package org.keycloak.authentication.authenticators.browser;

import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.ScriptModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.mappers.ScriptBasedOIDCProtocolMapper;
import org.keycloak.scripting.InvocableScriptAdapter;
import org.keycloak.scripting.ScriptExecutionException;
import org.keycloak.scripting.ScriptingProvider;

/* loaded from: input_file:org/keycloak/authentication/authenticators/browser/ScriptBasedAuthenticator.class */
public class ScriptBasedAuthenticator implements Authenticator {
    private static final Logger LOGGER = Logger.getLogger(ScriptBasedAuthenticator.class);
    static final String SCRIPT_CODE = "scriptCode";
    static final String SCRIPT_NAME = "scriptName";
    static final String SCRIPT_DESCRIPTION = "scriptDescription";
    static final String ACTION_FUNCTION_NAME = "action";
    static final String AUTHENTICATE_FUNCTION_NAME = "authenticate";

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        tryInvoke("authenticate", authenticationFlowContext);
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        tryInvoke(ACTION_FUNCTION_NAME, authenticationFlowContext);
    }

    private void tryInvoke(String str, AuthenticationFlowContext authenticationFlowContext) {
        if (!hasAuthenticatorConfig(authenticationFlowContext)) {
            authenticationFlowContext.success();
            return;
        }
        InvocableScriptAdapter invocableScriptAdapter = getInvocableScriptAdapter(authenticationFlowContext);
        if (invocableScriptAdapter.isDefined(str)) {
            try {
                invocableScriptAdapter.invokeFunction(str, new Object[]{authenticationFlowContext});
            } catch (ScriptExecutionException e) {
                LOGGER.error(e);
                authenticationFlowContext.failure(AuthenticationFlowError.INTERNAL_ERROR);
            }
        }
    }

    private boolean hasAuthenticatorConfig(AuthenticationFlowContext authenticationFlowContext) {
        AuthenticatorConfigModel authenticatorConfig;
        return (authenticationFlowContext == null || (authenticatorConfig = getAuthenticatorConfig(authenticationFlowContext)) == null || authenticatorConfig.getConfig() == null || authenticatorConfig.getConfig().isEmpty()) ? false : true;
    }

    protected AuthenticatorConfigModel getAuthenticatorConfig(AuthenticationFlowContext authenticationFlowContext) {
        return authenticationFlowContext.getAuthenticatorConfig();
    }

    private InvocableScriptAdapter getInvocableScriptAdapter(AuthenticationFlowContext authenticationFlowContext) {
        Map config = getAuthenticatorConfig(authenticationFlowContext).getConfig();
        String str = (String) config.get(SCRIPT_NAME);
        String str2 = (String) config.get(SCRIPT_CODE);
        String str3 = (String) config.get(SCRIPT_DESCRIPTION);
        RealmModel realm = authenticationFlowContext.getRealm();
        ScriptingProvider provider = authenticationFlowContext.getSession().getProvider(ScriptingProvider.class);
        ScriptModel createScript = provider.createScript(realm.getId(), "text/javascript", str, str2, str3);
        return provider.prepareInvocableScript(createScript, bindings -> {
            bindings.put(ScriptBasedOIDCProtocolMapper.SCRIPT, createScript);
            bindings.put("realm", authenticationFlowContext.getRealm());
            bindings.put("user", authenticationFlowContext.getUser());
            bindings.put("session", authenticationFlowContext.getSession());
            bindings.put("httpRequest", authenticationFlowContext.getHttpRequest());
            bindings.put("authenticationSession", authenticationFlowContext.getAuthenticationSession());
            bindings.put("LOG", LOGGER);
        });
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void close() {
    }
}
