package org.keycloak.authentication;

import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import java.util.ArrayList;
import java.util.List;
import java.util.ListIterator;
import java.util.Objects;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.keys.Attributes;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.util.DPoPUtil;
import org.keycloak.sessions.CommonClientSessionModel;
import org.keycloak.userprofile.DeclarativeUserProfileProviderFactory;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/authentication/DefaultAuthenticationFlow.class */
public class DefaultAuthenticationFlow implements AuthenticationFlow {
    private static final Logger logger = Logger.getLogger(DefaultAuthenticationFlow.class);
    private final List<AuthenticationExecutionModel> executions;
    private final AuthenticationProcessor processor;
    private final AuthenticationFlowModel flow;
    private boolean successful = false;
    private List<AuthenticationFlowException> afeList = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.authentication.DefaultAuthenticationFlow$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/authentication/DefaultAuthenticationFlow$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$authentication$FlowStatus = new int[FlowStatus.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.FORK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.FORCE_CHALLENGE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.CHALLENGE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.FAILURE_CHALLENGE.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.ATTEMPTED.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$keycloak$authentication$FlowStatus[FlowStatus.FLOW_RESET.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public DefaultAuthenticationFlow(AuthenticationProcessor authenticationProcessor, AuthenticationFlowModel authenticationFlowModel) {
        this.processor = authenticationProcessor;
        this.flow = authenticationFlowModel;
        this.executions = (List) authenticationProcessor.getRealm().getAuthenticationExecutionsStream(authenticationFlowModel.getId()).collect(Collectors.toList());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isProcessed(AuthenticationExecutionModel authenticationExecutionModel) {
        return isProcessed(this.processor, authenticationExecutionModel);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isProcessed(AuthenticationProcessor authenticationProcessor, AuthenticationExecutionModel authenticationExecutionModel) {
        if (authenticationExecutionModel.isDisabled()) {
            return true;
        }
        CommonClientSessionModel.ExecutionStatus executionStatus = (CommonClientSessionModel.ExecutionStatus) authenticationProcessor.getAuthenticationSession().getExecutionStatus().get(authenticationExecutionModel.getId());
        if (executionStatus == null) {
            return false;
        }
        return executionStatus == CommonClientSessionModel.ExecutionStatus.SUCCESS || executionStatus == CommonClientSessionModel.ExecutionStatus.SKIPPED || executionStatus == CommonClientSessionModel.ExecutionStatus.ATTEMPTED || executionStatus == CommonClientSessionModel.ExecutionStatus.SETUP_REQUIRED;
    }

    protected Authenticator createAuthenticator(AuthenticatorFactory authenticatorFactory) {
        return authenticatorFactory.create(this.processor.getSession());
    }

    public Response processAction(String str) {
        logger.debugv("processAction: {0}", str);
        if (str == null || str.isEmpty()) {
            throw new AuthenticationFlowException("action is not in current execution", AuthenticationFlowError.INTERNAL_ERROR);
        }
        AuthenticationExecutionModel authenticationExecutionById = this.processor.getRealm().getAuthenticationExecutionById(str);
        if (authenticationExecutionById == null) {
            throw new AuthenticationFlowException("Execution not found", AuthenticationFlowError.INTERNAL_ERROR);
        }
        if ("POST".equals(this.processor.getRequest().getHttpMethod())) {
            MultivaluedMap decodedFormParameters = this.processor.getRequest().getDecodedFormParameters();
            String str2 = (String) decodedFormParameters.getFirst("authenticationExecution");
            if (decodedFormParameters.containsKey("tryAnotherWay")) {
                logger.trace("User clicked on link 'Try Another Way'");
                List<AuthenticationSelectionOption> createAuthenticationSelectionList = createAuthenticationSelectionList(authenticationExecutionById);
                AuthenticationProcessor.Result createAuthenticatorContext = this.processor.createAuthenticatorContext(authenticationExecutionById, null, null);
                createAuthenticatorContext.setAuthenticationSelections(createAuthenticationSelectionList);
                return createAuthenticatorContext.form().createSelectAuthenticator();
            }
            if (str2 != null && !str2.isEmpty()) {
                createAuthenticationSelectionList(authenticationExecutionById).stream().filter(authenticationSelectionOption -> {
                    return str2.equals(authenticationSelectionOption.getAuthExecId());
                }).findFirst().orElseThrow(() -> {
                    return new AuthenticationFlowException("Requested authentication execution is not allowed", AuthenticationFlowError.INTERNAL_ERROR);
                });
                AuthenticationExecutionModel authenticationExecutionById2 = this.processor.getRealm().getAuthenticationExecutionById(str2);
                Response processSingleFlowExecutionModel = processSingleFlowExecutionModel(authenticationExecutionById2, false);
                return processSingleFlowExecutionModel == null ? continueAuthenticationAfterSuccessfulAction(authenticationExecutionById2) : processSingleFlowExecutionModel;
            }
        }
        if (authenticationExecutionById.isAuthenticatorFlow()) {
            logger.debug("execution is flow");
            Response processAction = this.processor.createFlowExecution(authenticationExecutionById.getFlowId(), authenticationExecutionById).processAction(str);
            if (processAction == null) {
                checkAndValidateParentFlow(authenticationExecutionById);
                return processFlow();
            }
            setExecutionStatus(authenticationExecutionById, CommonClientSessionModel.ExecutionStatus.CHALLENGED);
            return processAction;
        }
        AuthenticatorFactory authenticatorFactory = getAuthenticatorFactory(authenticationExecutionById);
        Authenticator createAuthenticator = createAuthenticator(authenticatorFactory);
        AuthenticationProcessor.Result createAuthenticatorContext2 = this.processor.createAuthenticatorContext(authenticationExecutionById, createAuthenticator, this.executions);
        createAuthenticatorContext2.setAuthenticationSelections(createAuthenticationSelectionList(authenticationExecutionById));
        if (authenticatorFactory instanceof AuthenticationFlowCallbackFactory) {
            AuthenticatorUtil.setAuthCallbacksFactoryIds(this.processor.getAuthenticationSession(), authenticatorFactory.getId());
        }
        logger.debugv("action: {0}", authenticationExecutionById.getAuthenticator());
        createAuthenticator.action(createAuthenticatorContext2);
        Response processResult = processResult(createAuthenticatorContext2, true);
        return processResult == null ? continueAuthenticationAfterSuccessfulAction(authenticationExecutionById) : processResult;
    }

    private Response continueAuthenticationAfterSuccessfulAction(AuthenticationExecutionModel authenticationExecutionModel) {
        this.processor.getAuthenticationSession().removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
        AuthenticationExecutionModel authenticationExecutionByFlowId = this.processor.getRealm().getAuthenticationExecutionByFlowId(checkAndValidateParentFlow(authenticationExecutionModel));
        if (authenticationExecutionByFlowId == null) {
            return processFlow();
        }
        Response processSingleFlowExecutionModel = processSingleFlowExecutionModel(authenticationExecutionByFlowId, false);
        return processSingleFlowExecutionModel == null ? continueAuthenticationAfterSuccessfulAction(authenticationExecutionByFlowId) : processSingleFlowExecutionModel;
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x00b3, code lost:
    
        return r6.getParentFlow();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String checkAndValidateParentFlow(org.keycloak.models.AuthenticationExecutionModel r6) {
        /*
            r5 = this;
        L0:
            r0 = r5
            org.keycloak.authentication.AuthenticationProcessor r0 = r0.processor
            org.keycloak.models.RealmModel r0 = r0.getRealm()
            r1 = r6
            java.lang.String r1 = r1.getParentFlow()
            org.keycloak.models.AuthenticationExecutionModel r0 = r0.getAuthenticationExecutionByFlowId(r1)
            r7 = r0
            r0 = r7
            if (r0 == 0) goto Lb7
            java.util.LinkedList r0 = new java.util.LinkedList
            r1 = r0
            r1.<init>()
            r8 = r0
            java.util.LinkedList r0 = new java.util.LinkedList
            r1 = r0
            r1.<init>()
            r9 = r0
            r0 = r5
            r1 = r5
            org.keycloak.authentication.AuthenticationProcessor r1 = r1.processor
            org.keycloak.models.RealmModel r1 = r1.getRealm()
            r2 = r6
            java.lang.String r2 = r2.getParentFlow()
            java.util.stream.Stream r1 = r1.getAuthenticationExecutionsStream(r2)
            r2 = r8
            r3 = r9
            r0.fillListsOfExecutions(r1, r2, r3)
            r0 = r6
            boolean r0 = r0.isRequired()
            if (r0 != 0) goto L4b
            r0 = r6
            boolean r0 = r0.isConditional()
            if (r0 == 0) goto L67
        L4b:
            r0 = r8
            java.util.stream.Stream r0 = r0.stream()
            r1 = r5
            org.keycloak.authentication.AuthenticationProcessor r1 = r1.processor
            r2 = r1
            java.lang.Object r2 = java.util.Objects.requireNonNull(r2)
            java.lang.String r1 = r1::isSuccessful
            boolean r0 = r0.allMatch(r1)
            if (r0 != 0) goto L94
        L67:
            r0 = r6
            boolean r0 = r0.isAlternative()
            if (r0 == 0) goto Laf
            r0 = r9
            java.util.stream.Stream r0 = r0.stream()
            r1 = r5
            org.keycloak.authentication.AuthenticationProcessor r1 = r1.processor
            r2 = r1
            java.lang.Object r2 = java.util.Objects.requireNonNull(r2)
            java.lang.String r1 = r1::isSuccessful
            boolean r0 = r0.anyMatch(r1)
            if (r0 == 0) goto Laf
            r0 = r8
            boolean r0 = r0.isEmpty()
            if (r0 == 0) goto Laf
        L94:
            org.jboss.logging.Logger r0 = org.keycloak.authentication.DefaultAuthenticationFlow.logger
            java.lang.String r1 = "Flow '%s' successfully finished after children executions success"
            r2 = r5
            r3 = r7
            java.lang.String r2 = r2.logExecutionAlias(r3)
            r0.debugf(r1, r2)
            r0 = r5
            r1 = r7
            org.keycloak.sessions.CommonClientSessionModel$ExecutionStatus r2 = org.keycloak.sessions.CommonClientSessionModel.ExecutionStatus.SUCCESS
            r0.setExecutionStatus(r1, r2)
            r0 = r7
            r6 = r0
            goto Lb4
        Laf:
            r0 = r6
            java.lang.String r0 = r0.getParentFlow()
            return r0
        Lb4:
            goto Lbc
        Lb7:
            r0 = r6
            java.lang.String r0 = r0.getParentFlow()
            return r0
        Lbc:
            goto L0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.keycloak.authentication.DefaultAuthenticationFlow.checkAndValidateParentFlow(org.keycloak.models.AuthenticationExecutionModel):java.lang.String");
    }

    public Response processFlow() {
        Response processSingleFlowExecutionModel;
        logger.debugf("processFlow: %s", this.flow.getAlias());
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        fillListsOfExecutions(this.executions.stream(), arrayList, arrayList2);
        boolean z = true;
        ListIterator<AuthenticationExecutionModel> listIterator = arrayList.listIterator();
        while (listIterator.hasNext()) {
            AuthenticationExecutionModel next = listIterator.next();
            if (!next.isConditional() || isProcessed(next) || !isConditionalSubflowDisabled(next)) {
                Response processSingleFlowExecutionModel2 = processSingleFlowExecutionModel(next, true);
                z &= this.processor.isSuccessful(next) || isSetupRequired(next);
                if (processSingleFlowExecutionModel2 != null) {
                    return processSingleFlowExecutionModel2;
                }
                if (!z) {
                    break;
                }
            } else {
                listIterator.remove();
            }
        }
        if (!arrayList.isEmpty()) {
            if (z) {
                return onFlowExecutionsSuccessful();
            }
            return null;
        }
        if (arrayList2.stream().anyMatch(authenticationExecutionModel -> {
            return this.processor.isSuccessful(authenticationExecutionModel) || isSetupRequired(authenticationExecutionModel);
        })) {
            return onFlowExecutionsSuccessful();
        }
        for (AuthenticationExecutionModel authenticationExecutionModel2 : arrayList2) {
            try {
                processSingleFlowExecutionModel = processSingleFlowExecutionModel(authenticationExecutionModel2, true);
            } catch (AuthenticationFlowException e) {
                this.afeList.add(e);
                setExecutionStatus(authenticationExecutionModel2, CommonClientSessionModel.ExecutionStatus.ATTEMPTED);
            }
            if (processSingleFlowExecutionModel != null) {
                return processSingleFlowExecutionModel;
            }
            if (this.processor.isSuccessful(authenticationExecutionModel2) || isSetupRequired(authenticationExecutionModel2)) {
                return onFlowExecutionsSuccessful();
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fillListsOfExecutions(Stream<AuthenticationExecutionModel> stream, List<AuthenticationExecutionModel> list, List<AuthenticationExecutionModel> list2) {
        Predicate predicate = this::isConditionalAuthenticator;
        stream.filter(predicate.negate()).forEachOrdered(authenticationExecutionModel -> {
            if (authenticationExecutionModel.isRequired() || authenticationExecutionModel.isConditional()) {
                list.add(authenticationExecutionModel);
            } else if (authenticationExecutionModel.isAlternative()) {
                list2.add(authenticationExecutionModel);
            }
        });
        if (list.isEmpty() || list2.isEmpty()) {
            return;
        }
        logger.warnf("REQUIRED and ALTERNATIVE elements at same level! Those alternative executions will be ignored: %s", (List) list2.stream().map((v0) -> {
            return v0.getAuthenticator();
        }).collect(Collectors.toList()));
        list2.clear();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isConditionalSubflowDisabled(AuthenticationExecutionModel authenticationExecutionModel) {
        if (authenticationExecutionModel == null || !authenticationExecutionModel.isAuthenticatorFlow() || !authenticationExecutionModel.isConditional()) {
            return false;
        }
        List list = (List) this.processor.getRealm().getAuthenticationExecutionsStream(authenticationExecutionModel.getFlowId()).collect(Collectors.toList());
        List list2 = (List) list.stream().filter(this::isConditionalAuthenticator).filter(authenticationExecutionModel2 -> {
            return authenticationExecutionModel2.isEnabled();
        }).collect(Collectors.toList());
        boolean z = list2.isEmpty() || list2.stream().anyMatch(authenticationExecutionModel3 -> {
            return conditionalNotMatched(authenticationExecutionModel3, list);
        });
        logger.tracef("Conditional subflow '%s' is %s", logExecutionAlias(authenticationExecutionModel), z ? "disabled" : Attributes.ENABLED_KEY);
        return z;
    }

    private boolean isConditionalAuthenticator(AuthenticationExecutionModel authenticationExecutionModel) {
        return (authenticationExecutionModel.isAuthenticatorFlow() || authenticationExecutionModel.getAuthenticator() == null || !(createAuthenticator(getAuthenticatorFactory(authenticationExecutionModel)) instanceof ConditionalAuthenticator)) ? false : true;
    }

    private AuthenticatorFactory getAuthenticatorFactory(AuthenticationExecutionModel authenticationExecutionModel) {
        AuthenticatorFactory providerFactory = this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel.getAuthenticator());
        if (providerFactory == null) {
            throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + authenticationExecutionModel.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
        }
        return providerFactory;
    }

    private boolean conditionalNotMatched(AuthenticationExecutionModel authenticationExecutionModel, List<AuthenticationExecutionModel> list) {
        ConditionalAuthenticator conditionalAuthenticator = (ConditionalAuthenticator) createAuthenticator(getAuthenticatorFactory(authenticationExecutionModel));
        boolean matchCondition = conditionalAuthenticator.matchCondition(this.processor.createAuthenticatorContext(authenticationExecutionModel, conditionalAuthenticator, list));
        setExecutionStatus(authenticationExecutionModel, matchCondition ? CommonClientSessionModel.ExecutionStatus.EVALUATED_TRUE : CommonClientSessionModel.ExecutionStatus.EVALUATED_FALSE);
        return !matchCondition;
    }

    private boolean isSetupRequired(AuthenticationExecutionModel authenticationExecutionModel) {
        return CommonClientSessionModel.ExecutionStatus.SETUP_REQUIRED.equals(this.processor.getAuthenticationSession().getExecutionStatus().get(authenticationExecutionModel.getId()));
    }

    private Response processSingleFlowExecutionModel(AuthenticationExecutionModel authenticationExecutionModel, boolean z) {
        logger.debugf("check execution: '%s', requirement: '%s'", logExecutionAlias(authenticationExecutionModel), authenticationExecutionModel.getRequirement());
        if (isProcessed(authenticationExecutionModel)) {
            logger.debugf("execution '%s' is processed", logExecutionAlias(authenticationExecutionModel));
            return null;
        }
        if (authenticationExecutionModel.isAuthenticatorFlow()) {
            AuthenticationFlow createFlowExecution = this.processor.createFlowExecution(authenticationExecutionModel.getFlowId(), authenticationExecutionModel);
            Response processFlow = createFlowExecution.processFlow();
            if (processFlow != null) {
                setExecutionStatus(authenticationExecutionModel, CommonClientSessionModel.ExecutionStatus.CHALLENGED);
                return processFlow;
            }
            if (createFlowExecution.isSuccessful()) {
                logger.debugf("Flow '%s' successfully finished", logExecutionAlias(authenticationExecutionModel));
                setExecutionStatus(authenticationExecutionModel, CommonClientSessionModel.ExecutionStatus.SUCCESS);
                return null;
            }
            logger.debugf("Flow '%s' failed", logExecutionAlias(authenticationExecutionModel));
            setExecutionStatus(authenticationExecutionModel, CommonClientSessionModel.ExecutionStatus.FAILED);
            return null;
        }
        AuthenticatorFactory authenticatorFactory = getAuthenticatorFactory(authenticationExecutionModel);
        Authenticator createAuthenticator = createAuthenticator(authenticatorFactory);
        logger.debugv("authenticator: {0}", authenticatorFactory.getId());
        UserModel authenticatedUser = this.processor.getAuthenticationSession().getAuthenticatedUser();
        List<AuthenticationSelectionOption> createAuthenticationSelectionList = createAuthenticationSelectionList(authenticationExecutionModel);
        if (!createAuthenticationSelectionList.isEmpty() && z) {
            List list = (List) createAuthenticationSelectionList.stream().filter(authenticationSelectionOption -> {
                return (authenticationSelectionOption.getAuthenticationExecution().isAuthenticatorFlow() || isProcessed(authenticationSelectionOption.getAuthenticationExecution())) ? false : true;
            }).collect(Collectors.toList());
            if (list.isEmpty()) {
                return null;
            }
            authenticationExecutionModel = ((AuthenticationSelectionOption) list.get(0)).getAuthenticationExecution();
            authenticatorFactory = (AuthenticatorFactory) this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel.getAuthenticator());
            if (authenticatorFactory == null) {
                throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + authenticationExecutionModel.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
            }
            createAuthenticator = createAuthenticator(authenticatorFactory);
        }
        AuthenticationProcessor.Result createAuthenticatorContext = this.processor.createAuthenticatorContext(authenticationExecutionModel, createAuthenticator, this.executions);
        createAuthenticatorContext.setAuthenticationSelections(createAuthenticationSelectionList);
        if (createAuthenticator.requiresUser()) {
            if (authenticatedUser == null) {
                throw new AuthenticationFlowException("authenticator '" + authenticatorFactory.getId() + "' requires user to be set in the authentication context by previous authenticators, but user is not set yet", AuthenticationFlowError.UNKNOWN_USER);
            }
            if (!createAuthenticator.configuredFor(this.processor.getSession(), this.processor.getRealm(), authenticatedUser)) {
                if (!authenticatorFactory.isUserSetupAllowed() || !authenticationExecutionModel.isRequired() || !createAuthenticator.areRequiredActionsEnabled(this.processor.getSession(), this.processor.getRealm())) {
                    throw new AuthenticationFlowException("authenticator: " + authenticatorFactory.getId(), AuthenticationFlowError.CREDENTIAL_SETUP_REQUIRED);
                }
                logger.debugv("authenticator SETUP_REQUIRED: {0}", authenticatorFactory.getId());
                setExecutionStatus(authenticationExecutionModel, CommonClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
                createAuthenticator.setRequiredActions(this.processor.getSession(), this.processor.getRealm(), this.processor.getAuthenticationSession().getAuthenticatedUser());
                return null;
            }
        } else if (authenticatedUser != null && !createAuthenticator.configuredFor(this.processor.getSession(), this.processor.getRealm(), authenticatedUser) && !authenticatorFactory.isUserSetupAllowed() && (createAuthenticator instanceof CredentialValidator)) {
            throw new AuthenticationFlowException("authenticator: " + authenticatorFactory.getId(), AuthenticationFlowError.CREDENTIAL_SETUP_REQUIRED);
        }
        logger.debugv("invoke authenticator.authenticate: {0}", authenticatorFactory.getId());
        createAuthenticator.authenticate(createAuthenticatorContext);
        return processResult(createAuthenticatorContext, false);
    }

    private String logExecutionAlias(AuthenticationExecutionModel authenticationExecutionModel) {
        AuthenticationFlowModel authenticationFlowById;
        return authenticationExecutionModel.isAuthenticatorFlow() ? (!logger.isDebugEnabled() || (authenticationFlowById = this.processor.getRealm().getAuthenticationFlowById(authenticationExecutionModel.getFlowId())) == null) ? authenticationExecutionModel.getFlowId() + " flow" : authenticationFlowById.getAlias() + " flow" : authenticationExecutionModel.getAuthenticator();
    }

    private List<AuthenticationSelectionOption> createAuthenticationSelectionList(AuthenticationExecutionModel authenticationExecutionModel) {
        return AuthenticationSelectionResolver.createAuthenticationSelectionList(this.processor, authenticationExecutionModel);
    }

    public Response processResult(AuthenticationProcessor.Result result, boolean z) {
        AuthenticationExecutionModel execution = result.getExecution();
        switch (AnonymousClass1.$SwitchMap$org$keycloak$authentication$FlowStatus[result.getStatus().ordinal()]) {
            case DeclarativeUserProfileProviderFactory.PROVIDER_PRIORITY /* 1 */:
                logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator());
                setExecutionStatus(execution, CommonClientSessionModel.ExecutionStatus.SUCCESS);
                AuthenticatorUtils.updateCompletedExecutions(this.processor.getAuthenticationSession(), this.processor.getUserSession(), execution.getId());
                return null;
            case DPoPUtil.DEFAULT_ALLOWED_CLOCK_SKEW /* 2 */:
                logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator());
                this.processor.logFailure();
                setExecutionStatus(execution, CommonClientSessionModel.ExecutionStatus.FAILED);
                if (result.getChallenge() != null) {
                    return sendChallenge(result, execution);
                }
                throw new AuthenticationFlowException(result.getError(), result.getEventDetails(), result.getUserErrorMessage());
            case 3:
                logger.debugv("reset browser login from authenticator: {0}", execution.getAuthenticator());
                this.processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution.getId());
                throw new ForkFlowException(result.getSuccessMessage(), result.getErrorMessage());
            case 4:
            case 5:
                setExecutionStatus(execution, CommonClientSessionModel.ExecutionStatus.CHALLENGED);
                return sendChallenge(result, execution);
            case 6:
                logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator());
                this.processor.logFailure();
                setExecutionStatus(execution, CommonClientSessionModel.ExecutionStatus.CHALLENGED);
                return sendChallenge(result, execution);
            case 7:
                logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator());
                setExecutionStatus(execution, CommonClientSessionModel.ExecutionStatus.ATTEMPTED);
                return null;
            case 8:
                this.processor.resetFlow();
                return this.processor.authenticate();
            default:
                logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
                ServicesLogger.LOGGER.unknownResultStatus();
                throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
        }
    }

    public Response sendChallenge(AuthenticationProcessor.Result result, AuthenticationExecutionModel authenticationExecutionModel) {
        this.processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, authenticationExecutionModel.getId());
        return result.getChallenge();
    }

    public boolean isSuccessful() {
        return this.successful;
    }

    public List<AuthenticationFlowException> getFlowExceptions() {
        return this.afeList;
    }

    private void setExecutionStatus(AuthenticationExecutionModel authenticationExecutionModel, CommonClientSessionModel.ExecutionStatus executionStatus) {
        this.processor.getAuthenticationSession().setExecutionStatus(authenticationExecutionModel.getId(), executionStatus);
        logger.tracef("Set execution status: Execution: %s, status: %s", logExecutionAlias(authenticationExecutionModel), executionStatus);
        if (authenticationExecutionModel.isAuthenticatorFlow() && executionStatus == CommonClientSessionModel.ExecutionStatus.SUCCESS) {
            this.processor.getRealm().getAuthenticationExecutionsStream(authenticationExecutionModel.getFlowId()).forEach(this::checkAuthCallback);
        }
    }

    private void checkAuthCallback(AuthenticationExecutionModel authenticationExecutionModel) {
        CommonClientSessionModel.ExecutionStatus executionStatus = (CommonClientSessionModel.ExecutionStatus) this.processor.getAuthenticationSession().getExecutionStatus().get(authenticationExecutionModel.getId());
        if ((executionStatus == CommonClientSessionModel.ExecutionStatus.SUCCESS || executionStatus == CommonClientSessionModel.ExecutionStatus.EVALUATED_TRUE) && !authenticationExecutionModel.isAuthenticatorFlow()) {
            AuthenticatorFactory authenticatorFactory = getAuthenticatorFactory(authenticationExecutionModel);
            if (authenticatorFactory instanceof AuthenticationFlowCallbackFactory) {
                Authenticator authenticator = (AuthenticationFlowCallback) createAuthenticator(authenticatorFactory);
                logger.tracef("Will trigger callback '%s' after successful finish of the flow '%s'", authenticatorFactory.getId(), authenticationExecutionModel.getParentFlow());
                authenticator.onParentFlowSuccess(this.processor.createAuthenticatorContext(authenticationExecutionModel, authenticator, null));
                AuthenticatorUtil.setAuthCallbacksFactoryIds(this.processor.getAuthenticationSession(), authenticatorFactory.getId());
            }
        }
    }

    private Response onFlowExecutionsSuccessful() {
        if (this.flow.isTopLevel()) {
            logger.debugf("Authentication successful of the top flow '%s'", this.flow.getAlias());
            executeTopFlowSuccessCallbacks();
        }
        this.successful = true;
        return null;
    }

    private void executeTopFlowSuccessCallbacks() {
        Stream filter = AuthenticatorUtil.getAuthCallbacksFactoryIds(this.processor.getAuthenticationSession()).stream().filter(StringUtil::isNotBlank).map(str -> {
            return this.processor.getSession().getProvider(Authenticator.class, str);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        });
        Class<AuthenticationFlowCallback> cls = AuthenticationFlowCallback.class;
        Objects.requireNonNull(AuthenticationFlowCallback.class);
        Stream filter2 = filter.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<AuthenticationFlowCallback> cls2 = AuthenticationFlowCallback.class;
        Objects.requireNonNull(AuthenticationFlowCallback.class);
        filter2.map((v1) -> {
            return r1.cast(v1);
        }).forEach(authenticationFlowCallback -> {
            authenticationFlowCallback.onTopFlowSuccess(this.flow);
        });
    }
}
