package org.keycloak.utils;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.Objects;
import org.jboss.logging.Logger;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.authentication.ClientAuthenticator;
import org.keycloak.authentication.ClientAuthenticatorFactory;
import org.keycloak.authentication.ConfigurableAuthenticatorFactory;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormActionFactory;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.OTPCredentialModel;
import org.keycloak.representations.idm.CredentialRepresentation;

/* loaded from: input_file:WEB-INF/lib/keycloak-server-spi-private-20.0.3.jar:org/keycloak/utils/CredentialHelper.class */
public class CredentialHelper {
    private static final Logger logger = Logger.getLogger((Class<?>) CredentialHelper.class);

    public static void setRequiredCredential(KeycloakSession keycloakSession, String str, RealmModel realmModel) {
        setOrReplaceAuthenticationRequirement(keycloakSession, realmModel, str, AuthenticationExecutionModel.Requirement.REQUIRED, null);
    }

    public static void setAlternativeCredential(KeycloakSession keycloakSession, String str, RealmModel realmModel) {
        setOrReplaceAuthenticationRequirement(keycloakSession, realmModel, str, AuthenticationExecutionModel.Requirement.ALTERNATIVE, null);
    }

    public static void setOrReplaceAuthenticationRequirement(KeycloakSession keycloakSession, RealmModel realmModel, String str, AuthenticationExecutionModel.Requirement requirement, AuthenticationExecutionModel.Requirement requirement2) {
        realmModel.getAuthenticationFlowsStream().forEach(authenticationFlowModel -> {
            realmModel.getAuthenticationExecutionsStream(authenticationFlowModel.getId()).filter(authenticationExecutionModel -> {
                ConfigurableAuthenticatorFactory configurableAuthenticatorFactory = getConfigurableAuthenticatorFactory(keycloakSession, authenticationExecutionModel.getAuthenticator());
                return Objects.nonNull(configurableAuthenticatorFactory) && Objects.equals(str, configurableAuthenticatorFactory.getReferenceCategory());
            }).filter(authenticationExecutionModel2 -> {
                if (Objects.isNull(requirement2) || Objects.equals(authenticationExecutionModel2.getRequirement(), requirement2)) {
                    return true;
                }
                logger.debugf("Skip switch authenticator execution '%s' to '%s' as it's in state %s", authenticationExecutionModel2.getAuthenticator(), requirement.toString(), authenticationExecutionModel2.getRequirement());
                return false;
            }).forEachOrdered(authenticationExecutionModel3 -> {
                authenticationExecutionModel3.setRequirement(requirement);
                realmModel.updateAuthenticatorExecution(authenticationExecutionModel3);
                logger.debugf("Authenticator execution '%s' switched to '%s'", authenticationExecutionModel3.getAuthenticator(), requirement.toString());
            });
        });
    }

    public static ConfigurableAuthenticatorFactory getConfigurableAuthenticatorFactory(KeycloakSession keycloakSession, String str) {
        ConfigurableAuthenticatorFactory configurableAuthenticatorFactory = (AuthenticatorFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, str);
        if (configurableAuthenticatorFactory == null) {
            configurableAuthenticatorFactory = (FormActionFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(FormAction.class, str);
        }
        if (configurableAuthenticatorFactory == null) {
            configurableAuthenticatorFactory = (ClientAuthenticatorFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, str);
        }
        return configurableAuthenticatorFactory;
    }

    public static boolean createOTPCredential(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, String str, OTPCredentialModel oTPCredentialModel) {
        CredentialProvider credentialProvider = (CredentialProvider) keycloakSession.getProvider(CredentialProvider.class, "keycloak-otp");
        String str2 = null;
        if (userModel.credentialManager().updateCredential(new UserCredentialModel(JsonProperty.USE_DEFAULT_NAME, realmModel.getOTPPolicy().getType(), oTPCredentialModel.getOTPSecretData().getValue()))) {
            logger.debugf("Created OTP credential for user '%s' in the user storage", userModel.getUsername());
        } else {
            str2 = credentialProvider.createCredential(realmModel, userModel, oTPCredentialModel).getId();
        }
        return userModel.credentialManager().isValid(new UserCredentialModel(str2, credentialProvider.getType(), str));
    }

    public static void deleteOTPCredential(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel, String str) {
        if (((CredentialProvider) keycloakSession.getProvider(CredentialProvider.class, "keycloak-otp")).deleteCredential(realmModel, userModel, str)) {
            return;
        }
        logger.debug("Removing OTP credential from userStorage");
        userModel.credentialManager().disableCredentialType("otp");
    }

    public static CredentialRepresentation createUserStorageCredentialRepresentation(String str) {
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setId(str + "-id");
        credentialRepresentation.setType(str);
        credentialRepresentation.setCreatedDate(-1L);
        credentialRepresentation.setPriority(0);
        return credentialRepresentation;
    }
}
