package org.keycloak.authentication.authenticators.browser;

import java.net.URI;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.Authenticator;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.saml.SamlProtocol;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.social.stackoverflow.StackoverflowIdentityProvider;

/* loaded from: input_file:org/keycloak/authentication/authenticators/browser/IdentityProviderAuthenticator.class */
public class IdentityProviderAuthenticator implements Authenticator {
    private static final Logger LOG = Logger.getLogger(IdentityProviderAuthenticator.class);
    protected static final String ACCEPTS_PROMPT_NONE = "acceptsPromptNoneForwardFromClient";

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        if (authenticationFlowContext.getUriInfo().getQueryParameters().containsKey("kc_idp_hint")) {
            String str = (String) authenticationFlowContext.getUriInfo().getQueryParameters().getFirst("kc_idp_hint");
            if (str == null || str.equals(StackoverflowIdentityProvider.DEFAULT_SCOPE)) {
                LOG.tracef("Skipping: kc_idp_hint query parameter is empty", new Object[0]);
                authenticationFlowContext.attempted();
                return;
            } else {
                LOG.tracef("Redirecting: %s set to %s", "kc_idp_hint", str);
                redirect(authenticationFlowContext, str);
                return;
            }
        }
        if (authenticationFlowContext.getAuthenticatorConfig() == null || !authenticationFlowContext.getAuthenticatorConfig().getConfig().containsKey("defaultProvider")) {
            LOG.tracef("No default provider set or %s query parameter provided", "kc_idp_hint");
            authenticationFlowContext.attempted();
        } else {
            String str2 = (String) authenticationFlowContext.getAuthenticatorConfig().getConfig().get("defaultProvider");
            LOG.tracef("Redirecting: default provider set to %s", str2);
            redirect(authenticationFlowContext, str2);
        }
    }

    private void redirect(AuthenticationFlowContext authenticationFlowContext, String str) {
        for (IdentityProviderModel identityProviderModel : authenticationFlowContext.getRealm().getIdentityProviders()) {
            if (identityProviderModel.isEnabled() && str.equals(identityProviderModel.getAlias())) {
                URI identityProviderAuthnRequest = Urls.identityProviderAuthnRequest(authenticationFlowContext.getUriInfo().getBaseUri(), str, authenticationFlowContext.getRealm().getName(), new ClientSessionCode(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), authenticationFlowContext.getAuthenticationSession()).getOrGenerateCode(), authenticationFlowContext.getAuthenticationSession().getClient().getClientId(), authenticationFlowContext.getAuthenticationSession().getTabId());
                if (authenticationFlowContext.getAuthenticationSession().getClientNote("display") != null) {
                    identityProviderAuthnRequest = UriBuilder.fromUri(identityProviderAuthnRequest).queryParam("display", new Object[]{authenticationFlowContext.getAuthenticationSession().getClientNote("display")}).build(new Object[0]);
                }
                Response build = Response.seeOther(identityProviderAuthnRequest).build();
                if ("none".equals(authenticationFlowContext.getAuthenticationSession().getClientNote(OIDCLoginProtocol.PROMPT_PARAM)) && Boolean.valueOf((String) identityProviderModel.getConfig().get(ACCEPTS_PROMPT_NONE)).booleanValue()) {
                    authenticationFlowContext.getAuthenticationSession().setAuthNote(AuthenticationProcessor.FORWARDED_PASSIVE_LOGIN, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                }
                LOG.debugf("Redirecting to %s", str);
                authenticationFlowContext.forceChallenge(build);
                return;
            }
        }
        LOG.warnf("Provider not found or not enabled for realm %s", str);
        authenticationFlowContext.attempted();
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void close() {
    }
}
