package org.keycloak.authentication.authenticators.conditional;

import java.util.ArrayList;
import java.util.List;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-11.0.2.jar:org/keycloak/authentication/authenticators/conditional/ConditionalUserConfiguredAuthenticator.class */
public class ConditionalUserConfiguredAuthenticator implements ConditionalAuthenticator {
    public static final ConditionalUserConfiguredAuthenticator SINGLETON = new ConditionalUserConfiguredAuthenticator();

    @Override // org.keycloak.authentication.authenticators.conditional.ConditionalAuthenticator
    public boolean matchCondition(AuthenticationFlowContext authenticationFlowContext) {
        return matchConditionInFlow(authenticationFlowContext, authenticationFlowContext.getExecution().getParentFlow());
    }

    private boolean matchConditionInFlow(AuthenticationFlowContext authenticationFlowContext, String str) {
        List<AuthenticationExecutionModel> authenticationExecutions = authenticationFlowContext.getRealm().getAuthenticationExecutions(str);
        if (authenticationExecutions == null) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        authenticationExecutions.forEach(authenticationExecutionModel -> {
            boolean z = false;
            try {
                AuthenticatorFactory authenticatorFactory = (AuthenticatorFactory) authenticationFlowContext.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel.getAuthenticator());
                if (authenticatorFactory != null) {
                    if (authenticatorFactory.create(authenticationFlowContext.getSession()) instanceof ConditionalAuthenticator) {
                        z = true;
                    }
                }
            } catch (Exception e) {
            }
            if (authenticationFlowContext.getExecution().getId().equals(authenticationExecutionModel.getId()) || authenticationExecutionModel.isAuthenticatorFlow() || z) {
                return;
            }
            if (authenticationExecutionModel.isRequired()) {
                arrayList.add(authenticationExecutionModel);
            } else if (authenticationExecutionModel.isAlternative()) {
                arrayList2.add(authenticationExecutionModel);
            }
        });
        if (!arrayList.isEmpty()) {
            return arrayList.stream().allMatch(authenticationExecutionModel2 -> {
                return isConfiguredFor(authenticationExecutionModel2, authenticationFlowContext);
            });
        }
        if (arrayList2.isEmpty()) {
            return true;
        }
        return arrayList2.stream().anyMatch(authenticationExecutionModel3 -> {
            return isConfiguredFor(authenticationExecutionModel3, authenticationFlowContext);
        });
    }

    private boolean isConfiguredFor(AuthenticationExecutionModel authenticationExecutionModel, AuthenticationFlowContext authenticationFlowContext) {
        return authenticationExecutionModel.isAuthenticatorFlow() ? matchConditionInFlow(authenticationFlowContext, authenticationExecutionModel.getId()) : ((AuthenticatorFactory) authenticationFlowContext.getSession().getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel.getAuthenticator())).create(authenticationFlowContext.getSession()).configuredFor(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), authenticationFlowContext.getUser());
    }

    @Override // org.keycloak.authentication.Authenticator
    public void action(AuthenticationFlowContext authenticationFlowContext) {
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean requiresUser() {
        return true;
    }

    @Override // org.keycloak.authentication.Authenticator
    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }
}
