().getAuthenticatedUser());
                    } else if (next.isOptional()) {
                        this.processor.getClientSession().setExecutionStatus(next.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
                    }
                }
                Response checkWasSuccessfulBrowserAction = this.processor.checkWasSuccessfulBrowserAction();
                if (checkWasSuccessfulBrowserAction != null) {
                    return checkWasSuccessfulBrowserAction;
                }
                AuthenticationProcessor.Result createAuthenticatorContext = this.processor.createAuthenticatorContext(next, create, this.executions);
                logger.debug("invoke authenticator.authenticate");
                create.authenticate(createAuthenticatorContext);
                Response processResult = processResult(createAuthenticatorContext);
                if (processResult != null) {
                    return processResult;
                }
            }
        }
        return null;
    }

    public Response processResult(AuthenticationProcessor.Result result) {
        AuthenticationExecutionModel execution = result.getExecution();
        switch (result.getStatus()) {
            case SUCCESS:
                logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator());
                this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.SUCCESS);
                if (!execution.isAlternative()) {
                    return null;
                }
                this.alternativeSuccessful = true;
                return null;
            case FAILED:
                logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator());
                this.processor.logFailure();
                this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.FAILED);
                if (result.getChallenge() != null) {
                    return sendChallenge(result, execution);
                }
                throw new AuthenticationFlowException(result.getError());
            case FORK:
                logger.debugv("reset browser login from authenticator: {0}", execution.getAuthenticator());
                this.processor.getClientSession().setNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution.getId());
                throw new ForkFlowException(result.getSuccessMessage(), result.getErrorMessage());
            case FORCE_CHALLENGE:
                this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
                return sendChallenge(result, execution);
            case CHALLENGE:
                logger.debugv("authenticator CHALLENGE: {0}", execution.getAuthenticator());
                if (execution.isRequired()) {
                    this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
                    return sendChallenge(result, execution);
                }
                UserModel authenticatedUser = this.processor.getClientSession().getAuthenticatedUser();
                if (execution.isOptional() && authenticatedUser != null && result.getAuthenticator().configuredFor(this.processor.getSession(), this.processor.getRealm(), authenticatedUser)) {
                    this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
                    return sendChallenge(result, execution);
                }
                if (!execution.isAlternative()) {
                    this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
                    return null;
                }
                this.alternativeChallenge = result.getChallenge();
                this.challengedAlternativeExecution = execution;
                return null;
            case FAILURE_CHALLENGE:
                logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator());
                this.processor.logFailure();
                this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
                return sendChallenge(result, execution);
            case ATTEMPTED:
                logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator());
                if (execution.getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
                    throw new AuthenticationFlowException(AuthenticationFlowError.INVALID_CREDENTIALS);
                }
                this.processor.getClientSession().setExecutionStatus(execution.getId(), ClientSessionModel.ExecutionStatus.ATTEMPTED);
                return null;
            case FLOW_RESET:
                AuthenticationProcessor.resetFlow(this.processor.getClientSession());
                return this.processor.authenticate();
            default:
                logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
                ServicesLogger.LOGGER.unknownResultStatus();
                throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
        }
    }

    public Response sendChallenge(AuthenticationProcessor.Result result, AuthenticationExecutionModel authenticationExecutionModel) {
        this.processor.getClientSession().setNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, authenticationExecutionModel.getId());
        return result.getChallenge();
    }
}
