package io.phasetwo.service.auth.idp;

import io.phasetwo.service.model.OrganizationProvider;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/phasetwo/service/auth/idp/HomeIdpDiscoverer.class */
public final class HomeIdpDiscoverer {
    private static final Logger LOG = Logger.getLogger(HomeIdpDiscoverer.class);
    private final DomainExtractor domainExtractor;
    private final AuthenticationFlowContext context;

    /* JADX INFO: Access modifiers changed from: package-private */
    public HomeIdpDiscoverer(AuthenticationFlowContext authenticationFlowContext) {
        this(new DomainExtractor(new HomeIdpDiscoveryConfig(authenticationFlowContext.getAuthenticatorConfig())), authenticationFlowContext);
    }

    private HomeIdpDiscoverer(DomainExtractor domainExtractor, AuthenticationFlowContext authenticationFlowContext) {
        this.domainExtractor = domainExtractor;
        this.context = authenticationFlowContext;
    }

    public List<IdentityProviderModel> discoverForUser(String str) {
        Optional<Domain> extractFrom;
        String name = this.context.getRealm().getName();
        AuthenticatorConfigModel authenticatorConfig = this.context.getAuthenticatorConfig();
        LOG.tracef("Trying to discover home IdP for username '%s' in realm '%s' with authenticator config '%s'", str, name, authenticatorConfig == null ? "<unconfigured>" : authenticatorConfig.getAlias());
        List<IdentityProviderModel> arrayList = new ArrayList();
        UserModel user = this.context.getUser();
        if (user == null) {
            LOG.tracef("No user found in AuthenticationFlowContext. Extracting domain from provided username '%s'.", str);
            extractFrom = this.domainExtractor.extractFrom(str);
        } else {
            LOG.tracef("User found in AuthenticationFlowContext. Extracting domain from stored user '%s'.", user.getId());
            extractFrom = this.domainExtractor.extractFrom(user);
        }
        HomeIdpDiscoveryConfig homeIdpDiscoveryConfig = new HomeIdpDiscoveryConfig(authenticatorConfig);
        if (homeIdpDiscoveryConfig.requireVerifiedEmail() && "email".equalsIgnoreCase(homeIdpDiscoveryConfig.userAttribute()) && !user.isEmailVerified()) {
            LOG.infof("Email of user %s not verified. Skipping discovery of linked IdPs", user.getId());
            return arrayList;
        }
        if (extractFrom.isPresent()) {
            Domain domain = extractFrom.get();
            arrayList = discoverHomeIdps(domain, user, str);
            if (arrayList.isEmpty()) {
                LOG.infof("Could not find home IdP for domain '%s' and user '%s' in realm '%s'", domain, str, name);
            }
        } else {
            LOG.warnf("Could not extract domain from email address '%s'", str);
        }
        return arrayList;
    }

    private List<IdentityProviderModel> discoverHomeIdps(Domain domain, UserModel userModel, String str) {
        Map<String, String> emptyMap;
        HomeIdpDiscoveryConfig homeIdpDiscoveryConfig = new HomeIdpDiscoveryConfig(this.context.getAuthenticatorConfig());
        if (userModel == null || !homeIdpDiscoveryConfig.forwardToLinkedIdp()) {
            emptyMap = Collections.emptyMap();
            LOG.tracef("User '%s' is not stored locally or forwarding to linked IdP is disabled. Skipping discovery of linked IdPs.", str);
        } else {
            LOG.tracef("Found local user '%s' and forwarding to linked IdP is enabled. Discovering linked IdPs.", str);
            emptyMap = (Map) this.context.getSession().users().getFederatedIdentitiesStream(this.context.getRealm(), userModel).collect(Collectors.toMap((v0) -> {
                return v0.getIdentityProvider();
            }, (v0) -> {
                return v0.getUserName();
            }));
        }
        List<IdentityProviderModel> determineEnabledIdps = determineEnabledIdps();
        List<IdentityProviderModel> list = (List) ((OrganizationProvider) this.context.getSession().getProvider(OrganizationProvider.class)).getOrganizationsStreamForDomain(this.context.getRealm(), domain.toString(), homeIdpDiscoveryConfig.requireVerifiedDomain()).flatMap(organizationModel -> {
            return organizationModel.getIdentityProvidersStream();
        }).filter((v0) -> {
            return v0.isEnabled();
        }).collect(Collectors.toList());
        List<IdentityProviderModel> linkedIdpsFrom = getLinkedIdpsFrom(list, emptyMap);
        if (linkedIdpsFrom.isEmpty()) {
            if (!emptyMap.isEmpty()) {
                linkedIdpsFrom = getLinkedIdpsFrom(determineEnabledIdps, emptyMap);
            }
            if (linkedIdpsFrom.isEmpty()) {
                linkedIdpsFrom = list;
                logFoundIdps("non-linked", "matching", linkedIdpsFrom, domain, str);
            } else {
                logFoundIdps("non-linked", "non-matching", linkedIdpsFrom, domain, str);
            }
        } else {
            logFoundIdps("linked", "matching", linkedIdpsFrom, domain, str);
        }
        return linkedIdpsFrom;
    }

    private void logFoundIdps(String str, String str2, List<IdentityProviderModel> list, Domain domain, String str3) {
        LOG.tracef("Found %s IdPs [%s] with %s domain '%s' for user '%s'", new Object[]{str, (String) list.stream().map((v0) -> {
            return v0.getAlias();
        }).collect(Collectors.joining(",")), str2, domain, str3});
    }

    private List<IdentityProviderModel> getLinkedIdpsFrom(List<IdentityProviderModel> list, Map<String, String> map) {
        return (List) list.stream().filter(identityProviderModel -> {
            return map.containsKey(identityProviderModel.getAlias());
        }).collect(Collectors.toList());
    }

    private List<IdentityProviderModel> filterIdpsWithMatchingDomainFrom(List<IdentityProviderModel> list, Domain domain, HomeIdpDiscoveryConfig homeIdpDiscoveryConfig) {
        String userAttribute = homeIdpDiscoveryConfig.userAttribute();
        List<IdentityProviderModel> list2 = (List) list.stream().filter(identityProviderModel -> {
            return new IdentityProviderModelConfig(identityProviderModel).supportsDomain(userAttribute, domain);
        }).collect(Collectors.toList());
        LOG.tracef("IdPs with matching domain '%s' for attribute '%s': %s", domain, userAttribute, list2.stream().map((v0) -> {
            return v0.getAlias();
        }).collect(Collectors.joining(",")));
        return list2;
    }

    private List<IdentityProviderModel> determineEnabledIdps() {
        RealmModel realm = this.context.getRealm();
        List<IdentityProviderModel> list = (List) realm.getIdentityProvidersStream().filter((v0) -> {
            return v0.isEnabled();
        }).collect(Collectors.toList());
        LOG.tracef("Enabled IdPs in realm '%s': %s", realm.getName(), list.stream().map((v0) -> {
            return v0.getAlias();
        }).collect(Collectors.joining(",")));
        return list;
    }
}
