package org.keycloak.authentication;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.ServicesLogger;

/* loaded from: input_file:org/keycloak/authentication/ClientAuthenticationFlow.class */
public class ClientAuthenticationFlow implements AuthenticationFlow {
    private static final Logger logger = Logger.getLogger(ClientAuthenticationFlow.class);
    Response alternativeChallenge = null;
    AuthenticationProcessor processor;
    AuthenticationFlowModel flow;
    private boolean success;

    public ClientAuthenticationFlow(AuthenticationProcessor authenticationProcessor, AuthenticationFlowModel authenticationFlowModel) {
        this.processor = authenticationProcessor;
        this.flow = authenticationFlowModel;
    }

    public Response processAction(String str) {
        throw new IllegalStateException("Not supposed to be invoked");
    }

    public Response processFlow() {
        List<AuthenticationExecutionModel> findExecutionsToRun = findExecutionsToRun();
        for (AuthenticationExecutionModel authenticationExecutionModel : findExecutionsToRun) {
            ClientAuthenticatorFactory providerFactory = this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, authenticationExecutionModel.getAuthenticator());
            if (providerFactory == null) {
                throw new AuthenticationFlowException("Could not find ClientAuthenticatorFactory for: " + authenticationExecutionModel.getAuthenticator(), AuthenticationFlowError.INTERNAL_ERROR);
            }
            ClientAuthenticator create = providerFactory.create();
            logger.debugv("client authenticator: {0}", providerFactory.getId());
            AuthenticationProcessor.Result createClientAuthenticatorContext = this.processor.createClientAuthenticatorContext(authenticationExecutionModel, create, findExecutionsToRun);
            create.authenticateClient(createClientAuthenticatorContext);
            ClientModel client = this.processor.getClient();
            if (client != null) {
                String clientAuthenticatorType = client.getClientAuthenticatorType();
                if (clientAuthenticatorType == null) {
                    clientAuthenticatorType = KeycloakModelUtils.getDefaultClientAuthenticatorType();
                    ServicesLogger.LOGGER.authMethodFallback(client.getClientId(), clientAuthenticatorType);
                }
                if (providerFactory.getId().equals(clientAuthenticatorType)) {
                    Response processResult = processResult(createClientAuthenticatorContext);
                    if (processResult != null) {
                        return processResult;
                    }
                    if (!createClientAuthenticatorContext.getStatus().equals(FlowStatus.SUCCESS)) {
                        throw new AuthenticationFlowException("Expected success, but for an unknown reason the status was " + createClientAuthenticatorContext.getStatus(), AuthenticationFlowError.INTERNAL_ERROR);
                    }
                    this.success = true;
                    logger.debugv("Client {0} authenticated by {1}", client.getClientId(), providerFactory.getId());
                    this.processor.getEvent().detail("client_auth_method", providerFactory.getId());
                    return null;
                }
            }
        }
        if (this.alternativeChallenge == null) {
            throw new AuthenticationFlowException("Invalid client credentials", AuthenticationFlowError.INVALID_CREDENTIALS);
        }
        this.processor.getEvent().error("invalid_client");
        return this.alternativeChallenge;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.util.List] */
    protected List<AuthenticationExecutionModel> findExecutionsToRun() {
        List authenticationExecutions = this.processor.getRealm().getAuthenticationExecutions(this.flow.getId());
        ArrayList arrayList = new ArrayList();
        Iterator it = authenticationExecutions.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AuthenticationExecutionModel authenticationExecutionModel = (AuthenticationExecutionModel) it.next();
            if (authenticationExecutionModel.isRequired()) {
                arrayList = Arrays.asList(authenticationExecutionModel);
                break;
            }
            if (authenticationExecutionModel.isAlternative()) {
                arrayList.add(authenticationExecutionModel);
            }
        }
        if (logger.isTraceEnabled()) {
            ArrayList arrayList2 = new ArrayList();
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                arrayList2.add(((AuthenticationExecutionModel) it2.next()).getId());
            }
            logger.tracef("Using executions for client authentication: %s", arrayList2.toString());
        }
        return arrayList;
    }

    protected Response processResult(AuthenticationProcessor.Result result) {
        AuthenticationExecutionModel execution = result.getExecution();
        FlowStatus status = result.getStatus();
        logger.debugv("client authenticator {0}: {1}", status.toString(), execution.getAuthenticator());
        if (status == FlowStatus.SUCCESS) {
            return null;
        }
        if (status == FlowStatus.FAILED) {
            if (result.getChallenge() != null) {
                return sendChallenge(result, execution);
            }
            throw new AuthenticationFlowException(result.getError());
        }
        if (status == FlowStatus.FORCE_CHALLENGE) {
            return sendChallenge(result, execution);
        }
        if (status == FlowStatus.CHALLENGE) {
            if (this.alternativeChallenge == null) {
                this.alternativeChallenge = result.getChallenge();
            }
            return sendChallenge(result, execution);
        }
        if (status == FlowStatus.FAILURE_CHALLENGE) {
            return sendChallenge(result, execution);
        }
        ServicesLogger.LOGGER.unknownResultStatus();
        throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
    }

    public Response sendChallenge(AuthenticationProcessor.Result result, AuthenticationExecutionModel authenticationExecutionModel) {
        logger.debugv("client authenticator: sending challenge for authentication execution {0}", authenticationExecutionModel.getAuthenticator());
        if (result.getError() != null) {
            result.getEvent().error(result.getError().toString().toLowerCase());
        } else if (result.getClient() == null) {
            result.getEvent().error("invalid_client");
        } else {
            result.getEvent().error("invalid_client_credentials");
        }
        return result.getChallenge();
    }

    public boolean isSuccessful() {
        return this.success;
    }
}
