package io.phasetwo.service.auth.idp;

import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.util.IdentityBrokerState;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakUriInfo;
import org.keycloak.models.RealmModel;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.resources.IdentityBrokerService;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;

/* loaded from: input_file:io/phasetwo/service/auth/idp/Redirector.class */
final class Redirector {
    private static final Logger LOG = Logger.getLogger(Redirector.class);
    private final AuthenticationFlowContext context;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Redirector(AuthenticationFlowContext authenticationFlowContext) {
        this.context = authenticationFlowContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void redirectTo(IdentityProviderModel identityProviderModel) {
        String alias = identityProviderModel.getAlias();
        RealmModel realm = this.context.getRealm();
        AuthenticationSessionModel authenticationSession = this.context.getAuthenticationSession();
        KeycloakSession session = this.context.getSession();
        ClientSessionCode<AuthenticationSessionModel> clientSessionCode = new ClientSessionCode<>(session, realm, authenticationSession);
        clientSessionCode.setAction(CommonClientSessionModel.Action.AUTHENTICATE.name());
        if (!identityProviderModel.isEnabled()) {
            LOG.warnf("Identity Provider %s is disabled.", alias);
        } else {
            if (identityProviderModel.isLinkOnly()) {
                LOG.warnf("Identity Provider %s is not allowed to perform a login.", alias);
                return;
            }
            new HomeIdpAuthenticationFlowContext(this.context).loginHint().copyTo(clientSessionCode);
            this.context.forceChallenge(IdentityBrokerService.getIdentityProviderFactory(session, identityProviderModel).create(session, identityProviderModel).performLogin(createAuthenticationRequest(alias, clientSessionCode)));
        }
    }

    private AuthenticationRequest createAuthenticationRequest(String str, ClientSessionCode<AuthenticationSessionModel> clientSessionCode) {
        AuthenticationSessionModel authenticationSessionModel = null;
        IdentityBrokerState identityBrokerState = null;
        if (clientSessionCode != null) {
            authenticationSessionModel = (AuthenticationSessionModel) clientSessionCode.getClientSession();
            identityBrokerState = IdentityBrokerState.decoded(clientSessionCode.getOrGenerateCode(), authenticationSessionModel.getClient().getId(), authenticationSessionModel.getClient().getClientId(), authenticationSessionModel.getTabId(), (String) null);
        }
        KeycloakSession session = this.context.getSession();
        KeycloakUriInfo uri = session.getContext().getUri();
        RealmModel realm = this.context.getRealm();
        return new AuthenticationRequest(session, realm, authenticationSessionModel, this.context.getHttpRequest(), uri, identityBrokerState, Urls.identityProviderAuthnResponse(uri.getBaseUri(), str, realm.getName()).toString());
    }
}
