package org.keycloak.organization.jpa;

import org.keycloak.Config;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ModelValidationException;
import org.keycloak.models.RealmModel;
import org.keycloak.organization.OrganizationProvider;
import org.keycloak.organization.OrganizationProviderFactory;
import org.keycloak.organization.utils.Organizations;
import org.keycloak.provider.ProviderEvent;

/* loaded from: input_file:org/keycloak/organization/jpa/JpaOrganizationProviderFactory.class */
public class JpaOrganizationProviderFactory implements OrganizationProviderFactory {
    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public OrganizationProvider m46create(KeycloakSession keycloakSession) {
        return new JpaOrganizationProvider(keycloakSession);
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(this::handleEvents);
    }

    public void close() {
    }

    public String getId() {
        return "jpa";
    }

    private void handleEvents(ProviderEvent providerEvent) {
        if (providerEvent instanceof RealmModel.RealmPostCreateEvent) {
            configureAuthenticationFlows(((RealmModel.RealmPostCreateEvent) providerEvent).getCreatedRealm());
        }
        if (providerEvent instanceof RealmModel.RealmRemovedEvent) {
            ((RealmModel.RealmRemovedEvent) providerEvent).getKeycloakSession().getProvider(OrganizationProvider.class).removeAll();
        }
        if (providerEvent instanceof GroupModel.GroupEvent) {
            GroupModel.GroupEvent groupEvent = (GroupModel.GroupEvent) providerEvent;
            if (!Organizations.canManageOrganizationGroup(groupEvent.getKeycloakSession(), groupEvent.getGroup())) {
                throw new ModelValidationException("Can not update organization group");
            }
        }
    }

    private void configureAuthenticationFlows(RealmModel realmModel) {
        addOrganizationFirstBrokerFlowStep(realmModel);
        addOrganizationBrowserFlowStep(realmModel);
    }

    private void addOrganizationFirstBrokerFlowStep(RealmModel realmModel) {
        AuthenticationFlowModel firstBrokerLoginFlow = realmModel.getFirstBrokerLoginFlow();
        if (firstBrokerLoginFlow == null) {
            return;
        }
        String str = "idp-add-organization-member";
        if (realmModel.getAuthenticationExecutionsStream(firstBrokerLoginFlow.getId()).map((v0) -> {
            return v0.getAuthenticator();
        }).anyMatch((v1) -> {
            return r1.equals(v1);
        }) || Config.getAdminRealm().equals(realmModel.getName())) {
            return;
        }
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setTopLevel(false);
        authenticationFlowModel.setBuiltIn(true);
        authenticationFlowModel.setAlias("First Broker Login - Conditional Organization");
        authenticationFlowModel.setDescription("Flow to determine if the authenticator that adds organization members is to be used");
        authenticationFlowModel.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(firstBrokerLoginFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel.setPriority(50);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel2.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel2.setPriority(10);
        authenticationExecutionModel2.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("idp-add-organization-member");
        authenticationExecutionModel3.setPriority(20);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
    }

    public void addOrganizationBrowserFlowStep(RealmModel realmModel) {
        AuthenticationFlowModel browserFlow = realmModel.getBrowserFlow();
        if (browserFlow == null) {
            return;
        }
        String str = "organization";
        if (realmModel.getAuthenticationExecutionsStream(browserFlow.getId()).map((v0) -> {
            return v0.getAuthenticator();
        }).anyMatch((v1) -> {
            return r1.equals(v1);
        }) || Config.getAdminRealm().equals(realmModel.getName())) {
            return;
        }
        AuthenticationFlowModel authenticationFlowModel = new AuthenticationFlowModel();
        authenticationFlowModel.setTopLevel(false);
        authenticationFlowModel.setBuiltIn(true);
        authenticationFlowModel.setAlias("Organization");
        authenticationFlowModel.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow = realmModel.addAuthenticationFlow(authenticationFlowModel);
        AuthenticationExecutionModel authenticationExecutionModel = new AuthenticationExecutionModel();
        authenticationExecutionModel.setParentFlow(browserFlow.getId());
        authenticationExecutionModel.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel.setFlowId(addAuthenticationFlow.getId());
        authenticationExecutionModel.setPriority(26);
        authenticationExecutionModel.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel);
        AuthenticationFlowModel authenticationFlowModel2 = new AuthenticationFlowModel();
        authenticationFlowModel2.setTopLevel(false);
        authenticationFlowModel2.setBuiltIn(true);
        authenticationFlowModel2.setAlias("Browser - Conditional Organization");
        authenticationFlowModel2.setDescription("Flow to determine if the organization identity-first login is to be used");
        authenticationFlowModel2.setProviderId("basic-flow");
        AuthenticationFlowModel addAuthenticationFlow2 = realmModel.addAuthenticationFlow(authenticationFlowModel2);
        AuthenticationExecutionModel authenticationExecutionModel2 = new AuthenticationExecutionModel();
        authenticationExecutionModel2.setParentFlow(addAuthenticationFlow.getId());
        authenticationExecutionModel2.setRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        authenticationExecutionModel2.setFlowId(addAuthenticationFlow2.getId());
        authenticationExecutionModel2.setPriority(10);
        authenticationExecutionModel2.setAuthenticatorFlow(true);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel2);
        AuthenticationExecutionModel authenticationExecutionModel3 = new AuthenticationExecutionModel();
        authenticationExecutionModel3.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel3.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED);
        authenticationExecutionModel3.setAuthenticator("conditional-user-configured");
        authenticationExecutionModel3.setPriority(10);
        authenticationExecutionModel3.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel3);
        AuthenticationExecutionModel authenticationExecutionModel4 = new AuthenticationExecutionModel();
        authenticationExecutionModel4.setParentFlow(addAuthenticationFlow2.getId());
        authenticationExecutionModel4.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE);
        authenticationExecutionModel4.setAuthenticator("organization");
        authenticationExecutionModel4.setPriority(20);
        authenticationExecutionModel4.setAuthenticatorFlow(false);
        realmModel.addAuthenticatorExecution(authenticationExecutionModel4);
    }
}
