package org.keycloak.authentication.authenticators.broker;

import jakarta.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowException;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.FederatedIdentityModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.messages.Messages;

/* loaded from: input_file:org/keycloak/authentication/authenticators/broker/IdpConfirmOverrideLinkAuthenticator.class */
public class IdpConfirmOverrideLinkAuthenticator extends AbstractIdpAuthenticator {
    public static final String OVERRIDE_LINK = "OVERRIDE_LINK";

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        RealmModel realm = authenticationFlowContext.getRealm();
        KeycloakSession session = authenticationFlowContext.getSession();
        UserModel existingUser = getExistingUser(session, realm, authenticationFlowContext.getAuthenticationSession());
        String alias = brokeredIdentityContext.getIdpConfig().getAlias();
        FederatedIdentityModel federatedIdentity = session.users().getFederatedIdentity(realm, existingUser, alias);
        if (federatedIdentity == null) {
            authenticationFlowContext.success();
            return;
        }
        authenticationFlowContext.challenge(authenticationFlowContext.form().setStatus(Response.Status.OK).setAttribute("identityProviderBrokerCtx", brokeredIdentityContext).setError(Messages.FEDERATED_IDENTITY_CONFIRM_OVERRIDE_MESSAGE, new Object[]{existingUser.getUsername(), alias, brokeredIdentityContext.getUsername(), alias, federatedIdentity.getUserName()}).createIdpLinkConfirmOverrideLinkPage());
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void actionImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        String str = (String) authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("submitAction");
        if (!"confirmOverride".equals(str)) {
            throw new AuthenticationFlowException("Unknown action: " + str, AuthenticationFlowError.INTERNAL_ERROR);
        }
        authenticationFlowContext.getAuthenticationSession().setAuthNote(OVERRIDE_LINK, "true");
        authenticationFlowContext.success();
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return false;
    }
}
