package io.phasetwo.service.auth;

import com.google.auto.service.AutoService;
import io.phasetwo.service.Orgs;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.PostMigrationEvent;
import org.keycloak.provider.ProviderConfigProperty;

@AutoService({AuthenticatorFactory.class})
/* loaded from: input_file:io/phasetwo/service/auth/ActiveOrganizationAuthenticatorFactory.class */
public class ActiveOrganizationAuthenticatorFactory implements AuthenticatorFactory {
    public static final String PROVIDER_ID = "ext-select-org";
    public static final String PROVIDER_DISPLAY = "Select Organization";
    public static final String PROVIDER_HELP_TEXT = "Select the current Organization on Login";
    private static final Logger log = Logger.getLogger(ActiveOrganizationAuthenticatorFactory.class);
    private static final AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.DISABLED};

    public String getId() {
        return PROVIDER_ID;
    }

    public String getDisplayType() {
        return PROVIDER_DISPLAY;
    }

    public String getReferenceCategory() {
        return "organization";
    }

    public boolean isConfigurable() {
        return false;
    }

    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return REQUIREMENT_CHOICES;
    }

    public boolean isUserSetupAllowed() {
        return false;
    }

    public String getHelpText() {
        return PROVIDER_HELP_TEXT;
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return null;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public Authenticator m3create(KeycloakSession keycloakSession) {
        return new ActiveOrganizationAuthenticator(keycloakSession);
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(providerEvent -> {
            if (providerEvent instanceof RealmModel.RealmPostCreateEvent) {
                createOrgBrowserFlow(((RealmModel.RealmPostCreateEvent) providerEvent).getCreatedRealm());
                createOrgDirectGrantFlow(((RealmModel.RealmPostCreateEvent) providerEvent).getCreatedRealm());
            } else if (providerEvent instanceof PostMigrationEvent) {
                log.debug("PostMigrationEvent");
                if (Orgs.KC_ORGS_SKIP_MIGRATION == null) {
                    log.info("initializing active organization user profile attribute following migration");
                    KeycloakModelUtils.runJobInTransaction(keycloakSessionFactory, this::postMigrationCreateAuthFlow);
                }
            }
        });
    }

    public void close() {
    }

    private void postMigrationCreateAuthFlow(KeycloakSession keycloakSession) {
        log.debug("ActiveOrganizationAuthenticatorFactory::postMigrationCreateAuthFlow");
        keycloakSession.realms().getRealmsStream().forEach(realmModel -> {
            createOrgBrowserFlow(realmModel);
            createOrgDirectGrantFlow(realmModel);
        });
    }

    private void createOrgBrowserFlow(RealmModel realmModel) {
        if (realmModel.getFlowByAlias(Orgs.ORG_BROWSER_AUTH_FLOW_ALIAS) != null) {
            log.infof("%s flow exists. Skipping.", Orgs.ORG_BROWSER_AUTH_FLOW_ALIAS);
            return;
        }
        log.infof("creating built-in auth flow for %s", Orgs.ORG_BROWSER_AUTH_FLOW_ALIAS);
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(Orgs.ORG_BROWSER_AUTH_FLOW_ALIAS);
        authenticationFlowModel.setDescription("Browser flow with select organization step.");
        authenticationFlowModel.setProviderId("basic-flow");
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        cookieSubFlow(addAuthenticationFlow.getId(), realmModel);
        identityProviderSubFlow(addAuthenticationFlow.getId(), realmModel);
        usernamePasswordSubFlow(addAuthenticationFlow.getId(), realmModel);
    }

    private void createOrgDirectGrantFlow(RealmModel realmModel) {
        if (realmModel.getFlowByAlias(Orgs.ORG_DIRECT_GRANT_AUTH_FLOW_ALIAS) != null) {
            log.infof("%s flow exists. Skipping.", Orgs.ORG_DIRECT_GRANT_AUTH_FLOW_ALIAS);
            return;
        }
        log.infof("creating built-in auth flow for %s", Orgs.ORG_DIRECT_GRANT_AUTH_FLOW_ALIAS);
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setAlias(Orgs.ORG_DIRECT_GRANT_AUTH_FLOW_ALIAS);
        authenticationFlowModel.setDescription("Direct grant flow with select organization step.");
        authenticationFlowModel.setProviderId("basic-flow");
        authenticationFlowModel.setTopLevel(true);
        authenticationFlowModel.setBuiltIn(true);
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator("direct-grant-validate-username");
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("direct-grant-validate-password");
        authenticationExecutionModel2.setPriority(20);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        conditionalOtp(addAuthenticationFlow.getId(), realmModel, "Org Direct Grant - Conditional OTP", 30);
        selectOrgExecution(addAuthenticationFlow.getId(), realmModel, 30);
    }

    private void cookieSubFlow(String str, RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setTopLevel(false);
        authenticationFlowModel.setBuiltIn(true);
        authenticationFlowModel.setAlias("Cookies Sub-Flow");
        authenticationFlowModel.setDescription("Cookie sub-flow which can be used to switch org.");
        authenticationFlowModel.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(str);
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel.setPriority(10);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("auth-cookie");
        authenticationExecutionModel2.setPriority(10);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        selectOrgExecution(addAuthenticationFlow.getId(), realmModel, 20);
    }

    private void identityProviderSubFlow(String str, RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setTopLevel(false);
        authenticationFlowModel.setBuiltIn(true);
        authenticationFlowModel.setAlias("IDP Sub-Flow");
        authenticationFlowModel.setDescription("IDP sub-flow to select org.");
        authenticationFlowModel.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(str);
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel.setPriority(20);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("identity-provider-redirector");
        authenticationExecutionModel2.setPriority(10);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        selectOrgExecution(addAuthenticationFlow.getId(), realmModel, 20);
    }

    private void usernamePasswordSubFlow(String str, RealmModel realmModel) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setTopLevel(false);
        authenticationFlowModel.setBuiltIn(true);
        authenticationFlowModel.setAlias("Forms Sub-Flow");
        authenticationFlowModel.setDescription("Username, password, otp and other auth forms.");
        authenticationFlowModel.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(str);
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel.setPriority(30);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("auth-username-password-form");
        authenticationExecutionModel2.setPriority(10);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        conditionalOtp(addAuthenticationFlow.getId(), realmModel, "Org Browser - Conditional OTP", 20);
        selectOrgExecution(addAuthenticationFlow.getId(), realmModel, 30);
    }

    private void selectOrgExecution(String str, RealmModel realmModel, int i) {
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(str);
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel.setAuthenticator(PROVIDER_ID);
        authenticationExecutionModel.setPriority(i);
        authenticationExecutionModel.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
    }

    private void conditionalOtp(String str, RealmModel realmModel, String str2, int i) {
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setTopLevel(false);
        authenticationFlowModel.setBuiltIn(true);
        authenticationFlowModel.setAlias(str2);
        authenticationFlowModel.setDescription("Flow to determine if the OTP is required for the authentication");
        authenticationFlowModel.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(str);
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel.setPriority(i);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel2.setPriority(10);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("auth-otp-form");
        authenticationExecutionModel3.setPriority(20);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
    }
}
