package org.keycloak.protocol.docker;

import java.util.Collections;
import java.util.Locale;
import java.util.Optional;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.jboss.resteasy.specimpl.ResponseBuilderImpl;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.saml.profile.ecp.authenticator.HttpBasicAuthenticator;
import org.keycloak.representations.docker.DockerAccess;
import org.keycloak.representations.docker.DockerError;
import org.keycloak.representations.docker.DockerErrorResponseToken;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/protocol/docker/DockerAuthenticator.class */
public class DockerAuthenticator extends HttpBasicAuthenticator {
    private static final Logger logger = Logger.getLogger(DockerAuthenticator.class);
    public static final String ID = "docker-http-basic-authenticator";

    @Override // org.keycloak.protocol.saml.profile.ecp.authenticator.HttpBasicAuthenticator
    protected void notValidCredentialsAction(AuthenticationFlowContext authenticationFlowContext, RealmModel realmModel, UserModel userModel) {
        invalidUserAction(authenticationFlowContext, realmModel, userModel.getUsername(), authenticationFlowContext.getSession().getContext().resolveLocale(userModel));
    }

    @Override // org.keycloak.protocol.saml.profile.ecp.authenticator.HttpBasicAuthenticator
    protected void nullUserAction(AuthenticationFlowContext authenticationFlowContext, RealmModel realmModel, String str) {
        invalidUserAction(authenticationFlowContext, realmModel, str, new Locale((String) Optional.ofNullable(realmModel.getDefaultLocale()).orElse(Locale.ENGLISH.toString())));
    }

    @Override // org.keycloak.protocol.saml.profile.ecp.authenticator.HttpBasicAuthenticator
    protected void userDisabledAction(AuthenticationFlowContext authenticationFlowContext, RealmModel realmModel, UserModel userModel) {
        authenticationFlowContext.getEvent().user(userModel);
        authenticationFlowContext.getEvent().error("user_disabled");
        authenticationFlowContext.failure(AuthenticationFlowError.USER_DISABLED, new ResponseBuilderImpl().status(Response.Status.UNAUTHORIZED).header("Content-Type", MediaType.APPLICATION_JSON).entity(new DockerErrorResponseToken(Collections.singletonList(new DockerError("UNAUTHORIZED", "Invalid username or password.", Collections.singletonList(new DockerAccess(authenticationFlowContext.getAuthenticationSession().getClientNote("scope"))))))).build());
    }

    private void invalidUserAction(AuthenticationFlowContext authenticationFlowContext, RealmModel realmModel, String str, Locale locale) {
        authenticationFlowContext.getEvent().user(str);
        authenticationFlowContext.getEvent().error("invalid_user_credentials");
        authenticationFlowContext.failure(AuthenticationFlowError.INVALID_USER, new ResponseBuilderImpl().status(Response.Status.UNAUTHORIZED).header("Content-Type", MediaType.APPLICATION_JSON).entity(new DockerErrorResponseToken(Collections.singletonList(new DockerError("UNAUTHORIZED", "Invalid username or password.", Collections.singletonList(new DockerAccess(authenticationFlowContext.getAuthenticationSession().getClientNote("scope"))))))).build());
    }

    @Override // org.keycloak.protocol.saml.profile.ecp.authenticator.HttpBasicAuthenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }
}
