package org.keycloak.authentication.authenticators.broker;

import jakarta.ws.rs.core.MultivaluedMap;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.UserModelDelegate;
import org.keycloak.services.validation.Validation;
import org.keycloak.userprofile.AttributeChangeListener;
import org.keycloak.userprofile.UserProfile;
import org.keycloak.userprofile.UserProfileContext;
import org.keycloak.userprofile.UserProfileProvider;
import org.keycloak.userprofile.ValidationException;

/* loaded from: input_file:org/keycloak/authentication/authenticators/broker/IdpReviewProfileAuthenticator.class */
public class IdpReviewProfileAuthenticator extends AbstractIdpAuthenticator {
    private static final Logger logger = Logger.getLogger(IdpReviewProfileAuthenticator.class);

    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        IdentityProviderModel idpConfig = brokeredIdentityContext.getIdpConfig();
        if (!requiresUpdateProfilePage(authenticationFlowContext, serializedBrokeredIdentityContext, brokeredIdentityContext)) {
            authenticationFlowContext.success();
        } else {
            logger.debugf("Identity provider '%s' requires update profile action for broker user '%s'.", idpConfig.getAlias(), serializedBrokeredIdentityContext.getUsername());
            authenticationFlowContext.challenge(authenticationFlowContext.form().setAttribute("updateProfileCtx", serializedBrokeredIdentityContext).setFormData((MultivaluedMap) null).createUpdateProfilePage());
        }
    }

    protected boolean requiresUpdateProfilePage(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        if (Boolean.parseBoolean(authenticationFlowContext.getAuthenticationSession().getAuthNote(AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE))) {
            return true;
        }
        AuthenticatorConfigModel authenticatorConfig = authenticationFlowContext.getAuthenticatorConfig();
        String str = (authenticatorConfig == null || !authenticatorConfig.getConfig().containsKey(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN)) ? "missing" : (String) authenticatorConfig.getConfig().get(IdpReviewProfileAuthenticatorFactory.UPDATE_PROFILE_ON_FIRST_LOGIN);
        if (!"missing".equals(str)) {
            return "on".equals(str);
        }
        try {
            authenticationFlowContext.getSession().getProvider(UserProfileProvider.class).create(UserProfileContext.IDP_REVIEW, serializedBrokeredIdentityContext.getAttributes()).validate();
            return false;
        } catch (ValidationException e) {
            return true;
        }
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void actionImpl(AuthenticationFlowContext authenticationFlowContext, final SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        EventBuilder event = authenticationFlowContext.getEvent();
        event.event(EventType.UPDATE_PROFILE).detail("context", UserProfileContext.IDP_REVIEW.name());
        MultivaluedMap decodedFormParameters = authenticationFlowContext.getHttpRequest().getDecodedFormParameters();
        UserModelDelegate userModelDelegate = new UserModelDelegate(null) { // from class: org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticator.1
            public String getId() {
                return serializedBrokeredIdentityContext.getId();
            }

            public Map<String, List<String>> getAttributes() {
                return serializedBrokeredIdentityContext.getAttributes();
            }

            public Stream<String> getAttributeStream(String str) {
                return serializedBrokeredIdentityContext.getAttribute(str).stream();
            }

            public void setAttribute(String str, List<String> list) {
                serializedBrokeredIdentityContext.setAttribute(str, list);
            }

            public void removeAttribute(String str) {
                serializedBrokeredIdentityContext.getAttributes().remove(str);
            }

            public String getFirstAttribute(String str) {
                return serializedBrokeredIdentityContext.getFirstAttribute(str);
            }

            public String getFirstName() {
                return serializedBrokeredIdentityContext.getFirstName();
            }

            public void setFirstName(String str) {
                serializedBrokeredIdentityContext.setFirstName(str);
            }

            public String getEmail() {
                return serializedBrokeredIdentityContext.getEmail();
            }

            public void setEmail(String str) {
                serializedBrokeredIdentityContext.setEmail(str);
            }

            public String getLastName() {
                return serializedBrokeredIdentityContext.getLastName();
            }

            public void setLastName(String str) {
                serializedBrokeredIdentityContext.setLastName(str);
            }

            public String getUsername() {
                return serializedBrokeredIdentityContext.getUsername();
            }

            public void setUsername(String str) {
                serializedBrokeredIdentityContext.setUsername(str);
            }

            public String getServiceAccountClientLink() {
                return null;
            }
        };
        UserProfileProvider provider = authenticationFlowContext.getSession().getProvider(UserProfileProvider.class);
        HashMap hashMap = new HashMap((Map) decodedFormParameters);
        hashMap.putIfAbsent("username", Collections.singletonList(userModelDelegate.getUsername()));
        UserProfile create = provider.create(UserProfileContext.IDP_REVIEW, hashMap, userModelDelegate);
        try {
            String email = serializedBrokeredIdentityContext.getEmail();
            create.update(new AttributeChangeListener[]{(str, userModel, list) -> {
                if (str.equals("email")) {
                    authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.UPDATE_PROFILE_EMAIL_CHANGED, "true");
                    event.clone().event(EventType.UPDATE_EMAIL).detail("context", UserProfileContext.IDP_REVIEW.name()).detail("previous_email", email).detail("updated_email", create.getAttributes().getFirst("email")).success();
                }
            }});
            serializedBrokeredIdentityContext.saveToAuthenticationSession(authenticationFlowContext.getAuthenticationSession(), AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
            logger.debugf("Profile updated successfully after first authentication with identity provider '%s' for broker user '%s'.", brokeredIdentityContext.getIdpConfig().getAlias(), serializedBrokeredIdentityContext.getUsername());
            event.detail("updated_email", create.getAttributes().getFirst("email"));
            authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE, "true");
            authenticationFlowContext.success();
        } catch (ValidationException e) {
            authenticationFlowContext.challenge(authenticationFlowContext.form().setErrors(Validation.getFormErrorsFromValidation(e.getErrors())).setAttribute("updateProfileCtx", serializedBrokeredIdentityContext).setFormData(decodedFormParameters).createUpdateProfilePage());
        }
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }
}
