package org.keycloak.authentication.authenticators.broker;

import java.util.Objects;
import java.util.Optional;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowException;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.authentication.authenticators.browser.UsernamePasswordForm;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.UserModel;
import org.keycloak.services.messages.Messages;

/* loaded from: input_file:org/keycloak/authentication/authenticators/broker/IdpUsernamePasswordForm.class */
public class IdpUsernamePasswordForm extends UsernamePasswordForm {
    @Override // org.keycloak.authentication.authenticators.browser.UsernamePasswordForm
    protected Response challenge(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        return setupForm(authenticationFlowContext, multivaluedMap, getExistingUser(authenticationFlowContext)).setStatus(Response.Status.OK).createLoginUsernamePassword();
    }

    @Override // org.keycloak.authentication.authenticators.browser.UsernamePasswordForm
    protected boolean validateForm(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        Optional<UserModel> existingUser = getExistingUser(authenticationFlowContext);
        Objects.requireNonNull(authenticationFlowContext);
        existingUser.ifPresent(authenticationFlowContext::setUser);
        boolean validateUserAndPassword = validateUserAndPassword(authenticationFlowContext, multivaluedMap);
        setupForm(authenticationFlowContext, multivaluedMap, existingUser);
        return validateUserAndPassword;
    }

    protected LoginFormsProvider setupForm(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap, Optional<UserModel> optional) {
        SerializedBrokeredIdentityContext readFromAuthenticationSession = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationFlowContext.getAuthenticationSession(), AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
        if (readFromAuthenticationSession == null) {
            throw new AuthenticationFlowException("Not found serialized context in clientSession", AuthenticationFlowError.IDENTITY_PROVIDER_ERROR);
        }
        optional.ifPresent(userModel -> {
            multivaluedMap.putSingle("username", userModel.getUsername());
        });
        LoginFormsProvider info = authenticationFlowContext.form().setFormData(multivaluedMap).setAttribute("registrationDisabled", true).setInfo(Messages.FEDERATED_IDENTITY_CONFIRM_REAUTHENTICATE_MESSAGE, new Object[]{readFromAuthenticationSession.getIdentityProviderId()});
        SerializedBrokeredIdentityContext readFromAuthenticationSession2 = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationFlowContext.getAuthenticationSession(), AbstractIdpAuthenticator.NESTED_FIRST_BROKER_CONTEXT);
        if (readFromAuthenticationSession2 != null) {
            BrokeredIdentityContext deserialize = readFromAuthenticationSession2.deserialize(authenticationFlowContext.getSession(), authenticationFlowContext.getAuthenticationSession());
            info.setError(Messages.NESTED_FIRST_BROKER_FLOW_MESSAGE, new Object[]{deserialize.getIdpConfig().getAlias(), deserialize.getUsername()});
            authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractIdpAuthenticator.NESTED_FIRST_BROKER_CONTEXT, (String) null);
        }
        return info;
    }

    private Optional<UserModel> getExistingUser(AuthenticationFlowContext authenticationFlowContext) {
        try {
            return Optional.of(AbstractIdpAuthenticator.getExistingUser(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), authenticationFlowContext.getAuthenticationSession()));
        } catch (AuthenticationFlowException e) {
            log.debug("No existing user in authSession", e);
            return Optional.empty();
        }
    }
}
