package io.phasetwo.service.auth.idp;

import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import java.util.List;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;

/* loaded from: input_file:io/phasetwo/service/auth/idp/HomeIdpDiscoveryAuthenticator.class */
final class HomeIdpDiscoveryAuthenticator extends AbstractUsernameFormAuthenticator {
    private static final Logger LOG = Logger.getLogger(HomeIdpDiscoveryAuthenticator.class);

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        String trimToNull;
        HomeIdpAuthenticationFlowContext homeIdpAuthenticationFlowContext = new HomeIdpAuthenticationFlowContext(authenticationFlowContext);
        if (getAttemptedUsername(authenticationFlowContext) != null) {
            if (authenticationFlowContext.getExecution().getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
                action(authenticationFlowContext);
                return;
            } else {
                authenticationFlowContext.attempted();
                return;
            }
        }
        if (homeIdpAuthenticationFlowContext.loginPage().shouldByPass() && (trimToNull = trimToNull(homeIdpAuthenticationFlowContext.loginHint().getFromSession())) != null) {
            String userInContext = setUserInContext(authenticationFlowContext, trimToNull);
            List<IdentityProviderModel> discoverForUser = homeIdpAuthenticationFlowContext.discoverer().discoverForUser(userInContext);
            if (!discoverForUser.isEmpty()) {
                homeIdpAuthenticationFlowContext.rememberMe().remember(userInContext);
                redirectOrChallenge(homeIdpAuthenticationFlowContext, userInContext, discoverForUser);
                return;
            }
        }
        homeIdpAuthenticationFlowContext.authenticationChallenge().forceChallenge();
    }

    private String getAttemptedUsername(AuthenticationFlowContext authenticationFlowContext) {
        return trimToNull(authenticationFlowContext.getAuthenticationSession().getAuthNote("ATTEMPTED_USERNAME"));
    }

    private void redirectOrChallenge(HomeIdpAuthenticationFlowContext homeIdpAuthenticationFlowContext, String str, List<IdentityProviderModel> list) {
        if (list.size() != 1 && !homeIdpAuthenticationFlowContext.config().forwardToFirstMatch()) {
            homeIdpAuthenticationFlowContext.authenticationChallenge().forceChallenge(list);
            return;
        }
        IdentityProviderModel identityProviderModel = list.get(0);
        homeIdpAuthenticationFlowContext.loginHint().setInAuthSession(identityProviderModel, str);
        homeIdpAuthenticationFlowContext.redirector().redirectTo(identityProviderModel);
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        MultivaluedMap<String, String> decodedFormParameters = authenticationFlowContext.getHttpRequest().getDecodedFormParameters();
        if (decodedFormParameters.containsKey("cancel")) {
            LOG.debugf("Login canceled", new Object[0]);
            authenticationFlowContext.cancelLogin();
            return;
        }
        String userInContext = setUserInContext(authenticationFlowContext, (String) decodedFormParameters.getFirst("username"));
        if (userInContext == null) {
            LOG.debugf("No username in request", new Object[0]);
            return;
        }
        HomeIdpAuthenticationFlowContext homeIdpAuthenticationFlowContext = new HomeIdpAuthenticationFlowContext(authenticationFlowContext);
        List<IdentityProviderModel> discoverForUser = homeIdpAuthenticationFlowContext.discoverer().discoverForUser(userInContext);
        if (discoverForUser.isEmpty()) {
            if (authenticationFlowContext.getExecution().getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
                authenticationFlowContext.success();
                return;
            } else {
                authenticationFlowContext.attempted();
                return;
            }
        }
        RememberMe rememberMe = homeIdpAuthenticationFlowContext.rememberMe();
        rememberMe.handleAction(decodedFormParameters);
        rememberMe.remember(userInContext);
        redirectOrChallenge(homeIdpAuthenticationFlowContext, userInContext, discoverForUser);
    }

    private String setUserInContext(AuthenticationFlowContext authenticationFlowContext, String str) {
        authenticationFlowContext.clearUser();
        String trimToNull = trimToNull(str);
        if (trimToNull == null) {
            LOG.debug("Could not find username in request. Trying attempted username from previous authenticator");
            trimToNull = getAttemptedUsername(authenticationFlowContext);
        }
        if (trimToNull == null) {
            LOG.warn("No or empty username found in request");
            authenticationFlowContext.getEvent().error("user_not_found");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_USER, challenge(authenticationFlowContext, getDefaultChallengeMessage(authenticationFlowContext), "username"));
            return null;
        }
        LOG.debugf("Found username '%s' in request", trimToNull);
        authenticationFlowContext.getEvent().detail("username", trimToNull);
        authenticationFlowContext.getAuthenticationSession().setAuthNote("ATTEMPTED_USERNAME", trimToNull);
        authenticationFlowContext.getAuthenticationSession().setClientNote("login_hint", trimToNull);
        try {
            UserModel findUserByNameOrEmail = KeycloakModelUtils.findUserByNameOrEmail(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), trimToNull);
            if (findUserByNameOrEmail != null) {
                LOG.tracef("Setting user '%s' in context", findUserByNameOrEmail.getId());
                authenticationFlowContext.setUser(findUserByNameOrEmail);
            }
        } catch (ModelDuplicateException e) {
            LOG.warnf(e, "Could not uniquely identify the user. Multiple users with name or email '%s' found.", trimToNull);
        }
        return trimToNull;
    }

    private String trimToNull(String str) {
        if (str != null) {
            str = str.trim();
            if ("".equalsIgnoreCase(str)) {
                str = null;
            }
        }
        return str;
    }

    protected Response createLoginForm(LoginFormsProvider loginFormsProvider) {
        return loginFormsProvider.createLoginUsername();
    }

    protected String getDefaultChallengeMessage(AuthenticationFlowContext authenticationFlowContext) {
        return authenticationFlowContext.getRealm().isLoginWithEmailAllowed() ? "invalidUsernameOrEmailMessage" : "invalidUsernameMessage";
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }
}
