package org.keycloak.storage.ldap;

import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator;
import org.keycloak.federation.kerberos.impl.KerberosUsernamePasswordAuthenticator;
import org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.KeycloakSessionTask;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.cache.UserCache;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderFactory;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.idm.query.Condition;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQuery;
import org.keycloak.storage.ldap.idm.query.internal.LDAPQueryConditionsBuilder;
import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.LDAPConfigDecorator;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapperFactory;
import org.keycloak.storage.user.ImportSynchronization;
import org.keycloak.storage.user.SynchronizationResult;
import org.keycloak.utils.CredentialHelper;

/* loaded from: input_file:org/keycloak/storage/ldap/LDAPStorageProviderFactory.class */
public class LDAPStorageProviderFactory implements UserStorageProviderFactory<LDAPStorageProvider>, ImportSynchronization {
    public static final String PROVIDER_NAME = "ldap";
    private LDAPIdentityStoreRegistry ldapStoreRegistry;
    private static final Logger logger = Logger.getLogger(LDAPStorageProviderFactory.class);
    protected static final List<ProviderConfigProperty> configProperties = getConfigProps(null);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.storage.ldap.LDAPStorageProviderFactory$1BooleanHolder, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/storage/ldap/LDAPStorageProviderFactory$1BooleanHolder.class */
    public class C1BooleanHolder {
        private boolean value = true;

        C1BooleanHolder() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.storage.ldap.LDAPStorageProviderFactory$1QueryHolder, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/storage/ldap/LDAPStorageProviderFactory$1QueryHolder.class */
    public class C1QueryHolder {
        LDAPQuery query;

        C1QueryHolder() {
        }
    }

    private static List<ProviderConfigProperty> getConfigProps(ComponentModel componentModel) {
        if (componentModel != null) {
            boolean z = new LDAPConfig(componentModel.getConfig()).getEditMode() != UserStorageProvider.EditMode.WRITABLE;
        }
        return ProviderConfigurationBuilder.create().property().name("editMode").type("String").add().property().name("syncRegistrations").type("boolean").defaultValue("false").add().property().name("vendor").type("String").add().property().name("usernameLDAPAttribute").type("String").add().property().name("rdnLDAPAttribute").type("String").add().property().name("uuidLDAPAttribute").type("String").add().property().name("userObjectClasses").type("String").add().property().name("connectionUrl").type("String").add().property().name("usersDn").type("String").add().property().name("authType").type("String").defaultValue("simple").add().property().name("bindDn").type("String").add().property().name("bindCredential").type("Password").secret(true).add().property().name("customUserSearchFilter").type("String").add().property().name("searchScope").type("String").defaultValue("1").add().property().name("useTruststoreSpi").type("String").defaultValue("ldapsOnly").add().property().name("connectionPooling").type("boolean").defaultValue("true").add().property().name("connectionTimeout").type("String").add().property().name("readTimeout").type("String").add().property().name("pagination").type("boolean").defaultValue("true").add().property().name("allowKerberosAuthentication").type("boolean").defaultValue("false").add().property().name("serverPrincipal").type("String").add().property().name("keyTab").type("String").add().property().name("kerberosRealm").type("String").add().property().name("debug").type("boolean").defaultValue("false").add().property().name("useKerberosForPasswordAuthentication").type("boolean").defaultValue("false").add().property().name("serverPrincipal").type("String").add().build();
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public LDAPStorageProvider m5create(KeycloakSession keycloakSession, ComponentModel componentModel) {
        return new LDAPStorageProvider(this, keycloakSession, componentModel, this.ldapStoreRegistry.getLdapStore(keycloakSession, componentModel, getLDAPConfigDecorators(keycloakSession, componentModel)));
    }

    protected Map<ComponentModel, LDAPConfigDecorator> getLDAPConfigDecorators(KeycloakSession keycloakSession, ComponentModel componentModel) {
        List<ComponentModel> components = keycloakSession.realms().getRealm(componentModel.getParentId()).getComponents(componentModel.getId(), LDAPStorageMapper.class.getName());
        HashMap hashMap = new HashMap();
        for (ComponentModel componentModel2 : components) {
            LDAPStorageMapperFactory providerFactory = keycloakSession.getKeycloakSessionFactory().getProviderFactory(LDAPStorageMapper.class, componentModel2.getProviderId());
            if (providerFactory instanceof LDAPConfigDecorator) {
                hashMap.put(componentModel2, (LDAPConfigDecorator) providerFactory);
            }
        }
        return hashMap;
    }

    public void validateConfiguration(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) throws ComponentValidationException {
        LDAPConfig lDAPConfig = new LDAPConfig(componentModel.getConfig());
        LDAPUtils.validateCustomLdapFilter(lDAPConfig.getCustomUserSearchFilter());
        String connectionTimeout = lDAPConfig.getConnectionTimeout();
        if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
            try {
                Long.parseLong(connectionTimeout);
            } catch (NumberFormatException e) {
                throw new ComponentValidationException("ldapErrorConnectionTimeoutNotNumber", new Object[0]);
            }
        }
        String readTimeout = lDAPConfig.getReadTimeout();
        if (readTimeout == null || readTimeout.isEmpty()) {
            return;
        }
        try {
            Long.parseLong(readTimeout);
        } catch (NumberFormatException e2) {
            throw new ComponentValidationException("ldapErrorReadTimeoutNotNumber", new Object[0]);
        }
    }

    public void init(Config.Scope scope) {
        this.ldapStoreRegistry = new LDAPIdentityStoreRegistry();
    }

    public void close() {
        this.ldapStoreRegistry = null;
    }

    public String getId() {
        return PROVIDER_NAME;
    }

    public void onCreate(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) {
        LDAPConfig lDAPConfig = new LDAPConfig(componentModel.getConfig());
        boolean isActiveDirectory = lDAPConfig.isActiveDirectory();
        UserStorageProvider.EditMode editMode = lDAPConfig.getEditMode();
        String valueOf = String.valueOf(editMode == UserStorageProvider.EditMode.READ_ONLY || editMode == UserStorageProvider.EditMode.UNSYNCED);
        String usernameLdapAttribute = lDAPConfig.getUsernameLdapAttribute();
        String valueOf2 = String.valueOf(editMode == UserStorageProvider.EditMode.READ_ONLY || editMode == UserStorageProvider.EditMode.WRITABLE);
        realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("username", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "username", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, usernameLdapAttribute, "read.only", valueOf, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false", UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true"}));
        if (!lDAPConfig.getRdnLdapAttribute().equalsIgnoreCase("cn")) {
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("first name", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "firstName", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, "cn", "read.only", valueOf, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, valueOf2, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true"}));
        } else if (usernameLdapAttribute.equalsIgnoreCase("cn")) {
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("first name", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "firstName", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, "givenName", "read.only", valueOf, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, valueOf2, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true"}));
        } else if (editMode == UserStorageProvider.EditMode.WRITABLE) {
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("first name", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "firstName", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, "givenName", "read.only", valueOf, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, valueOf2, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true"}));
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("username-cn", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "username", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, "cn", "read.only", valueOf, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false", UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true"}));
        } else {
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("full name", componentModel.getId(), FullNameLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE, "cn", "read.only", valueOf, FullNameLDAPStorageMapper.WRITE_ONLY, "false"}));
        }
        realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("last name", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "lastName", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, "sn", "read.only", valueOf, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, valueOf2, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "true"}));
        realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("email", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "email", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, "mail", "read.only", valueOf, UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false", UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "false"}));
        String str = isActiveDirectory ? "whenCreated" : "createTimestamp";
        String str2 = isActiveDirectory ? "whenChanged" : "modifyTimestamp";
        realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("creation date", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "createTimestamp", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, str, "read.only", "true", UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, valueOf2, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "false"}));
        realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("modify date", componentModel.getId(), UserAttributeLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[]{UserAttributeLDAPStorageMapper.USER_MODEL_ATTRIBUTE, "modifyTimestamp", UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, str2, "read.only", "true", UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, valueOf2, UserAttributeLDAPStorageMapper.IS_MANDATORY_IN_LDAP, "false"}));
        if (isActiveDirectory) {
            realmModel.addComponentModel(KeycloakModelUtils.createComponentModel("MSAD account controls", componentModel.getId(), MSADUserAccountControlStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), new String[0]));
        }
        checkKerberosCredential(keycloakSession, realmModel, componentModel);
    }

    public void onUpdate(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) {
        checkKerberosCredential(keycloakSession, realmModel, componentModel);
    }

    public SynchronizationResult sync(KeycloakSessionFactory keycloakSessionFactory, String str, UserStorageProviderModel userStorageProviderModel) {
        syncMappers(keycloakSessionFactory, str, userStorageProviderModel);
        logger.infof("Sync all users from LDAP to local store: realm: %s, federation provider: %s", str, userStorageProviderModel.getName());
        SynchronizationResult syncImpl = syncImpl(keycloakSessionFactory, createQuery(keycloakSessionFactory, str, userStorageProviderModel), str, userStorageProviderModel);
        logger.infof("Sync all users finished: %s", syncImpl.getStatus());
        return syncImpl;
    }

    public SynchronizationResult syncSince(Date date, KeycloakSessionFactory keycloakSessionFactory, String str, UserStorageProviderModel userStorageProviderModel) {
        syncMappers(keycloakSessionFactory, str, userStorageProviderModel);
        logger.infof("Sync changed users from LDAP to local store: realm: %s, federation provider: %s, last sync time: " + date, str, userStorageProviderModel.getName());
        LDAPQueryConditionsBuilder lDAPQueryConditionsBuilder = new LDAPQueryConditionsBuilder();
        Condition orCondition = lDAPQueryConditionsBuilder.orCondition(lDAPQueryConditionsBuilder.greaterThanOrEqualTo("createTimestamp", date), lDAPQueryConditionsBuilder.greaterThanOrEqualTo("modifyTimestamp", date));
        LDAPQuery createQuery = createQuery(keycloakSessionFactory, str, userStorageProviderModel);
        createQuery.addWhereCondition(orCondition);
        SynchronizationResult syncImpl = syncImpl(keycloakSessionFactory, createQuery, str, userStorageProviderModel);
        logger.infof("Sync changed users finished: %s", syncImpl.getStatus());
        return syncImpl;
    }

    protected void syncMappers(KeycloakSessionFactory keycloakSessionFactory, final String str, final ComponentModel componentModel) {
        KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.storage.ldap.LDAPStorageProviderFactory.1
            public void run(KeycloakSession keycloakSession) {
                RealmModel realm = keycloakSession.realms().getRealm(str);
                keycloakSession.getProvider(UserStorageProvider.class, componentModel);
                for (ComponentModel componentModel2 : realm.getComponents(componentModel.getId(), LDAPStorageMapper.class.getName())) {
                    SynchronizationResult syncDataFromFederationProviderToKeycloak = ((LDAPStorageMapper) keycloakSession.getProvider(LDAPStorageMapper.class, componentModel2)).syncDataFromFederationProviderToKeycloak(realm);
                    if (syncDataFromFederationProviderToKeycloak.getAdded() > 0 || syncDataFromFederationProviderToKeycloak.getUpdated() > 0 || syncDataFromFederationProviderToKeycloak.getRemoved() > 0 || syncDataFromFederationProviderToKeycloak.getFailed() > 0) {
                        LDAPStorageProviderFactory.logger.infof("Sync of federation mapper '%s' finished. Status: %s", componentModel2.getName(), syncDataFromFederationProviderToKeycloak.toString());
                    }
                }
            }
        });
    }

    protected SynchronizationResult syncImpl(KeycloakSessionFactory keycloakSessionFactory, LDAPQuery lDAPQuery, String str, ComponentModel componentModel) {
        SynchronizationResult synchronizationResult = new SynchronizationResult();
        LDAPConfig lDAPConfig = new LDAPConfig(componentModel.getConfig());
        if (lDAPConfig.isPagination()) {
            int batchSizeForSync = lDAPConfig.getBatchSizeForSync();
            boolean z = true;
            while (z) {
                lDAPQuery.setLimit(batchSizeForSync);
                List<LDAPObject> resultList = lDAPQuery.getResultList();
                z = lDAPQuery.getPaginationContext() != null;
                synchronizationResult.add(importLdapUsers(keycloakSessionFactory, str, componentModel, resultList));
            }
        } else {
            synchronizationResult.add(importLdapUsers(keycloakSessionFactory, str, componentModel, lDAPQuery.getResultList()));
        }
        return synchronizationResult;
    }

    private LDAPQuery createQuery(KeycloakSessionFactory keycloakSessionFactory, final String str, final ComponentModel componentModel) {
        final C1QueryHolder c1QueryHolder = new C1QueryHolder();
        KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.storage.ldap.LDAPStorageProviderFactory.2
            public void run(KeycloakSession keycloakSession) {
                LDAPStorageProvider provider = keycloakSession.getProvider(UserStorageProvider.class, componentModel);
                RealmModel realm = keycloakSession.realms().getRealm(str);
                c1QueryHolder.query = LDAPUtils.createQueryForUserSearch(provider, realm);
            }
        });
        return c1QueryHolder.query;
    }

    protected SynchronizationResult importLdapUsers(KeycloakSessionFactory keycloakSessionFactory, final String str, final ComponentModel componentModel, List<LDAPObject> list) {
        final SynchronizationResult synchronizationResult = new SynchronizationResult();
        final C1BooleanHolder c1BooleanHolder = new C1BooleanHolder();
        for (final LDAPObject lDAPObject : list) {
            try {
                KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.storage.ldap.LDAPStorageProviderFactory.3
                    public void run(KeycloakSession keycloakSession) {
                        LDAPStorageProvider provider = keycloakSession.getProvider(UserStorageProvider.class, componentModel);
                        RealmModel realm = keycloakSession.realms().getRealm(str);
                        String username = LDAPUtils.getUsername(lDAPObject, provider.getLdapIdentityStore().getConfig());
                        c1BooleanHolder.value = true;
                        LDAPUtils.checkUuid(lDAPObject, provider.getLdapIdentityStore().getConfig());
                        UserModel userByUsername = keycloakSession.userLocalStorage().getUserByUsername(username, realm);
                        if (userByUsername == null) {
                            c1BooleanHolder.value = false;
                            provider.importUserFromLDAP(keycloakSession, realm, lDAPObject);
                            synchronizationResult.increaseAdded();
                        } else {
                            if (!componentModel.getId().equals(userByUsername.getFederationLink()) || !lDAPObject.getUuid().equals(userByUsername.getFirstAttribute("LDAP_ID"))) {
                                LDAPStorageProviderFactory.logger.warnf("User '%s' is not updated during sync as he already exists in Keycloak database but is not linked to federation provider '%s'", username, componentModel.getName());
                                synchronizationResult.increaseFailed();
                                return;
                            }
                            Iterator<ComponentModel> it = provider.getMapperManager().sortMappersDesc(realm.getComponents(componentModel.getId(), LDAPStorageMapper.class.getName())).iterator();
                            while (it.hasNext()) {
                                provider.getMapperManager().getMapper(it.next()).onImportUserFromLDAP(lDAPObject, userByUsername, realm, false);
                            }
                            LDAPStorageProviderFactory.logger.debugf("Updated user from LDAP: %s", userByUsername.getUsername());
                            synchronizationResult.increaseUpdated();
                        }
                    }
                });
            } catch (ModelException e) {
                logger.error("Failed during import user from LDAP", e);
                synchronizationResult.increaseFailed();
                if (!c1BooleanHolder.value) {
                    KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, new KeycloakSessionTask() { // from class: org.keycloak.storage.ldap.LDAPStorageProviderFactory.4
                        public void run(KeycloakSession keycloakSession) {
                            UserModel userByUsername;
                            LDAPStorageProvider provider = keycloakSession.getProvider(UserStorageProvider.class, componentModel);
                            RealmModel realm = keycloakSession.realms().getRealm(str);
                            String str2 = null;
                            try {
                                str2 = LDAPUtils.getUsername(lDAPObject, provider.getLdapIdentityStore().getConfig());
                            } catch (ModelException e2) {
                            }
                            if (str2 == null || (userByUsername = keycloakSession.userLocalStorage().getUserByUsername(str2, realm)) == null) {
                                return;
                            }
                            UserCache userCache = keycloakSession.userCache();
                            if (userCache != null) {
                                userCache.evict(realm, userByUsername);
                            }
                            keycloakSession.userLocalStorage().removeUser(realm, userByUsername);
                        }
                    });
                }
            }
        }
        return synchronizationResult;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SPNEGOAuthenticator createSPNEGOAuthenticator(String str, CommonKerberosConfig commonKerberosConfig) {
        return new SPNEGOAuthenticator(commonKerberosConfig, createKerberosSubjectAuthenticator(commonKerberosConfig), str);
    }

    protected KerberosServerSubjectAuthenticator createKerberosSubjectAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        return new KerberosServerSubjectAuthenticator(commonKerberosConfig);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KerberosUsernamePasswordAuthenticator createKerberosUsernamePasswordAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        return new KerberosUsernamePasswordAuthenticator(commonKerberosConfig);
    }

    public static boolean checkKerberosCredential(KeycloakSession keycloakSession, RealmModel realmModel, ComponentModel componentModel) {
        if (!Boolean.valueOf((String) componentModel.getConfig().getFirst("allowKerberosAuthentication")).booleanValue()) {
            return false;
        }
        CredentialHelper.setOrReplaceAuthenticationRequirement(keycloakSession, realmModel, "kerberos", AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED);
        return true;
    }
}
