package org.keycloak.services.clientpolicy.condition;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.List;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.utils.AcrUtils;
import org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation;
import org.keycloak.services.clientpolicy.ClientPolicyContext;
import org.keycloak.services.clientpolicy.ClientPolicyEvent;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.ClientPolicyVote;
import org.keycloak.services.clientpolicy.context.AuthorizationRequestContext;

/* loaded from: input_file:org/keycloak/services/clientpolicy/condition/AcrCondition.class */
public class AcrCondition extends AbstractClientPolicyConditionProvider<Configuration> {

    /* loaded from: input_file:org/keycloak/services/clientpolicy/condition/AcrCondition$Configuration.class */
    public static class Configuration extends ClientPolicyConditionConfigurationRepresentation {

        @JsonProperty(AcrConditionFactory.ACR_PROPERTY)
        protected String acrProperty;

        public String getAcrProperty() {
            return this.acrProperty;
        }

        public void setAcrProperty(String str) {
            this.acrProperty = str;
        }
    }

    public AcrCondition(KeycloakSession keycloakSession) {
        super(keycloakSession);
    }

    public Class<Configuration> getConditionConfigurationClass() {
        return Configuration.class;
    }

    public String getProviderId() {
        return AnyClientConditionFactory.PROVIDER_ID;
    }

    public ClientPolicyVote applyPolicy(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        if (clientPolicyContext.getEvent() != ClientPolicyEvent.AUTHORIZATION_REQUEST) {
            return ClientPolicyVote.ABSTAIN;
        }
        AuthorizationRequestContext authorizationRequestContext = (AuthorizationRequestContext) clientPolicyContext;
        if (!containsAcr(authorizationRequestContext)) {
            return ClientPolicyVote.NO;
        }
        authorizationRequestContext.getAuthenticationSession().setAuthNote("client-policy-requested-acr", ((Configuration) this.configuration).getAcrProperty());
        return ClientPolicyVote.YES;
    }

    private boolean containsAcr(AuthorizationRequestContext authorizationRequestContext) {
        List<String> acrValues = AcrUtils.getAcrValues(authorizationRequestContext.getAuthorizationEndpointRequest().getClaims(), authorizationRequestContext.getAuthorizationEndpointRequest().getAcr(), this.session.getContext().getClient());
        return (acrValues == null || acrValues.isEmpty() || !acrValues.contains(((Configuration) this.configuration).getAcrProperty())) ? false : true;
    }
}
