package org.keycloak.authentication.authenticators.browser;

import jakarta.ws.rs.core.Response;
import java.util.Objects;
import java.util.Optional;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.Authenticator;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.services.Urls;
import org.keycloak.services.managers.ClientSessionCode;

/* loaded from: input_file:org/keycloak/authentication/authenticators/browser/IdentityProviderAuthenticator.class */
public class IdentityProviderAuthenticator implements Authenticator {
    private static final Logger LOG = Logger.getLogger(IdentityProviderAuthenticator.class);
    protected static final String ACCEPTS_PROMPT_NONE = "acceptsPromptNoneForwardFromClient";

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        if (authenticationFlowContext.getUriInfo().getQueryParameters().containsKey("kc_idp_hint")) {
            String str = (String) authenticationFlowContext.getUriInfo().getQueryParameters().getFirst("kc_idp_hint");
            if (str == null || str.equals("")) {
                LOG.tracef("Skipping: kc_idp_hint query parameter is empty", new Object[0]);
                authenticationFlowContext.attempted();
                return;
            } else {
                LOG.tracef("Redirecting: %s set to %s", "kc_idp_hint", str);
                redirect(authenticationFlowContext, str);
                return;
            }
        }
        if (authenticationFlowContext.getAuthenticatorConfig() == null || !authenticationFlowContext.getAuthenticatorConfig().getConfig().containsKey(IdentityProviderAuthenticatorFactory.DEFAULT_PROVIDER)) {
            LOG.tracef("No default provider set or %s query parameter provided", "kc_idp_hint");
            authenticationFlowContext.attempted();
        } else if (authenticationFlowContext.getForwardedErrorMessage() != null) {
            LOG.infof("Should redirect to remote IdP but forwardedError has value '%s', skipping this authenticator...", authenticationFlowContext.getForwardedErrorMessage());
            authenticationFlowContext.attempted();
        } else {
            String str2 = (String) authenticationFlowContext.getAuthenticatorConfig().getConfig().get(IdentityProviderAuthenticatorFactory.DEFAULT_PROVIDER);
            LOG.tracef("Redirecting: default provider set to %s", str2);
            redirect(authenticationFlowContext, str2);
        }
    }

    protected void redirect(AuthenticationFlowContext authenticationFlowContext, String str) {
        redirect(authenticationFlowContext, str, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void redirect(AuthenticationFlowContext authenticationFlowContext, String str, String str2) {
        Optional findFirst = authenticationFlowContext.getRealm().getIdentityProvidersStream().filter((v0) -> {
            return v0.isEnabled();
        }).filter(identityProviderModel -> {
            return Objects.equals(str, identityProviderModel.getAlias());
        }).findFirst();
        if (!findFirst.isPresent()) {
            LOG.warnf("Provider not found or not enabled for realm %s", str);
            authenticationFlowContext.attempted();
            return;
        }
        Response build = Response.seeOther(Urls.identityProviderAuthnRequest(authenticationFlowContext.getUriInfo().getBaseUri(), str, authenticationFlowContext.getRealm().getName(), new ClientSessionCode(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), authenticationFlowContext.getAuthenticationSession()).getOrGenerateCode(), authenticationFlowContext.getAuthenticationSession().getClient().getClientId(), authenticationFlowContext.getAuthenticationSession().getTabId(), AuthenticationProcessor.getClientData(authenticationFlowContext.getSession(), authenticationFlowContext.getAuthenticationSession()), str2)).build();
        if ("none".equals(authenticationFlowContext.getAuthenticationSession().getClientNote(OIDCLoginProtocol.PROMPT_PARAM)) && Boolean.valueOf((String) ((IdentityProviderModel) findFirst.get()).getConfig().get(ACCEPTS_PROMPT_NONE)).booleanValue()) {
            authenticationFlowContext.getAuthenticationSession().setAuthNote(AuthenticationProcessor.FORWARDED_PASSIVE_LOGIN, "true");
        }
        LOG.debugf("Redirecting to %s", str);
        authenticationFlowContext.forceChallenge(build);
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void close() {
    }
}
