package org.keycloak.authentication;

import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.authentication.actiontoken.ActionTokenContext;
import org.keycloak.authentication.actiontoken.DefaultActionToken;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.reflections.Types;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.CredentialProviderFactory;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.http.HttpRequest;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/authentication/AuthenticatorUtil.class */
public class AuthenticatorUtil {
    private static final Logger logger = Logger.getLogger(AuthenticatorUtil.class);
    public static String CALLBACKS_FACTORY_IDS_NOTE = "callbacksFactoryProviderIds";

    public static boolean isSSOAuthentication(AuthenticationSessionModel authenticationSessionModel) {
        return "true".equals(authenticationSessionModel.getAuthNote(AuthenticationManager.SSO_AUTH));
    }

    public static boolean isForcedReauthentication(AuthenticationSessionModel authenticationSessionModel) {
        return "true".equals(authenticationSessionModel.getAuthNote(AuthenticationManager.FORCED_REAUTHENTICATION));
    }

    public static boolean isPasswordValidated(AuthenticationSessionModel authenticationSessionModel) {
        return "true".equals(authenticationSessionModel.getAuthNote(AuthenticationManager.PASSWORD_VALIDATED));
    }

    public static boolean isForkedFlow(AuthenticationSessionModel authenticationSessionModel) {
        return authenticationSessionModel.getAuthNote(AuthenticationProcessor.FORKED_FROM) != null;
    }

    public static void setAuthCallbacksFactoryIds(AuthenticationSessionModel authenticationSessionModel, String str) {
        if (authenticationSessionModel == null || StringUtil.isBlank(str)) {
            return;
        }
        String authNote = authenticationSessionModel.getAuthNote(CALLBACKS_FACTORY_IDS_NOTE);
        if (!StringUtil.isNotBlank(authNote)) {
            authenticationSessionModel.setAuthNote(CALLBACKS_FACTORY_IDS_NOTE, str);
            return;
        }
        if (authNote.equals(str) || authNote.contains("##" + str) || authNote.contains(str + "##")) {
            return;
        }
        authenticationSessionModel.setAuthNote(CALLBACKS_FACTORY_IDS_NOTE, authNote + "##" + str);
    }

    public static Set<String> getAuthCallbacksFactoryIds(AuthenticationSessionModel authenticationSessionModel) {
        if (authenticationSessionModel == null) {
            return Collections.emptySet();
        }
        String authNote = authenticationSessionModel.getAuthNote(CALLBACKS_FACTORY_IDS_NOTE);
        if (!StringUtil.isNotBlank(authNote)) {
            return Collections.emptySet();
        }
        String[] split = authNote.split("##");
        HashSet hashSet = new HashSet(split.length);
        for (String str : split) {
            hashSet.add(str);
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public static List<AuthenticationExecutionModel> getExecutionsByType(RealmModel realmModel, String str, String str2) {
        LinkedList linkedList = new LinkedList();
        realmModel.getAuthenticationExecutionsStream(str).forEach(authenticationExecutionModel -> {
            if (str2.equals(authenticationExecutionModel.getAuthenticator())) {
                linkedList.add(authenticationExecutionModel);
            } else {
                if (!authenticationExecutionModel.isAuthenticatorFlow() || authenticationExecutionModel.getFlowId() == null) {
                    return;
                }
                linkedList.addAll(getExecutionsByType(realmModel, authenticationExecutionModel.getFlowId(), str2));
            }
        });
        return linkedList;
    }

    public static AuthenticationFlowModel getTopParentFlow(RealmModel realmModel, AuthenticationExecutionModel authenticationExecutionModel) {
        if (authenticationExecutionModel.getParentFlow() == null) {
            throw new IllegalStateException("Execution '" + authenticationExecutionModel.getId() + "' does not have parent flow in realm " + realmModel.getName());
        }
        AuthenticationFlowModel authenticationFlowById = realmModel.getAuthenticationFlowById(authenticationExecutionModel.getParentFlow());
        if (authenticationFlowById == null) {
            throw new IllegalStateException("Flow '" + authenticationExecutionModel.getParentFlow() + "' referenced from execution '" + authenticationExecutionModel.getId() + "' not found in realm " + realmModel.getName());
        }
        if (authenticationFlowById.isTopLevel()) {
            return authenticationFlowById;
        }
        AuthenticationExecutionModel authenticationExecutionByFlowId = realmModel.getAuthenticationExecutionByFlowId(authenticationFlowById.getId());
        if (authenticationExecutionByFlowId == null) {
            throw new IllegalStateException("Not found execution referenced by flow '" + authenticationFlowById.getId() + "' in realm " + realmModel.getName());
        }
        return getTopParentFlow(realmModel, authenticationExecutionByFlowId);
    }

    public static void logoutOtherSessions(RequiredActionContext requiredActionContext) {
        logoutOtherSessions(requiredActionContext.getSession(), requiredActionContext.getRealm(), requiredActionContext.getUser(), requiredActionContext.getAuthenticationSession(), requiredActionContext.getConnection(), requiredActionContext.getHttpRequest(), requiredActionContext.getEvent().clone().detail("logout_triggered_by_required_action", requiredActionContext.getAction()));
    }

    public static void logoutOtherSessions(DefaultActionToken defaultActionToken, ActionTokenContext<? extends DefaultActionToken> actionTokenContext) {
        logoutOtherSessions(actionTokenContext.getSession(), actionTokenContext.getRealm(), actionTokenContext.getAuthenticationSession().getAuthenticatedUser(), actionTokenContext.getAuthenticationSession(), actionTokenContext.getClientConnection(), actionTokenContext.getRequest(), actionTokenContext.getEvent().clone().detail("logout_triggered_by_action_token", defaultActionToken.getActionId()));
    }

    private static void logoutOtherSessions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, AuthenticationSessionModel authenticationSessionModel, ClientConnection clientConnection, HttpRequest httpRequest, EventBuilder eventBuilder) {
        ((List) keycloakSession.sessions().getUserSessionsStream(realmModel, userModel).filter(userSessionModel -> {
            return !Objects.equals(userSessionModel.getId(), authenticationSessionModel.getParentSession().getId());
        }).collect(Collectors.toList())).forEach(userSessionModel2 -> {
            AuthenticationManager.backchannelLogout(keycloakSession, realmModel, userSessionModel2, keycloakSession.getContext().getUri(), clientConnection, httpRequest.getHttpHeaders(), true);
            eventBuilder.event(EventType.LOGOUT).session(userSessionModel2).user(userSessionModel2.getUser()).success();
        });
    }

    public static Stream<CredentialProvider> getCredentialProviders(KeycloakSession keycloakSession) {
        return keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(CredentialProvider.class).filter(providerFactory -> {
            return Types.supports(CredentialProvider.class, providerFactory, CredentialProviderFactory.class);
        }).map(providerFactory2 -> {
            return keycloakSession.getProvider(CredentialProvider.class, providerFactory2.getId());
        });
    }
}
