package org.keycloak.authentication;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.RealmModel;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/keycloak/authentication/AuthenticationSelectionResolver.class */
public class AuthenticationSelectionResolver {
    private static final Logger logger = Logger.getLogger(AuthenticationSelectionResolver.class);

    AuthenticationSelectionResolver() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v38, types: [java.util.List] */
    public static List<AuthenticationSelectionOption> createAuthenticationSelectionList(AuthenticationProcessor authenticationProcessor, AuthenticationExecutionModel authenticationExecutionModel) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (authenticationProcessor.getAuthenticationSession() != null) {
            HashMap hashMap = new HashMap();
            ArrayList arrayList3 = new ArrayList();
            String flowIdOfTheHighestUsefulFlow = getFlowIdOfTheHighestUsefulFlow(authenticationProcessor, authenticationExecutionModel);
            if (flowIdOfTheHighestUsefulFlow == null) {
                addSimpleAuthenticationExecution(authenticationProcessor, authenticationExecutionModel, hashMap, arrayList3);
            } else {
                addAllExecutionsFromSubflow(authenticationProcessor, flowIdOfTheHighestUsefulFlow, hashMap, arrayList3);
            }
            if (authenticationProcessor.getAuthenticationSession().getAuthenticatedUser() != null) {
                Stream distinct = Stream.concat(authenticationProcessor.getSession().userCredentialManager().getStoredCredentialsStream(authenticationProcessor.getRealm(), authenticationProcessor.getAuthenticationSession().getAuthenticatedUser()).map((v0) -> {
                    return v0.getType();
                }), authenticationProcessor.getSession().userCredentialManager().getConfiguredUserStorageCredentialTypesStream(authenticationProcessor.getRealm(), authenticationProcessor.getAuthenticationSession().getAuthenticatedUser())).distinct();
                Objects.requireNonNull(hashMap);
                arrayList = (List) distinct.filter((v1) -> {
                    return r1.containsKey(v1);
                }).map(str -> {
                    return new AuthenticationSelectionOption(authenticationProcessor.getSession(), (AuthenticationExecutionModel) hashMap.get(str));
                }).collect(Collectors.toList());
            } else {
                hashMap.forEach((str2, authenticationExecutionModel2) -> {
                    if (authenticationProcessor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel2.getAuthenticator()).create(authenticationProcessor.getSession()).requiresUser()) {
                        return;
                    }
                    arrayList2.add(new AuthenticationSelectionOption(authenticationProcessor.getSession(), authenticationExecutionModel2));
                });
            }
            Iterator it = arrayList3.iterator();
            while (it.hasNext()) {
                arrayList.add(new AuthenticationSelectionOption(authenticationProcessor.getSession(), (AuthenticationExecutionModel) it.next()));
            }
            arrayList.addAll(arrayList2);
        }
        logger.debugf("Selections when trying execution '%s' : %s", authenticationExecutionModel.getAuthenticator(), arrayList);
        return arrayList;
    }

    private static String getFlowIdOfTheHighestUsefulFlow(AuthenticationProcessor authenticationProcessor, AuthenticationExecutionModel authenticationExecutionModel) {
        String str = null;
        RealmModel realm = authenticationProcessor.getRealm();
        while (true) {
            if (authenticationExecutionModel.isAlternative()) {
                str = authenticationExecutionModel.getParentFlow();
            } else if (authenticationExecutionModel.isRequired() || authenticationExecutionModel.isConditional()) {
                if (authenticationExecutionModel.isAuthenticatorFlow()) {
                    str = authenticationExecutionModel.getFlowId();
                }
                if (((List) realm.getAuthenticationExecutionsStream(authenticationExecutionModel.getParentFlow()).collect(Collectors.toList())).indexOf(authenticationExecutionModel) != 0) {
                    return str;
                }
                str = authenticationExecutionModel.getParentFlow();
            }
            if (realm.getAuthenticationFlowById(str).isTopLevel()) {
                return str;
            }
            authenticationExecutionModel = realm.getAuthenticationExecutionByFlowId(str);
        }
    }

    private static void addSimpleAuthenticationExecution(AuthenticationProcessor authenticationProcessor, AuthenticationExecutionModel authenticationExecutionModel, Map<String, AuthenticationExecutionModel> map, List<AuthenticationExecutionModel> list) {
        if (DefaultAuthenticationFlow.isProcessed(authenticationProcessor, authenticationExecutionModel)) {
            return;
        }
        CredentialValidator credentialValidator = (Authenticator) authenticationProcessor.getSession().getProvider(Authenticator.class, authenticationExecutionModel.getAuthenticator());
        if (credentialValidator instanceof CredentialValidator) {
            map.put(credentialValidator.getType(authenticationProcessor.getSession()), authenticationExecutionModel);
        } else {
            list.add(authenticationExecutionModel);
        }
    }

    private static boolean addAllExecutionsFromSubflow(AuthenticationProcessor authenticationProcessor, String str, Map<String, AuthenticationExecutionModel> map, List<AuthenticationExecutionModel> list) {
        AuthenticationFlowModel authenticationFlowById = authenticationProcessor.getRealm().getAuthenticationFlowById(str);
        if (authenticationFlowById == null) {
            throw new AuthenticationFlowException("Flow not found", AuthenticationFlowError.INTERNAL_ERROR);
        }
        DefaultAuthenticationFlow defaultAuthenticationFlow = new DefaultAuthenticationFlow(authenticationProcessor, authenticationFlowById);
        logger.debugf("Going through the flow '%s' for adding executions", authenticationFlowById.getAlias());
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        defaultAuthenticationFlow.fillListsOfExecutions(authenticationProcessor.getRealm().getAuthenticationExecutionsStream(str), arrayList, arrayList2);
        if (arrayList.isEmpty()) {
            boolean z = false;
            for (AuthenticationExecutionModel authenticationExecutionModel : arrayList2) {
                if (!defaultAuthenticationFlow.isProcessed(authenticationExecutionModel)) {
                    if (authenticationExecutionModel.isAuthenticatorFlow()) {
                        z |= addAllExecutionsFromSubflow(authenticationProcessor, authenticationExecutionModel.getFlowId(), map, list);
                    } else {
                        addSimpleAuthenticationExecution(authenticationProcessor, authenticationExecutionModel, map, list);
                        z = true;
                    }
                }
            }
            return z;
        }
        AuthenticationExecutionModel orElse = arrayList.stream().filter(authenticationExecutionModel2 -> {
            return authenticationExecutionModel2.isRequired() || !defaultAuthenticationFlow.isConditionalSubflowDisabled(authenticationExecutionModel2);
        }).findFirst().orElse(null);
        if (orElse == null || defaultAuthenticationFlow.isProcessed(orElse)) {
            return false;
        }
        FormAuthenticatorFactory providerFactory = authenticationProcessor.getSession().getKeycloakSessionFactory().getProviderFactory(FormAuthenticator.class, orElse.getAuthenticator());
        if (orElse.isAuthenticatorFlow() && providerFactory == null) {
            return addAllExecutionsFromSubflow(authenticationProcessor, orElse.getFlowId(), map, list);
        }
        addSimpleAuthenticationExecution(authenticationProcessor, orElse, map, list);
        return true;
    }
}
