package org.keycloak.organization.authentication.authenticators.broker;

import java.util.Objects;
import java.util.stream.Stream;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OrganizationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.organization.utils.Organizations;

/* loaded from: input_file:org/keycloak/organization/authentication/authenticators/broker/IdpAddOrganizationMemberAuthenticator.class */
public class IdpAddOrganizationMemberAuthenticator extends AbstractIdpAuthenticator {
    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void actionImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        OrganizationProvider provider = authenticationFlowContext.getSession().getProvider(OrganizationProvider.class);
        UserModel user = authenticationFlowContext.getUser();
        OrganizationModel organizationModel = (OrganizationModel) authenticationFlowContext.getSession().getAttribute(OrganizationModel.class.getName());
        if (organizationModel == null) {
            authenticationFlowContext.attempted();
            return;
        }
        Stream identityProviders = organizationModel.getIdentityProviders();
        IdentityProviderModel idpConfig = brokeredIdentityContext.getIdpConfig();
        Objects.requireNonNull(idpConfig);
        if (identityProviders.noneMatch((v1) -> {
            return r1.equals(v1);
        })) {
            authenticationFlowContext.failure(AuthenticationFlowError.ACCESS_DENIED);
        } else {
            provider.addMember(organizationModel, user);
            authenticationFlowContext.success();
        }
    }

    public boolean requiresUser() {
        return true;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        OrganizationModel organizationModel;
        OrganizationProvider provider = keycloakSession.getProvider(OrganizationProvider.class);
        if (Organizations.isEnabledAndOrganizationsPresent(provider) && (organizationModel = (OrganizationModel) keycloakSession.getAttribute(OrganizationModel.class.getName())) != null && organizationModel.isEnabled()) {
            return provider.getIdentityProviders(organizationModel).findAny().isPresent();
        }
        return false;
    }
}
