package org.keycloak.authentication.authenticators.broker;

import java.util.List;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;

/* loaded from: input_file:org/keycloak/authentication/authenticators/broker/IdpCreateUserIfUniqueAuthenticator.class */
public class IdpCreateUserIfUniqueAuthenticator extends AbstractIdpAuthenticator {
    private static Logger logger = Logger.getLogger(IdpCreateUserIfUniqueAuthenticator.class);

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void actionImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        KeycloakSession session = authenticationFlowContext.getSession();
        RealmModel realm = authenticationFlowContext.getRealm();
        if (authenticationFlowContext.getAuthenticationSession().getAuthNote(AbstractIdpAuthenticator.EXISTING_USER_INFO) != null) {
            authenticationFlowContext.attempted();
            return;
        }
        String username = getUsername(authenticationFlowContext, serializedBrokeredIdentityContext, brokeredIdentityContext);
        if (username == null) {
            ServicesLogger.LOGGER.resetFlow(realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
            authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE, "true");
            authenticationFlowContext.resetFlow();
            return;
        }
        ExistingUserInfo checkExistingUser = checkExistingUser(authenticationFlowContext, username, serializedBrokeredIdentityContext, brokeredIdentityContext);
        if (checkExistingUser != null) {
            logger.debugf("Duplication detected. There is already existing user with %s '%s' .", checkExistingUser.getDuplicateAttributeName(), checkExistingUser.getDuplicateAttributeValue());
            authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.EXISTING_USER_INFO, checkExistingUser.serialize());
            if (!authenticationFlowContext.getExecution().isRequired()) {
                authenticationFlowContext.attempted();
                return;
            } else {
                authenticationFlowContext.challenge(authenticationFlowContext.form().setError(Messages.FEDERATED_IDENTITY_EXISTS, new Object[]{checkExistingUser.getDuplicateAttributeName(), checkExistingUser.getDuplicateAttributeValue()}).createErrorPage(Response.Status.CONFLICT));
                authenticationFlowContext.getEvent().user(checkExistingUser.getExistingUserId()).detail("existing_" + checkExistingUser.getDuplicateAttributeName(), checkExistingUser.getDuplicateAttributeValue()).removeDetail("auth_method").removeDetail("auth_type").error("federated_identity_account_exists");
                return;
            }
        }
        logger.debugf("No duplication detected. Creating account for user '%s' and linking with identity provider '%s' .", username, brokeredIdentityContext.getIdpConfig().getAlias());
        UserModel addUser = session.users().addUser(realm, username);
        addUser.setEnabled(true);
        for (Map.Entry<String, List<String>> entry : serializedBrokeredIdentityContext.getAttributes().entrySet()) {
            if (!"username".equalsIgnoreCase(entry.getKey())) {
                addUser.setAttribute(entry.getKey(), entry.getValue());
            }
        }
        AuthenticatorConfigModel authenticatorConfig = authenticationFlowContext.getAuthenticatorConfig();
        if (authenticatorConfig != null && Boolean.parseBoolean((String) authenticatorConfig.getConfig().get(IdpCreateUserIfUniqueAuthenticatorFactory.REQUIRE_PASSWORD_UPDATE_AFTER_REGISTRATION))) {
            logger.debugf("User '%s' required to update password", addUser.getUsername());
            addUser.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
        }
        userRegisteredSuccess(authenticationFlowContext, addUser, serializedBrokeredIdentityContext, brokeredIdentityContext);
        authenticationFlowContext.setUser(addUser);
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.BROKER_REGISTERED_NEW_USER, "true");
        authenticationFlowContext.success();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ExistingUserInfo checkExistingUser(AuthenticationFlowContext authenticationFlowContext, String str, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        UserModel userByEmail;
        if (brokeredIdentityContext.getEmail() != null && !authenticationFlowContext.getRealm().isDuplicateEmailsAllowed() && (userByEmail = authenticationFlowContext.getSession().users().getUserByEmail(authenticationFlowContext.getRealm(), brokeredIdentityContext.getEmail())) != null) {
            return new ExistingUserInfo(userByEmail.getId(), "email", userByEmail.getEmail());
        }
        UserModel userByUsername = authenticationFlowContext.getSession().users().getUserByUsername(authenticationFlowContext.getRealm(), str);
        if (userByUsername != null) {
            return new ExistingUserInfo(userByUsername.getId(), "username", userByUsername.getUsername());
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUsername(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        return authenticationFlowContext.getRealm().isRegistrationEmailAsUsername() ? brokeredIdentityContext.getEmail() : brokeredIdentityContext.getModelUsername();
    }

    protected void userRegisteredSuccess(AuthenticationFlowContext authenticationFlowContext, UserModel userModel, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }
}
