package org.keycloak.authentication.authenticators.broker;

import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;

/* loaded from: input_file:org/keycloak/authentication/authenticators/broker/IdpDetectExistingBrokerUserAuthenticator.class */
public class IdpDetectExistingBrokerUserAuthenticator extends IdpCreateUserIfUniqueAuthenticator {
    private static final Logger logger = Logger.getLogger(IdpDetectExistingBrokerUserAuthenticator.class);

    @Override // org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator, org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        RealmModel realm = authenticationFlowContext.getRealm();
        if (authenticationFlowContext.getAuthenticationSession().getAuthNote(AbstractIdpAuthenticator.EXISTING_USER_INFO) != null) {
            authenticationFlowContext.attempted();
            return;
        }
        String username = getUsername(authenticationFlowContext, serializedBrokeredIdentityContext, brokeredIdentityContext);
        if (username == null) {
            ServicesLogger.LOGGER.resetFlow(realm.isRegistrationEmailAsUsername() ? "Email" : "Username");
            authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE, "true");
            authenticationFlowContext.resetFlow();
            return;
        }
        ExistingUserInfo checkExistingUser = checkExistingUser(authenticationFlowContext, username, serializedBrokeredIdentityContext, brokeredIdentityContext);
        if (checkExistingUser == null) {
            logger.errorf("The user %s should be already registered in the realm to login %s", username, realm.getName());
            authenticationFlowContext.challenge(authenticationFlowContext.form().setError(Messages.FEDERATED_IDENTITY_UNAVAILABLE, new Object[]{username, brokeredIdentityContext.getIdpConfig().getAlias()}).createErrorPage(Response.Status.UNAUTHORIZED));
            authenticationFlowContext.getEvent().detail("authenticator", "DetectExistingBrokerUser").removeDetail("auth_method").removeDetail("auth_type").error("user_not_found");
        } else {
            logger.debugf("Duplication detected. There is already existing user with %s '%s' .", checkExistingUser.getDuplicateAttributeName(), checkExistingUser.getDuplicateAttributeValue());
            authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.EXISTING_USER_INFO, checkExistingUser.serialize());
            authenticationFlowContext.success();
        }
    }

    @Override // org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator
    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAuthenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }
}
