package org.keycloak.authentication.authenticators.broker;

import java.util.List;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.services.resources.AttributeFormDataProcessor;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/authenticators/broker/IdpReviewProfileAuthenticator.class */
public class IdpReviewProfileAuthenticator extends AbstractIdpAuthenticator {
    protected static Logger logger = Logger.getLogger(IdpReviewProfileAuthenticator.class);

    @Override // org.keycloak.authentication.Authenticator
    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        IdentityProviderModel idpConfig = brokeredIdentityContext.getIdpConfig();
        if (!requiresUpdateProfilePage(authenticationFlowContext, serializedBrokeredIdentityContext, brokeredIdentityContext)) {
            authenticationFlowContext.success();
        } else {
            logger.debugf("Identity provider '%s' requires update profile action for broker user '%s'.", idpConfig.getAlias(), serializedBrokeredIdentityContext.getUsername());
            authenticationFlowContext.challenge(authenticationFlowContext.form().setAttribute("updateProfileCtx", serializedBrokeredIdentityContext).setFormData((MultivaluedMap) null).createUpdateProfilePage());
        }
    }

    protected boolean requiresUpdateProfilePage(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        if (Boolean.parseBoolean(authenticationFlowContext.getClientSession().getNote(AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE))) {
            return true;
        }
        AuthenticatorConfigModel authenticatorConfig = authenticationFlowContext.getAuthenticatorConfig();
        String str = (authenticatorConfig == null || !authenticatorConfig.getConfig().containsKey(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN)) ? "missing" : (String) authenticatorConfig.getConfig().get(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN);
        return "on".equals(str) || ("missing".equals(str) && !Validation.validateUserMandatoryFields(authenticationFlowContext.getRealm(), serializedBrokeredIdentityContext));
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void actionImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        EventBuilder event = authenticationFlowContext.getEvent();
        event.event(EventType.UPDATE_PROFILE);
        MultivaluedMap decodedFormParameters = authenticationFlowContext.getHttpRequest().getDecodedFormParameters();
        RealmModel realm = authenticationFlowContext.getRealm();
        List<FormMessage> validateUpdateProfileForm = Validation.validateUpdateProfileForm(!realm.isRegistrationEmailAsUsername(), decodedFormParameters);
        if (validateUpdateProfileForm != null && !validateUpdateProfileForm.isEmpty()) {
            authenticationFlowContext.challenge(authenticationFlowContext.form().setErrors(validateUpdateProfileForm).setAttribute("updateProfileCtx", serializedBrokeredIdentityContext).setFormData(decodedFormParameters).createUpdateProfilePage());
            return;
        }
        serializedBrokeredIdentityContext.setUsername(realm.isRegistrationEmailAsUsername() ? (String) decodedFormParameters.getFirst("email") : (String) decodedFormParameters.getFirst("username"));
        serializedBrokeredIdentityContext.setFirstName((String) decodedFormParameters.getFirst("firstName"));
        serializedBrokeredIdentityContext.setLastName((String) decodedFormParameters.getFirst("lastName"));
        String str = (String) decodedFormParameters.getFirst("email");
        if (!ObjectUtil.isEqualOrBothNull(str, serializedBrokeredIdentityContext.getEmail())) {
            if (logger.isTraceEnabled()) {
                logger.tracef("Email updated on updateProfile page to '%s' ", str);
            }
            serializedBrokeredIdentityContext.setEmail(str);
            authenticationFlowContext.getClientSession().setNote(AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED, "true");
        }
        AttributeFormDataProcessor.process((MultivaluedMap<String, String>) decodedFormParameters, realm, serializedBrokeredIdentityContext);
        serializedBrokeredIdentityContext.saveToClientSession(authenticationFlowContext.getClientSession(), AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
        logger.debugf("Profile updated successfully after first authentication with identity provider '%s' for broker user '%s'.", brokeredIdentityContext.getIdpConfig().getAlias(), serializedBrokeredIdentityContext.getUsername());
        event.detail("updated_email", str);
        authenticationFlowContext.success();
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }
}
