package org.keycloak.authentication;

import java.net.URI;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.authentication.forms.RegistrationPage;
import org.keycloak.common.ClientConnection;
import org.keycloak.events.EventBuilder;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.services.resources.LoginActionsService;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/authentication/FormAuthenticationFlow.class */
public class FormAuthenticationFlow implements AuthenticationFlow {
    AuthenticationProcessor processor;
    AuthenticationExecutionModel formExecution;
    private final List<AuthenticationExecutionModel> formActionExecutions;
    private final FormAuthenticator formAuthenticator;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/authentication/FormAuthenticationFlow$FormContextImpl.class */
    public class FormContextImpl implements FormContext {
        AuthenticationExecutionModel executionModel;
        AuthenticatorConfigModel authenticatorConfig;

        private FormContextImpl(AuthenticationExecutionModel authenticationExecutionModel) {
            this.executionModel = authenticationExecutionModel;
        }

        @Override // org.keycloak.authentication.FormContext
        public EventBuilder newEvent() {
            return FormAuthenticationFlow.this.processor.newEvent();
        }

        @Override // org.keycloak.authentication.FormContext
        public EventBuilder getEvent() {
            return FormAuthenticationFlow.this.processor.getEvent();
        }

        @Override // org.keycloak.authentication.FormContext
        public AuthenticationExecutionModel getExecution() {
            return this.executionModel;
        }

        @Override // org.keycloak.authentication.FormContext
        public AuthenticatorConfigModel getAuthenticatorConfig() {
            if (this.executionModel.getAuthenticatorConfig() == null) {
                return null;
            }
            if (this.authenticatorConfig != null) {
                return this.authenticatorConfig;
            }
            this.authenticatorConfig = getRealm().getAuthenticatorConfigById(this.executionModel.getAuthenticatorConfig());
            return this.authenticatorConfig;
        }

        @Override // org.keycloak.authentication.FormContext
        public UserModel getUser() {
            return getClientSession().getAuthenticatedUser();
        }

        @Override // org.keycloak.authentication.FormContext
        public void setUser(UserModel userModel) {
            FormAuthenticationFlow.this.processor.setAutheticatedUser(userModel);
        }

        @Override // org.keycloak.authentication.FormContext
        public RealmModel getRealm() {
            return FormAuthenticationFlow.this.processor.getRealm();
        }

        @Override // org.keycloak.authentication.FormContext
        public ClientSessionModel getClientSession() {
            return FormAuthenticationFlow.this.processor.getClientSession();
        }

        @Override // org.keycloak.authentication.FormContext
        public ClientConnection getConnection() {
            return FormAuthenticationFlow.this.processor.getConnection();
        }

        @Override // org.keycloak.authentication.FormContext
        public UriInfo getUriInfo() {
            return FormAuthenticationFlow.this.processor.getUriInfo();
        }

        @Override // org.keycloak.authentication.FormContext
        public KeycloakSession getSession() {
            return FormAuthenticationFlow.this.processor.getSession();
        }

        @Override // org.keycloak.authentication.FormContext
        public HttpRequest getHttpRequest() {
            return FormAuthenticationFlow.this.processor.getRequest();
        }
    }

    /* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/authentication/FormAuthenticationFlow$ValidationContextImpl.class */
    private class ValidationContextImpl extends FormContextImpl implements ValidationContext {
        FormAction action;
        String error;
        boolean success;
        List<FormMessage> errors;
        MultivaluedMap<String, String> formData;

        private ValidationContextImpl(AuthenticationExecutionModel authenticationExecutionModel, FormAction formAction) {
            super(authenticationExecutionModel);
            this.errors = null;
            this.formData = null;
            this.action = formAction;
        }

        @Override // org.keycloak.authentication.ValidationContext
        public void validationError(MultivaluedMap<String, String> multivaluedMap, List<FormMessage> list) {
            this.errors = list;
            this.formData = multivaluedMap;
        }

        @Override // org.keycloak.authentication.ValidationContext
        public void error(String str) {
            this.error = str;
        }

        @Override // org.keycloak.authentication.ValidationContext
        public void success() {
            this.success = true;
        }
    }

    public FormAuthenticationFlow(AuthenticationProcessor authenticationProcessor, AuthenticationExecutionModel authenticationExecutionModel) {
        this.processor = authenticationProcessor;
        this.formExecution = authenticationExecutionModel;
        this.formActionExecutions = authenticationProcessor.getRealm().getAuthenticationExecutions(authenticationExecutionModel.getFlowId());
        this.formAuthenticator = (FormAuthenticator) authenticationProcessor.getSession().getProvider(FormAuthenticator.class, authenticationExecutionModel.getAuthenticator());
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public Response processAction(String str) {
        if (!str.equals(this.formExecution.getId())) {
            throw new AuthenticationFlowException("action is not current execution", AuthenticationFlowError.INTERNAL_ERROR);
        }
        HashMap hashMap = new HashMap();
        LinkedList linkedList = new LinkedList();
        LinkedList<ValidationContextImpl> linkedList2 = new LinkedList();
        LinkedList linkedList3 = new LinkedList();
        for (AuthenticationExecutionModel authenticationExecutionModel : this.formActionExecutions) {
            if (authenticationExecutionModel.isEnabled()) {
                FormActionFactory formActionFactory = (FormActionFactory) this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(FormAction.class, authenticationExecutionModel.getAuthenticator());
                FormAction create = formActionFactory.create2(this.processor.getSession());
                UserModel authenticatedUser = this.processor.getClientSession().getAuthenticatedUser();
                if (create.requiresUser() && authenticatedUser == null) {
                    throw new AuthenticationFlowException("form action: " + this.formExecution.getAuthenticator() + " requires user", AuthenticationFlowError.UNKNOWN_USER);
                }
                if (create.requiresUser() && authenticatedUser != null && !create.configuredFor(this.processor.getSession(), this.processor.getRealm(), authenticatedUser)) {
                    if (authenticationExecutionModel.isRequired()) {
                        if (!formActionFactory.isUserSetupAllowed()) {
                            throw new AuthenticationFlowException(AuthenticationFlowError.CREDENTIAL_SETUP_REQUIRED);
                        }
                        AuthenticationProcessor.logger.debugv("authenticator SETUP_REQUIRED: {0}", this.formExecution.getAuthenticator());
                        hashMap.put(authenticationExecutionModel.getId(), ClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
                        linkedList.add(create);
                    } else if (authenticationExecutionModel.isOptional()) {
                        hashMap.put(authenticationExecutionModel.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
                    }
                }
                ValidationContextImpl validationContextImpl = new ValidationContextImpl(authenticationExecutionModel, create);
                create.validate(validationContextImpl);
                if (validationContextImpl.success) {
                    hashMap.put(authenticationExecutionModel.getId(), ClientSessionModel.ExecutionStatus.SUCCESS);
                    linkedList2.add(validationContextImpl);
                } else {
                    hashMap.put(authenticationExecutionModel.getId(), ClientSessionModel.ExecutionStatus.CHALLENGED);
                    linkedList3.add(validationContextImpl);
                }
            } else {
                hashMap.put(authenticationExecutionModel.getId(), ClientSessionModel.ExecutionStatus.SKIPPED);
            }
        }
        if (!linkedList3.isEmpty()) {
            this.processor.logFailure();
            LinkedList linkedList4 = new LinkedList();
            HashSet hashSet = new HashSet();
            Iterator it = linkedList3.iterator();
            while (it.hasNext()) {
                for (FormMessage formMessage : ((ValidationContextImpl) it.next()).errors) {
                    if (!hashSet.contains(formMessage.getField())) {
                        hashSet.add(formMessage.getField());
                        linkedList4.add(formMessage);
                    }
                }
            }
            ValidationContextImpl validationContextImpl2 = (ValidationContextImpl) linkedList3.get(0);
            validationContextImpl2.getEvent().error(validationContextImpl2.error);
            return renderForm(validationContextImpl2.formData, linkedList4);
        }
        for (ValidationContextImpl validationContextImpl3 : linkedList2) {
            validationContextImpl3.action.success(validationContextImpl3);
        }
        for (Map.Entry entry : hashMap.entrySet()) {
            this.processor.getClientSession().setExecutionStatus((String) entry.getKey(), (ClientSessionModel.ExecutionStatus) entry.getValue());
        }
        Iterator it2 = linkedList.iterator();
        while (it2.hasNext()) {
            ((FormAction) it2.next()).setRequiredActions(this.processor.getSession(), this.processor.getRealm(), this.processor.getClientSession().getAuthenticatedUser());
        }
        this.processor.getClientSession().setExecutionStatus(str, ClientSessionModel.ExecutionStatus.SUCCESS);
        this.processor.getClientSession().removeNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
        this.processor.setActionSuccessful();
        return null;
    }

    public URI getActionUrl(String str, String str2) {
        return LoginActionsService.registrationFormProcessor(this.processor.getUriInfo()).queryParam("code", str2).queryParam(RegistrationPage.EXECUTION, str).build(this.processor.getRealm().getName());
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public Response processFlow() {
        return renderForm(null, null);
    }

    public Response renderForm(MultivaluedMap<String, String> multivaluedMap, List<FormMessage> list) {
        String id = this.formExecution.getId();
        this.processor.getClientSession().setNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, id);
        String generateCode = this.processor.generateCode();
        LoginFormsProvider errors = ((LoginFormsProvider) this.processor.getSession().getProvider(LoginFormsProvider.class)).setActionUri(getActionUrl(id, generateCode)).setClientSessionCode(generateCode).setFormData(multivaluedMap).setErrors(list);
        for (AuthenticationExecutionModel authenticationExecutionModel : this.formActionExecutions) {
            if (authenticationExecutionModel.isEnabled()) {
                ((FormAction) this.processor.getSession().getProvider(FormAction.class, authenticationExecutionModel.getAuthenticator())).buildPage(new FormContextImpl(authenticationExecutionModel), errors);
            }
        }
        return this.formAuthenticator.render(new FormContextImpl(this.formExecution), errors);
    }
}
