package io.phasetwo.service.auth;

import io.phasetwo.service.Orgs;
import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowException;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:io/phasetwo/service/auth/PostOrgAuthFlow.class */
public class PostOrgAuthFlow {
    private static final Logger log = Logger.getLogger(PostOrgAuthFlow.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setStatus(AuthenticationFlowContext authenticationFlowContext) {
        if (authenticationFlowContext.getExecution().getRequirement() == AuthenticationExecutionModel.Requirement.REQUIRED) {
            authenticationFlowContext.success();
        } else {
            authenticationFlowContext.attempted();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BrokeredIdentityContext getBrokeredIdentityContext(AuthenticationFlowContext authenticationFlowContext) {
        AuthenticationSessionModel authenticationSession = authenticationFlowContext.getAuthenticationSession();
        SerializedBrokeredIdentityContext readFromAuthenticationSession = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationSession, "BROKERED_CONTEXT");
        if (readFromAuthenticationSession == null) {
            readFromAuthenticationSession = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationSession, "PBL_BROKERED_IDENTITY_CONTEXT");
        }
        if (readFromAuthenticationSession == null) {
            throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
        }
        return readFromAuthenticationSession.deserialize(authenticationFlowContext.getSession(), authenticationSession);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean brokeredIdpEnabled(AuthenticationFlowContext authenticationFlowContext, BrokeredIdentityContext brokeredIdentityContext) {
        if (brokeredIdentityContext.getIdpConfig().isEnabled()) {
            return true;
        }
        authenticationFlowContext.getEvent().user(authenticationFlowContext.getUser()).error("identity_provider_error");
        authenticationFlowContext.failureChallenge(AuthenticationFlowError.IDENTITY_PROVIDER_ERROR, authenticationFlowContext.form().setError("identityProviderUnexpectedErrorMessage", new Object[0]).createErrorPage(Response.Status.BAD_REQUEST));
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void realmPostCreate(RealmModel.RealmPostCreateEvent realmPostCreateEvent, String str) {
        KeycloakSession keycloakSession = realmPostCreateEvent.getKeycloakSession();
        RealmModel createdRealm = realmPostCreateEvent.getCreatedRealm();
        AuthenticationFlowModel flowByAlias = createdRealm.getFlowByAlias(Orgs.ORG_AUTH_FLOW_ALIAS);
        if (flowByAlias == null) {
            log.infof("creating built-in auth flow for %s", Orgs.ORG_AUTH_FLOW_ALIAS);
            AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
            authenticationFlowModel.setAlias(Orgs.ORG_AUTH_FLOW_ALIAS);
            authenticationFlowModel.setBuiltIn(true);
            authenticationFlowModel.setProviderId("basic-flow");
            authenticationFlowModel.setDescription("Post broker login flow used for organization IdPs.");
            authenticationFlowModel.setTopLevel(true);
            flowByAlias = createdRealm.addAuthenticationFlow(authenticationFlowModel);
        }
        if (createdRealm.getAuthenticationExecutionsStream(flowByAlias.getId()).filter(authenticationExecutionModel -> {
            return str.equals(authenticationExecutionModel.getAuthenticator());
        }).count() > 0) {
            return;
        }
        log.infof("adding execution %s for auth flow for %s", str, Orgs.ORG_AUTH_FLOW_ALIAS);
        keycloakSession.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, str);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(flowByAlias.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        authenticationExecutionModel2.setAuthenticator(str);
        createdRealm.addAuthenticatorExecution(authenticationExecutionModel2);
    }
}
