package org.keycloak.forms.login.freemarker.model;

import java.io.IOException;
import java.net.URI;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.common.Profile;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.IdentityProviderStorageProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OrderedModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.Urls;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.theme.Theme;

/* loaded from: input_file:org/keycloak/forms/login/freemarker/model/IdentityProviderBean.class */
public class IdentityProviderBean {
    public static OrderedModel.OrderedModelComparator<IdentityProvider> IDP_COMPARATOR_INSTANCE = new OrderedModel.OrderedModelComparator<>();
    private static final String ICON_THEME_PREFIX = "kcLogoIdP-";
    protected AuthenticationFlowContext context;
    protected List<IdentityProvider> providers;
    protected KeycloakSession session;
    protected RealmModel realm;
    protected URI baseURI;

    /* loaded from: input_file:org/keycloak/forms/login/freemarker/model/IdentityProviderBean$IdentityProvider.class */
    public static class IdentityProvider implements OrderedModel {
        private final String alias;
        private final String providerId;
        private final String loginUrl;
        private final String guiOrder;
        private final String displayName;
        private final String iconClasses;

        public IdentityProvider(String str, String str2, String str3, String str4, String str5) {
            this(str, str2, str3, str4, str5, "");
        }

        public IdentityProvider(String str, String str2, String str3, String str4, String str5, String str6) {
            this.alias = str;
            this.displayName = str2;
            this.providerId = str3;
            this.loginUrl = str4;
            this.guiOrder = str5;
            this.iconClasses = str6;
        }

        public String getAlias() {
            return this.alias;
        }

        public String getLoginUrl() {
            return this.loginUrl;
        }

        public String getProviderId() {
            return this.providerId;
        }

        public String getGuiOrder() {
            return this.guiOrder;
        }

        public String getDisplayName() {
            return this.displayName;
        }

        public String getIconClasses() {
            return this.iconClasses;
        }
    }

    public IdentityProviderBean(KeycloakSession keycloakSession, RealmModel realmModel, URI uri, AuthenticationFlowContext authenticationFlowContext) {
        this.session = keycloakSession;
        this.realm = realmModel;
        this.baseURI = uri;
        this.context = authenticationFlowContext;
    }

    public List<IdentityProvider> getProviders() {
        if (this.providers == null) {
            String existingIDP = getExistingIDP(this.session, this.context);
            Set<String> linkedBrokerAliases = getLinkedBrokerAliases(this.session, this.realm, this.context);
            if (linkedBrokerAliases != null) {
                this.providers = getFederatedIdentityProviders(linkedBrokerAliases, existingIDP);
            } else {
                this.providers = searchForIdentityProviders(existingIDP);
            }
        }
        return this.providers;
    }

    public KeycloakSession getSession() {
        return this.session;
    }

    public RealmModel getRealm() {
        return this.realm;
    }

    public URI getBaseURI() {
        return this.baseURI;
    }

    public AuthenticationFlowContext getFlowContext() {
        return this.context;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IdentityProvider createIdentityProvider(RealmModel realmModel, URI uri, IdentityProviderModel identityProviderModel) {
        String uri2 = Urls.identityProviderAuthnRequest(uri, identityProviderModel.getAlias(), realmModel.getName()).toString();
        return new IdentityProvider(identityProviderModel.getAlias(), KeycloakModelUtils.getIdentityProviderDisplayName(this.session, identityProviderModel), identityProviderModel.getProviderId(), uri2, (String) identityProviderModel.getConfig().get("guiOrder"), getLoginIconClasses(identityProviderModel));
    }

    private String getLoginIconClasses(IdentityProviderModel identityProviderModel) {
        try {
            return (String) Optional.ofNullable(getLogoIconClass(identityProviderModel, this.session.theme().getTheme(Theme.Type.LOGIN).getProperties())).orElse((String) Optional.ofNullable(identityProviderModel.getDisplayIconClasses()).orElse(""));
        } catch (IOException e) {
            return "";
        }
    }

    private String getLogoIconClass(IdentityProviderModel identityProviderModel, Properties properties) throws IOException {
        String property = properties.getProperty("kcLogoIdP-" + identityProviderModel.getAlias());
        return property == null ? properties.getProperty("kcLogoIdP-" + identityProviderModel.getProviderId()) : property;
    }

    protected String getExistingIDP(KeycloakSession keycloakSession, AuthenticationFlowContext authenticationFlowContext) {
        String str = null;
        if (authenticationFlowContext != null) {
            AuthenticationSessionModel authenticationSession = authenticationFlowContext.getAuthenticationSession();
            String authNote = authenticationSession.getAuthNote(AuthenticationProcessor.CURRENT_FLOW_PATH);
            if (authenticationFlowContext.getUser() == null && Objects.equals(LoginActionsService.FIRST_BROKER_LOGIN_PATH, authNote)) {
                SerializedBrokeredIdentityContext readFromAuthenticationSession = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
                IdentityProviderModel idpConfig = readFromAuthenticationSession == null ? null : readFromAuthenticationSession.deserialize(keycloakSession, authenticationSession).getIdpConfig();
                if (idpConfig != null) {
                    str = idpConfig.getAlias();
                }
            }
        }
        return str;
    }

    protected Set<String> getLinkedBrokerAliases(KeycloakSession keycloakSession, RealmModel realmModel, AuthenticationFlowContext authenticationFlowContext) {
        UserModel user;
        HashSet hashSet = null;
        if (authenticationFlowContext != null && (user = authenticationFlowContext.getUser()) != null) {
            Set set = (Set) keycloakSession.users().getFederatedIdentitiesStream(keycloakSession.getContext().getRealm(), user).map((v0) -> {
                return v0.getIdentityProvider();
            }).collect(Collectors.toSet());
            if (!set.isEmpty() || organizationsDisabled(realmModel)) {
                hashSet = new HashSet(set);
            }
        }
        return hashSet;
    }

    protected List<IdentityProvider> getFederatedIdentityProviders(Set<String> set, String str) {
        return set.stream().filter(str2 -> {
            return !Objects.equals(str, str2);
        }).map(str3 -> {
            return this.session.identityProviders().getByAlias(str3);
        }).filter(federatedProviderPredicate()).map(identityProviderModel -> {
            return createIdentityProvider(this.realm, this.baseURI, identityProviderModel);
        }).sorted(IDP_COMPARATOR_INSTANCE).toList();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Predicate<IdentityProviderModel> federatedProviderPredicate() {
        return IdentityProviderStorageProvider.LoginFilter.getLoginPredicate();
    }

    protected List<IdentityProvider> searchForIdentityProviders(String str) {
        return this.session.identityProviders().getForLogin(IdentityProviderStorageProvider.FetchMode.REALM_ONLY, (String) null).filter(identityProviderModel -> {
            return !Objects.equals(str, identityProviderModel.getAlias());
        }).map(identityProviderModel2 -> {
            return createIdentityProvider(this.realm, this.baseURI, identityProviderModel2);
        }).sorted(IDP_COMPARATOR_INSTANCE).toList();
    }

    private static boolean organizationsDisabled(RealmModel realmModel) {
        return (Profile.isFeatureEnabled(Profile.Feature.ORGANIZATION) && realmModel.isOrganizationsEnabled()) ? false : true;
    }
}
