package org.keycloak.authentication;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.models.AuthenticationLinkModel;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderSession;

/* loaded from: input_file:WEB-INF/lib/keycloak-authentication-api-1.0-beta-3.jar:org/keycloak/authentication/AuthenticationProviderManager.class */
public class AuthenticationProviderManager {
    private static final Logger logger = Logger.getLogger(AuthenticationProviderManager.class);
    private final RealmModel realm;
    private final Map<String, AuthenticationProvider> delegates;

    public static AuthenticationProviderManager getManager(RealmModel realmModel, ProviderSession providerSession) {
        Set<AuthenticationProvider> allProviders = providerSession.getAllProviders(AuthenticationProvider.class);
        HashMap hashMap = new HashMap();
        for (AuthenticationProvider authenticationProvider : allProviders) {
            hashMap.put(authenticationProvider.getName(), authenticationProvider);
        }
        return new AuthenticationProviderManager(realmModel, hashMap);
    }

    public AuthenticationProviderManager(RealmModel realmModel, Map<String, AuthenticationProvider> map) {
        this.realm = realmModel;
        this.delegates = map;
    }

    public AuthUser getUser(String str) {
        for (AuthenticationProviderModel authenticationProviderModel : getConfiguredProviderModels(this.realm)) {
            AuthenticationProvider provider = getProvider(authenticationProviderModel.getProviderName());
            if (provider != null) {
                try {
                    AuthUser user = provider.getUser(this.realm, authenticationProviderModel.getConfig(), str);
                    if (user != null) {
                        logger.debugf("User '%s' found with provider '%s'", str, authenticationProviderModel.getProviderName());
                        return user;
                    }
                    continue;
                } catch (AuthenticationProviderException e) {
                    logger.warn(e.getMessage(), e);
                }
            }
        }
        logger.debugf("User '%s' not found with any provider", str);
        return null;
    }

    public AuthProviderStatus validatePassword(UserModel userModel, String str) {
        AuthenticationLinkModel authenticationLink = userModel.getAuthenticationLink();
        if (authenticationLink == null) {
            AuthUser user = getUser(userModel.getLoginName());
            authenticationLink = new AuthenticationLinkModel(user.getProviderName(), user.getId());
            userModel.setAuthenticationLink(authenticationLink);
            logger.infof("User '%s' linked with provider '%s'", user.getUsername(), user.getProviderName());
        }
        String authProvider = authenticationLink.getAuthProvider();
        AuthenticationProviderModel configuredProviderModel = getConfiguredProviderModel(this.realm, authProvider);
        AuthenticationProvider provider = getProvider(authProvider);
        if (provider == null || configuredProviderModel == null) {
            return AuthProviderStatus.FAILED;
        }
        try {
            checkCorrectAuthLink(provider, configuredProviderModel, authenticationLink, userModel.getLoginName());
            AuthProviderStatus validatePassword = provider.validatePassword(this.realm, configuredProviderModel.getConfig(), userModel.getLoginName(), str);
            logger.debugf("Authentication provider '%s' finished with '%s' for authentication of '%s'", provider.getName(), validatePassword.toString(), userModel.getLoginName());
            return validatePassword;
        } catch (AuthenticationProviderException e) {
            logger.warn(e.getMessage(), e);
            return AuthProviderStatus.FAILED;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:18:0x0120, code lost:
    
        if (r9 != null) goto L24;
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x0123, code lost:
    
        org.keycloak.authentication.AuthenticationProviderManager.logger.warnf("No providers found where password update is supported for user '%s'", r7.getLoginName());
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x0132, code lost:
    
        return false;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean updatePassword(org.keycloak.models.UserModel r7, java.lang.String r8) throws org.keycloak.authentication.AuthenticationProviderException {
        /*
            Method dump skipped, instructions count: 475
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.keycloak.authentication.AuthenticationProviderManager.updatePassword(org.keycloak.models.UserModel, java.lang.String):boolean");
    }

    private AuthenticationProvider getProvider(String str) {
        AuthenticationProvider authenticationProvider = this.delegates.get(str);
        if (authenticationProvider == null) {
            logger.warnf("Provider '%s' not available on classpath", str);
        }
        return authenticationProvider;
    }

    private static List<AuthenticationProviderModel> getConfiguredProviderModels(RealmModel realmModel) {
        List<AuthenticationProviderModel> authenticationProviders = realmModel.getAuthenticationProviders();
        if (authenticationProviders == null || authenticationProviders.isEmpty()) {
            authenticationProviders = Collections.EMPTY_LIST;
            logger.warnf("No authentication providers found", new Object[0]);
        }
        return authenticationProviders;
    }

    public static AuthenticationProviderModel getConfiguredProviderModel(RealmModel realmModel, String str) {
        for (AuthenticationProviderModel authenticationProviderModel : getConfiguredProviderModels(realmModel)) {
            if (str.equals(authenticationProviderModel.getProviderName())) {
                return authenticationProviderModel;
            }
        }
        logger.warnf("Provider '%s' not configured in realm", str);
        return null;
    }

    private void checkCorrectAuthLink(AuthenticationProvider authenticationProvider, AuthenticationProviderModel authenticationProviderModel, AuthenticationLinkModel authenticationLinkModel, String str) throws AuthenticationProviderException {
        AuthUser user = authenticationProvider.getUser(this.realm, authenticationProviderModel.getConfig(), str);
        if (user == null) {
            throw new AuthenticationProviderException("User " + str + " not found in authentication provider " + authenticationProviderModel.getProviderName());
        }
        String id = user.getId();
        if (!id.equals(authenticationLinkModel.getAuthUserId())) {
            throw new AuthenticationProviderException("ID did not match! ID from provider: " + id + ", ID from authentication link: " + authenticationLinkModel.getAuthUserId());
        }
    }
}
