package org.keycloak.authentication;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.stream.Collectors;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.OAuth2Constants;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator;
import org.keycloak.credential.CredentialModel;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.util.AuthenticationFlowHistoryHelper;
import org.keycloak.services.util.AuthenticationFlowURLHelper;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-8.0.0.jar:org/keycloak/authentication/DefaultAuthenticationFlow.class */
public class DefaultAuthenticationFlow implements AuthenticationFlow {
    private static final Logger logger = Logger.getLogger((Class<?>) DefaultAuthenticationFlow.class);
    private final List<AuthenticationExecutionModel> executions;
    private final AuthenticationProcessor processor;
    private final AuthenticationFlowModel flow;
    private boolean successful;
    private List<AuthenticationFlowException> afeList = new ArrayList();

    public DefaultAuthenticationFlow(AuthenticationProcessor authenticationProcessor, AuthenticationFlowModel authenticationFlowModel) {
        this.processor = authenticationProcessor;
        this.flow = authenticationFlowModel;
        this.executions = authenticationProcessor.getRealm().getAuthenticationExecutions(authenticationFlowModel.getId());
    }

    protected boolean isProcessed(AuthenticationExecutionModel authenticationExecutionModel) {
        if (authenticationExecutionModel.isDisabled()) {
            return true;
        }
        CommonClientSessionModel.ExecutionStatus executionStatus = this.processor.getAuthenticationSession().getExecutionStatus().get(authenticationExecutionModel.getId());
        if (executionStatus == null) {
            return false;
        }
        return executionStatus == CommonClientSessionModel.ExecutionStatus.SUCCESS || executionStatus == CommonClientSessionModel.ExecutionStatus.SKIPPED || executionStatus == CommonClientSessionModel.ExecutionStatus.ATTEMPTED || executionStatus == CommonClientSessionModel.ExecutionStatus.SETUP_REQUIRED;
    }

    protected Authenticator createAuthenticator(AuthenticatorFactory authenticatorFactory) {
        Authenticator createDisplay;
        String authNote = this.processor.getAuthenticationSession().getAuthNote(OAuth2Constants.DISPLAY);
        if (authNote == null) {
            return authenticatorFactory.create2(this.processor.getSession());
        }
        if ((authenticatorFactory instanceof DisplayTypeAuthenticatorFactory) && (createDisplay = ((DisplayTypeAuthenticatorFactory) authenticatorFactory).createDisplay(this.processor.getSession(), authNote)) != null) {
            return createDisplay;
        }
        if (!OAuth2Constants.DISPLAY_CONSOLE.equalsIgnoreCase(authNote)) {
            return authenticatorFactory.create2(this.processor.getSession());
        }
        this.processor.getAuthenticationSession().removeAuthNote(OAuth2Constants.DISPLAY);
        throw new AuthenticationFlowException(AuthenticationFlowError.DISPLAY_NOT_SUPPORTED, ConsoleDisplayMode.browserContinue(this.processor.getSession(), this.processor.getRefreshUrl(true).toString()));
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public Response processAction(String str) {
        logger.debugv("processAction: {0}", str);
        if (str == null || str.isEmpty()) {
            throw new AuthenticationFlowException("action is not in current execution", AuthenticationFlowError.INTERNAL_ERROR);
        }
        AuthenticationExecutionModel authenticationExecutionById = this.processor.getRealm().getAuthenticationExecutionById(str);
        if (authenticationExecutionById == null) {
            throw new AuthenticationFlowException("action is not in current execution", AuthenticationFlowError.INTERNAL_ERROR);
        }
        MultivaluedMap<String, String> decodedFormParameters = this.processor.getRequest().getDecodedFormParameters();
        String first = decodedFormParameters.getFirst(Constants.AUTHENTICATION_EXECUTION);
        String first2 = decodedFormParameters.getFirst("credentialId");
        if (decodedFormParameters.containsKey("back")) {
            AuthenticationSessionModel authenticationSession = this.processor.getAuthenticationSession();
            AuthenticationFlowHistoryHelper authenticationFlowHistoryHelper = new AuthenticationFlowHistoryHelper(this.processor);
            if (authenticationFlowHistoryHelper.hasAnyExecution()) {
                AuthenticationExecutionModel authenticationExecutionById2 = this.processor.getRealm().getAuthenticationExecutionById(authenticationFlowHistoryHelper.pullExecution());
                logger.debugf("Moving back to authentication execution '%s'", authenticationExecutionById2.getAuthenticator());
                recursiveClearExecutionStatusOfAllExecutionsAfterOurExecutionInclusive(authenticationExecutionById2);
                Response processSingleFlowExecutionModel = processSingleFlowExecutionModel(authenticationExecutionById2, null, false);
                if (processSingleFlowExecutionModel != null) {
                    return processSingleFlowExecutionModel;
                }
                this.processor.getAuthenticationSession().removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
                return processFlow();
            }
            new AuthenticationFlowURLHelper(this.processor.getSession(), this.processor.getRealm(), this.processor.getUriInfo()).showPageExpired(authenticationSession);
        }
        if (first != null && !first.isEmpty()) {
            List<AuthenticationSelectionOption> createAuthenticationSelectionList = createAuthenticationSelectionList(authenticationExecutionById);
            createAuthenticationSelectionList.stream().filter(authenticationSelectionOption -> {
                return first.equals(authenticationSelectionOption.getAuthExecId());
            }).findFirst().orElseThrow(() -> {
                return new AuthenticationFlowException("Requested authentication execution is not allowed", AuthenticationFlowError.INTERNAL_ERROR);
            });
            AuthenticationExecutionModel authenticationExecutionById3 = this.processor.getRealm().getAuthenticationExecutionById(first);
            if (authenticationExecutionById3.isAuthenticatorFlow()) {
                new AuthenticationFlowHistoryHelper(this.processor).pushExecution(createAuthenticationSelectionList.get(0).getAuthExecId());
            }
            Response processSingleFlowExecutionModel2 = processSingleFlowExecutionModel(authenticationExecutionById3, first2, false);
            if (processSingleFlowExecutionModel2 != null) {
                return processSingleFlowExecutionModel2;
            }
            this.processor.getAuthenticationSession().removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
            checkAndValidateParentFlow(authenticationExecutionById3);
            return processFlow();
        }
        if (authenticationExecutionById.isAuthenticatorFlow()) {
            logger.debug("execution is flow");
            Response processAction = this.processor.createFlowExecution(authenticationExecutionById.getFlowId(), authenticationExecutionById).processAction(str);
            if (processAction == null) {
                checkAndValidateParentFlow(authenticationExecutionById);
                return processFlow();
            }
            this.processor.getAuthenticationSession().setExecutionStatus(authenticationExecutionById.getId(), CommonClientSessionModel.ExecutionStatus.CHALLENGED);
            return processAction;
        }
        Authenticator createAuthenticator = createAuthenticator(getAuthenticatorFactory(authenticationExecutionById));
        AuthenticationProcessor.Result createAuthenticatorContext = this.processor.createAuthenticatorContext(authenticationExecutionById, createAuthenticator, this.executions);
        createAuthenticatorContext.setAuthenticationSelections(createAuthenticationSelectionList(authenticationExecutionById));
        createAuthenticatorContext.setSelectedCredentialId(first2);
        logger.debugv("action: {0}", authenticationExecutionById.getAuthenticator());
        createAuthenticator.action(createAuthenticatorContext);
        Response processResult = processResult(createAuthenticatorContext, true);
        if (processResult != null) {
            return processResult;
        }
        this.processor.getAuthenticationSession().removeAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION);
        checkAndValidateParentFlow(authenticationExecutionById);
        return processFlow();
    }

    private void recursiveClearExecutionStatusOfAllExecutionsAfterOurExecutionInclusive(AuthenticationExecutionModel authenticationExecutionModel) {
        RealmModel realm = this.processor.getRealm();
        AuthenticationSessionModel authenticationSession = this.processor.getAuthenticationSession();
        authenticationSession.getExecutionStatus().remove(authenticationExecutionModel.getId());
        recursiveClearExecutionStatusOfAllSiblings(authenticationExecutionModel);
        while (true) {
            AuthenticationFlowModel authenticationFlowById = realm.getAuthenticationFlowById(authenticationExecutionModel.getParentFlow());
            if (authenticationFlowById.isTopLevel()) {
                return;
            }
            AuthenticationExecutionModel authenticationExecutionByFlowId = realm.getAuthenticationExecutionByFlowId(authenticationFlowById.getId());
            if (!authenticationSession.getExecutionStatus().containsKey(authenticationExecutionByFlowId.getId())) {
                return;
            }
            authenticationSession.getExecutionStatus().remove(authenticationExecutionByFlowId.getId());
            recursiveClearExecutionStatusOfAllSiblings(authenticationExecutionByFlowId);
            authenticationExecutionModel = authenticationExecutionByFlowId;
        }
    }

    private void recursiveClearExecutionStatusOfAllSiblings(AuthenticationExecutionModel authenticationExecutionModel) {
        RealmModel realm = this.processor.getRealm();
        AuthenticationFlowModel authenticationFlowById = realm.getAuthenticationFlowById(authenticationExecutionModel.getParentFlow());
        logger.debugf("Recursively clearing executions in flow '%s', which are after execution '%s'", authenticationFlowById.getAlias(), authenticationExecutionModel.getId());
        List<AuthenticationExecutionModel> authenticationExecutions = realm.getAuthenticationExecutions(authenticationFlowById.getId());
        Iterator<AuthenticationExecutionModel> it = authenticationExecutions.subList(authenticationExecutions.indexOf(authenticationExecutionModel) + 1, authenticationExecutions.size()).iterator();
        while (it.hasNext()) {
            recursiveClearExecutionStatus(it.next());
        }
    }

    private void recursiveClearExecutionStatus(AuthenticationExecutionModel authenticationExecutionModel) {
        this.processor.getAuthenticationSession().getExecutionStatus().remove(authenticationExecutionModel.getId());
        if (authenticationExecutionModel.isAuthenticatorFlow()) {
            this.processor.getRealm().getAuthenticationExecutions(authenticationExecutionModel.getFlowId()).forEach(this::recursiveClearExecutionStatus);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:6:0x0046, code lost:
    
        if (r0.allMatch(r1::isSuccessful) == false) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkAndValidateParentFlow(org.keycloak.models.AuthenticationExecutionModel r5) {
        /*
            r4 = this;
            r0 = r4
            org.keycloak.authentication.AuthenticationProcessor r0 = r0.processor
            org.keycloak.models.RealmModel r0 = r0.getRealm()
            r1 = r5
            java.lang.String r1 = r1.getParentFlow()
            java.util.List r0 = r0.getAuthenticationExecutions(r1)
            r6 = r0
            r0 = r4
            org.keycloak.authentication.AuthenticationProcessor r0 = r0.processor
            org.keycloak.models.RealmModel r0 = r0.getRealm()
            r1 = r5
            java.lang.String r1 = r1.getParentFlow()
            org.keycloak.models.AuthenticationExecutionModel r0 = r0.getAuthenticationExecutionByFlowId(r1)
            r7 = r0
            r0 = r7
            if (r0 == 0) goto L7f
            r0 = r5
            boolean r0 = r0.isRequired()
            if (r0 == 0) goto L49
            r0 = r6
            java.util.stream.Stream r0 = r0.stream()
            r1 = r4
            org.keycloak.authentication.AuthenticationProcessor r1 = r1.processor
            r2 = r1
            java.lang.Class r2 = r2.getClass()
            void r1 = r1::isSuccessful
            boolean r0 = r0.allMatch(r1)
            if (r0 != 0) goto L6c
        L49:
            r0 = r5
            boolean r0 = r0.isAlternative()
            if (r0 == 0) goto L7f
            r0 = r6
            java.util.stream.Stream r0 = r0.stream()
            r1 = r4
            org.keycloak.authentication.AuthenticationProcessor r1 = r1.processor
            r2 = r1
            java.lang.Class r2 = r2.getClass()
            void r1 = r1::isSuccessful
            boolean r0 = r0.anyMatch(r1)
            if (r0 == 0) goto L7f
        L6c:
            r0 = r4
            org.keycloak.authentication.AuthenticationProcessor r0 = r0.processor
            org.keycloak.sessions.AuthenticationSessionModel r0 = r0.getAuthenticationSession()
            r1 = r7
            java.lang.String r1 = r1.getId()
            org.keycloak.sessions.CommonClientSessionModel$ExecutionStatus r2 = org.keycloak.sessions.CommonClientSessionModel.ExecutionStatus.SUCCESS
            r0.setExecutionStatus(r1, r2)
        L7f:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.keycloak.authentication.DefaultAuthenticationFlow.checkAndValidateParentFlow(org.keycloak.models.AuthenticationExecutionModel):void");
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public Response processFlow() {
        Response processSingleFlowExecutionModel;
        logger.debug("processFlow");
        ArrayList arrayList = new ArrayList();
        ArrayList<AuthenticationExecutionModel> arrayList2 = new ArrayList();
        for (AuthenticationExecutionModel authenticationExecutionModel : this.executions) {
            if (!isConditionalAuthenticator(authenticationExecutionModel)) {
                if (authenticationExecutionModel.isRequired() || authenticationExecutionModel.isConditional()) {
                    arrayList.add(authenticationExecutionModel);
                } else if (authenticationExecutionModel.isAlternative()) {
                    arrayList2.add(authenticationExecutionModel);
                }
            }
        }
        boolean z = true;
        ListIterator listIterator = arrayList.listIterator();
        while (listIterator.hasNext()) {
            AuthenticationExecutionModel authenticationExecutionModel2 = (AuthenticationExecutionModel) listIterator.next();
            if (authenticationExecutionModel2.isConditional() && isConditionalSubflowDisabled(authenticationExecutionModel2)) {
                listIterator.remove();
            } else {
                Response processSingleFlowExecutionModel2 = processSingleFlowExecutionModel(authenticationExecutionModel2, null, true);
                z &= this.processor.isSuccessful(authenticationExecutionModel2) || isSetupRequired(authenticationExecutionModel2);
                if (processSingleFlowExecutionModel2 != null) {
                    return processSingleFlowExecutionModel2;
                }
            }
        }
        if (!arrayList.isEmpty()) {
            this.successful = z;
            return null;
        }
        if (arrayList2.stream().anyMatch(authenticationExecutionModel3 -> {
            return this.processor.isSuccessful(authenticationExecutionModel3) || isSetupRequired(authenticationExecutionModel3);
        })) {
            this.successful = true;
            return null;
        }
        for (AuthenticationExecutionModel authenticationExecutionModel4 : arrayList2) {
            try {
                processSingleFlowExecutionModel = processSingleFlowExecutionModel(authenticationExecutionModel4, null, true);
            } catch (AuthenticationFlowException e) {
                this.afeList.add(e);
                this.processor.getAuthenticationSession().setExecutionStatus(authenticationExecutionModel4.getId(), CommonClientSessionModel.ExecutionStatus.ATTEMPTED);
            }
            if (processSingleFlowExecutionModel != null) {
                return processSingleFlowExecutionModel;
            }
            if (this.processor.isSuccessful(authenticationExecutionModel4) || isSetupRequired(authenticationExecutionModel4)) {
                this.successful = true;
                return null;
            }
        }
        return null;
    }

    private boolean isConditionalSubflowDisabled(AuthenticationExecutionModel authenticationExecutionModel) {
        if (authenticationExecutionModel == null || !authenticationExecutionModel.isAuthenticatorFlow() || !authenticationExecutionModel.isConditional()) {
            return false;
        }
        List<AuthenticationExecutionModel> authenticationExecutions = this.processor.getRealm().getAuthenticationExecutions(authenticationExecutionModel.getFlowId());
        List list = (List) authenticationExecutions.stream().filter(this::isConditionalAuthenticator).collect(Collectors.toList());
        return list.isEmpty() || list.stream().anyMatch(authenticationExecutionModel2 -> {
            return conditionalNotMatched(authenticationExecutionModel2, authenticationExecutions);
        });
    }

    private boolean isConditionalAuthenticator(AuthenticationExecutionModel authenticationExecutionModel) {
        return (authenticationExecutionModel.isAuthenticatorFlow() || authenticationExecutionModel.getAuthenticator() == null || !(createAuthenticator(getAuthenticatorFactory(authenticationExecutionModel)) instanceof ConditionalAuthenticator)) ? false : true;
    }

    private AuthenticatorFactory getAuthenticatorFactory(AuthenticationExecutionModel authenticationExecutionModel) {
        AuthenticatorFactory authenticatorFactory = (AuthenticatorFactory) this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel.getAuthenticator());
        if (authenticatorFactory == null) {
            throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + authenticationExecutionModel.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
        }
        return authenticatorFactory;
    }

    private boolean conditionalNotMatched(AuthenticationExecutionModel authenticationExecutionModel, List<AuthenticationExecutionModel> list) {
        ConditionalAuthenticator conditionalAuthenticator = (ConditionalAuthenticator) createAuthenticator(getAuthenticatorFactory(authenticationExecutionModel));
        return !conditionalAuthenticator.matchCondition(this.processor.createAuthenticatorContext(authenticationExecutionModel, conditionalAuthenticator, list));
    }

    private boolean isSetupRequired(AuthenticationExecutionModel authenticationExecutionModel) {
        return CommonClientSessionModel.ExecutionStatus.SETUP_REQUIRED.equals(this.processor.getAuthenticationSession().getExecutionStatus().get(authenticationExecutionModel.getId()));
    }

    private Response processSingleFlowExecutionModel(AuthenticationExecutionModel authenticationExecutionModel, String str, boolean z) {
        logger.debugv("check execution: {0} requirement: {1}", authenticationExecutionModel.getAuthenticator(), authenticationExecutionModel.getRequirement());
        if (isProcessed(authenticationExecutionModel)) {
            logger.debug("execution is processed");
            return null;
        }
        if (authenticationExecutionModel.isAuthenticatorFlow()) {
            logger.debug("execution is flow");
            AuthenticationFlow createFlowExecution = this.processor.createFlowExecution(authenticationExecutionModel.getFlowId(), authenticationExecutionModel);
            Response processFlow = createFlowExecution.processFlow();
            if (processFlow != null) {
                this.processor.getAuthenticationSession().setExecutionStatus(authenticationExecutionModel.getId(), CommonClientSessionModel.ExecutionStatus.CHALLENGED);
                return processFlow;
            }
            if (createFlowExecution.isSuccessful()) {
                this.processor.getAuthenticationSession().setExecutionStatus(authenticationExecutionModel.getId(), CommonClientSessionModel.ExecutionStatus.SUCCESS);
                return null;
            }
            this.processor.getAuthenticationSession().setExecutionStatus(authenticationExecutionModel.getId(), CommonClientSessionModel.ExecutionStatus.FAILED);
            return null;
        }
        AuthenticatorFactory authenticatorFactory = getAuthenticatorFactory(authenticationExecutionModel);
        Authenticator createAuthenticator = createAuthenticator(authenticatorFactory);
        logger.debugv("authenticator: {0}", authenticatorFactory.getId());
        UserModel authenticatedUser = this.processor.getAuthenticationSession().getAuthenticatedUser();
        List<AuthenticationSelectionOption> createAuthenticationSelectionList = createAuthenticationSelectionList(authenticationExecutionModel);
        if (!createAuthenticationSelectionList.isEmpty() && z) {
            List list = (List) createAuthenticationSelectionList.stream().filter(authenticationSelectionOption -> {
                return (authenticationSelectionOption.getAuthenticationExecution().isAuthenticatorFlow() || isProcessed(authenticationSelectionOption.getAuthenticationExecution())) ? false : true;
            }).collect(Collectors.toList());
            if (list.isEmpty()) {
                return null;
            }
            authenticationExecutionModel = ((AuthenticationSelectionOption) list.get(0)).getAuthenticationExecution();
            authenticatorFactory = (AuthenticatorFactory) this.processor.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel.getAuthenticator());
            if (authenticatorFactory == null) {
                throw new RuntimeException("Unable to find factory for AuthenticatorFactory: " + authenticationExecutionModel.getAuthenticator() + " did you forget to declare it in a META-INF/services file?");
            }
            createAuthenticator = createAuthenticator(authenticatorFactory);
        }
        AuthenticationProcessor.Result createAuthenticatorContext = this.processor.createAuthenticatorContext(authenticationExecutionModel, createAuthenticator, this.executions);
        createAuthenticatorContext.setAuthenticationSelections(createAuthenticationSelectionList);
        if (str != null) {
            createAuthenticatorContext.setSelectedCredentialId(str);
        } else if (!createAuthenticationSelectionList.isEmpty()) {
            createAuthenticatorContext.setSelectedCredentialId(createAuthenticationSelectionList.get(0).getCredentialId());
        }
        if (createAuthenticator.requiresUser()) {
            if (authenticatedUser == null) {
                throw new AuthenticationFlowException("authenticator: " + authenticatorFactory.getId(), AuthenticationFlowError.UNKNOWN_USER);
            }
            if (!createAuthenticator.configuredFor(this.processor.getSession(), this.processor.getRealm(), authenticatedUser)) {
                if (!authenticatorFactory.isUserSetupAllowed() || !authenticationExecutionModel.isRequired() || !createAuthenticator.areRequiredActionsEnabled(this.processor.getSession(), this.processor.getRealm())) {
                    throw new AuthenticationFlowException("authenticator: " + authenticatorFactory.getId(), AuthenticationFlowError.CREDENTIAL_SETUP_REQUIRED);
                }
                logger.debugv("authenticator SETUP_REQUIRED: {0}", authenticatorFactory.getId());
                this.processor.getAuthenticationSession().setExecutionStatus(authenticationExecutionModel.getId(), CommonClientSessionModel.ExecutionStatus.SETUP_REQUIRED);
                createAuthenticator.setRequiredActions(this.processor.getSession(), this.processor.getRealm(), this.processor.getAuthenticationSession().getAuthenticatedUser());
                return null;
            }
        }
        logger.debugv("invoke authenticator.authenticate: {0}", authenticatorFactory.getId());
        createAuthenticator.authenticate(createAuthenticatorContext);
        return processResult(createAuthenticatorContext, false);
    }

    private List<AuthenticationSelectionOption> createAuthenticationSelectionList(AuthenticationExecutionModel authenticationExecutionModel) {
        ArrayList arrayList = new ArrayList();
        if (this.processor.getAuthenticationSession() != null) {
            HashMap hashMap = new HashMap();
            ArrayList<AuthenticationExecutionModel> arrayList2 = new ArrayList();
            if (authenticationExecutionModel.isAlternative()) {
                for (AuthenticationExecutionModel authenticationExecutionModel2 : (List) this.processor.getRealm().getAuthenticationExecutions(authenticationExecutionModel.getParentFlow()).stream().filter((v0) -> {
                    return v0.isAlternative();
                }).collect(Collectors.toList())) {
                    if (authenticationExecutionModel2.isAuthenticatorFlow()) {
                        arrayList2.add(authenticationExecutionModel2);
                    } else {
                        Authenticator authenticator = (Authenticator) this.processor.getSession().getProvider(Authenticator.class, authenticationExecutionModel2.getAuthenticator());
                        if (authenticator instanceof CredentialValidator) {
                            hashMap.put(((CredentialValidator) authenticator).getType(this.processor.getSession()), authenticationExecutionModel2);
                        } else {
                            arrayList2.add(authenticationExecutionModel2);
                        }
                    }
                }
            } else if (authenticationExecutionModel.isRequired() && !authenticationExecutionModel.isAuthenticatorFlow()) {
                Authenticator authenticator2 = (Authenticator) this.processor.getSession().getProvider(Authenticator.class, authenticationExecutionModel.getAuthenticator());
                if (authenticator2 instanceof CredentialValidator) {
                    hashMap.put(((CredentialValidator) authenticator2).getType(this.processor.getSession()), authenticationExecutionModel);
                }
            }
            if (this.processor.getAuthenticationSession().getAuthenticatedUser() != null) {
                List<CredentialModel> list = (List) this.processor.getSession().userCredentialManager().getStoredCredentials(this.processor.getRealm(), this.processor.getAuthenticationSession().getAuthenticatedUser()).stream().filter(credentialModel -> {
                    return hashMap.containsKey(credentialModel.getType());
                }).collect(Collectors.toList());
                MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
                for (CredentialModel credentialModel2 : list) {
                    AuthenticationSelectionOption authenticationSelectionOption = new AuthenticationSelectionOption((AuthenticationExecutionModel) hashMap.get(credentialModel2.getType()), credentialModel2);
                    arrayList.add(authenticationSelectionOption);
                    multivaluedHashMap.add(credentialModel2.getType(), authenticationSelectionOption);
                }
                Iterator it = multivaluedHashMap.entrySet().iterator();
                while (it.hasNext()) {
                    Map.Entry entry = (Map.Entry) it.next();
                    if (((List) entry.getValue()).size() == 1) {
                        ((AuthenticationSelectionOption) ((List) entry.getValue()).get(0)).setShowCredentialName(false);
                    }
                }
                if (multivaluedHashMap.keySet().size() == 1 && arrayList2.isEmpty()) {
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        ((AuthenticationSelectionOption) it2.next()).setShowCredentialType(false);
                    }
                }
            }
            for (AuthenticationExecutionModel authenticationExecutionModel3 : arrayList2) {
                if (authenticationExecutionModel3.isAuthenticatorFlow()) {
                    arrayList.add(new AuthenticationSelectionOption(authenticationExecutionModel3, this.processor.getRealm().getAuthenticationFlowById(authenticationExecutionModel3.getFlowId())));
                } else {
                    arrayList.add(new AuthenticationSelectionOption(authenticationExecutionModel3));
                }
            }
        }
        return arrayList;
    }

    public Response processResult(AuthenticationProcessor.Result result, boolean z) {
        AuthenticationExecutionModel execution = result.getExecution();
        switch (result.getStatus()) {
            case SUCCESS:
                logger.debugv("authenticator SUCCESS: {0}", execution.getAuthenticator());
                if (z) {
                    new AuthenticationFlowHistoryHelper(this.processor).pushExecution(execution.getId());
                }
                this.processor.getAuthenticationSession().setExecutionStatus(execution.getId(), CommonClientSessionModel.ExecutionStatus.SUCCESS);
                return null;
            case FAILED:
                logger.debugv("authenticator FAILED: {0}", execution.getAuthenticator());
                this.processor.logFailure();
                this.processor.getAuthenticationSession().setExecutionStatus(execution.getId(), CommonClientSessionModel.ExecutionStatus.FAILED);
                if (result.getChallenge() != null) {
                    return sendChallenge(result, execution);
                }
                throw new AuthenticationFlowException(result.getError());
            case FORK:
                logger.debugv("reset browser login from authenticator: {0}", execution.getAuthenticator());
                this.processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution.getId());
                throw new ForkFlowException(result.getSuccessMessage(), result.getErrorMessage());
            case FORCE_CHALLENGE:
            case CHALLENGE:
                this.processor.getAuthenticationSession().setExecutionStatus(execution.getId(), CommonClientSessionModel.ExecutionStatus.CHALLENGED);
                return sendChallenge(result, execution);
            case FAILURE_CHALLENGE:
                logger.debugv("authenticator FAILURE_CHALLENGE: {0}", execution.getAuthenticator());
                this.processor.logFailure();
                this.processor.getAuthenticationSession().setExecutionStatus(execution.getId(), CommonClientSessionModel.ExecutionStatus.CHALLENGED);
                return sendChallenge(result, execution);
            case ATTEMPTED:
                logger.debugv("authenticator ATTEMPTED: {0}", execution.getAuthenticator());
                if (execution.isRequired()) {
                    throw new AuthenticationFlowException(AuthenticationFlowError.INVALID_CREDENTIALS);
                }
                this.processor.getAuthenticationSession().setExecutionStatus(execution.getId(), CommonClientSessionModel.ExecutionStatus.ATTEMPTED);
                return null;
            case FLOW_RESET:
                this.processor.resetFlow();
                return this.processor.authenticate();
            default:
                logger.debugv("authenticator INTERNAL_ERROR: {0}", execution.getAuthenticator());
                ServicesLogger.LOGGER.unknownResultStatus();
                throw new AuthenticationFlowException(AuthenticationFlowError.INTERNAL_ERROR);
        }
    }

    public Response sendChallenge(AuthenticationProcessor.Result result, AuthenticationExecutionModel authenticationExecutionModel) {
        this.processor.getAuthenticationSession().setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, authenticationExecutionModel.getId());
        return result.getChallenge();
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public boolean isSuccessful() {
        return this.successful;
    }

    @Override // org.keycloak.authentication.AuthenticationFlow
    public List<AuthenticationFlowException> getFlowExceptions() {
        return this.afeList;
    }
}
