package org.keycloak.authentication.authenticators.util;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticatorUtil;
import org.keycloak.authentication.CredentialAction;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.Time;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authentication/authenticators/util/AcrStore.class */
public class AcrStore {
    private static final Logger logger = Logger.getLogger(AcrStore.class);
    private final KeycloakSession session;
    private final AuthenticationSessionModel authSession;

    public AcrStore(KeycloakSession keycloakSession, AuthenticationSessionModel authenticationSessionModel) {
        this.session = keycloakSession;
        this.authSession = authenticationSessionModel;
    }

    public boolean isLevelOfAuthenticationForced() {
        return Boolean.parseBoolean(this.authSession.getClientNote("force-level-of-authentication"));
    }

    public int getRequestedLevelOfAuthentication(AuthenticationFlowModel authenticationFlowModel) {
        String clientNote = this.authSession.getClientNote("requested-level-of-authentication");
        int parseInt = clientNote == null ? -1 : Integer.parseInt(clientNote);
        int requestedLevelOfAuthenticationByKcAction = getRequestedLevelOfAuthenticationByKcAction(authenticationFlowModel);
        logger.tracef("Level requested by client: %d, level requested by kc_action parameter: %d", parseInt, requestedLevelOfAuthenticationByKcAction);
        return Math.max(parseInt, requestedLevelOfAuthenticationByKcAction);
    }

    private int getRequestedLevelOfAuthenticationByKcAction(AuthenticationFlowModel authenticationFlowModel) {
        String credentialType;
        Map<String, Integer> credentialTypesToLoAMap;
        Integer num;
        RealmModel realm = this.authSession.getRealm();
        UserModel authenticatedUser = this.authSession.getAuthenticatedUser();
        String clientNote = this.authSession.getClientNote("kc_action");
        if (authenticatedUser == null || clientNote == null) {
            return -1;
        }
        CredentialAction credentialAction = (RequiredActionProvider) this.session.getProvider(RequiredActionProvider.class, clientNote);
        if (!(credentialAction instanceof CredentialAction) || (credentialType = credentialAction.getCredentialType(this.session, this.authSession)) == null || (num = (credentialTypesToLoAMap = LoAUtil.getCredentialTypesToLoAMap(this.session, realm, authenticationFlowModel)).get(credentialType)) == null) {
            return -1;
        }
        return getHighestLevelAvailableForUser(authenticatedUser, reverse(credentialTypesToLoAMap), num.intValue()).intValue();
    }

    private MultivaluedHashMap<Integer, String> reverse(Map<String, Integer> map) {
        MultivaluedHashMap<Integer, String> multivaluedHashMap = new MultivaluedHashMap<>();
        map.forEach((str, num) -> {
            multivaluedHashMap.add(num, str);
        });
        return multivaluedHashMap;
    }

    private Integer getHighestLevelAvailableForUser(UserModel userModel, MultivaluedHashMap<Integer, String> multivaluedHashMap, int i) {
        if (i <= -1) {
            return Integer.valueOf(i);
        }
        List list = (List) multivaluedHashMap.get(Integer.valueOf(i));
        if (list == null || list.isEmpty()) {
            return Integer.valueOf(i);
        }
        if (!userModel.credentialManager().getStoredCredentialsStream().anyMatch(credentialModel -> {
            return list.contains(credentialModel.getType());
        })) {
            return getHighestLevelAvailableForUser(userModel, multivaluedHashMap, i - 1);
        }
        logger.tracef("User %s has credential of level %d available", userModel.getUsername(), Integer.valueOf(i));
        return Integer.valueOf(i);
    }

    public boolean isLevelOfAuthenticationSatisfiedFromCurrentAuthentication(AuthenticationFlowModel authenticationFlowModel) {
        return getRequestedLevelOfAuthentication(authenticationFlowModel) <= getAuthenticatedLevelCurrentAuthentication();
    }

    public static int getCurrentLevelOfAuthentication(AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        String note = authenticatedClientSessionModel.getNote("level-of-authentication");
        if (note == null) {
            return -1;
        }
        return Integer.parseInt(note);
    }

    public boolean isLevelAuthenticatedInPreviousAuth(int i, int i2) {
        Map<Integer, Integer> currentAuthenticatedLevelsMap;
        Integer num;
        if (AuthenticatorUtil.isForcedReauthentication(this.authSession) || (currentAuthenticatedLevelsMap = getCurrentAuthenticatedLevelsMap()) == null || (num = currentAuthenticatedLevelsMap.get(Integer.valueOf(i))) == null) {
            return false;
        }
        return num.intValue() + i2 >= Time.currentTime();
    }

    public int getLevelOfAuthenticationFromCurrentAuthentication() {
        String authNote = this.authSession.getAuthNote("level-of-authentication");
        if (authNote == null) {
            return -1;
        }
        return Integer.parseInt(authNote);
    }

    public void setLevelAuthenticated(int i) {
        setLevelAuthenticatedToCurrentRequest(i);
        setLevelAuthenticatedToMap(i);
    }

    public void setLevelAuthenticatedToCurrentRequest(int i) {
        this.authSession.setAuthNote("level-of-authentication", String.valueOf(i));
    }

    private void setLevelAuthenticatedToMap(int i) {
        Map<Integer, Integer> currentAuthenticatedLevelsMap = getCurrentAuthenticatedLevelsMap();
        if (currentAuthenticatedLevelsMap == null) {
            currentAuthenticatedLevelsMap = new HashMap();
        }
        currentAuthenticatedLevelsMap.put(Integer.valueOf(i), Integer.valueOf(Time.currentTime()));
        saveCurrentAuthenticatedLevelsMap(currentAuthenticatedLevelsMap);
    }

    private int getAuthenticatedLevelCurrentAuthentication() {
        String authNote = this.authSession.getAuthNote("level-of-authentication");
        if (authNote == null) {
            return -1;
        }
        return Integer.parseInt(authNote);
    }

    public int getHighestAuthenticatedLevelFromPreviousAuthentication(String str) {
        Map<Integer, Integer> currentAuthenticatedLevelsMap = getCurrentAuthenticatedLevelsMap();
        if (currentAuthenticatedLevelsMap == null || currentAuthenticatedLevelsMap.isEmpty()) {
            return -1;
        }
        int i = 0;
        int currentTime = Time.currentTime();
        Map<Integer, Integer> loaMaxAgesConfiguredInRealmFlow = LoAUtil.getLoaMaxAgesConfiguredInRealmFlow(this.authSession.getRealm(), str);
        for (Map.Entry entry : new TreeMap(currentAuthenticatedLevelsMap).entrySet()) {
            Integer num = loaMaxAgesConfiguredInRealmFlow.get(entry.getKey());
            if (num == null) {
                logger.warnf("No condition found for level '%d' in the authentication flow", entry.getKey());
                num = 0;
            }
            if (currentTime > ((Integer) entry.getValue()).intValue() + num.intValue()) {
                break;
            }
            i = ((Integer) entry.getKey()).intValue();
        }
        logger.tracef("Highest authenticated level from previous authentication of client '%s' in authentication '%s' was: %d", this.authSession.getClient().getClientId(), this.authSession.getParentSession().getId(), Integer.valueOf(i));
        return i;
    }

    private Map<Integer, Integer> getCurrentAuthenticatedLevelsMap() {
        String authNote = this.authSession.getAuthNote("loa-map");
        if (authNote == null) {
            return null;
        }
        try {
            return (Map) JsonSerialization.readValue(authNote, new TypeReference<Map<Integer, Integer>>() { // from class: org.keycloak.authentication.authenticators.util.AcrStore.1
            });
        } catch (IOException e) {
            logger.warnf("Invalid format of the LoA map. Saved value was: %s", authNote);
            throw new IllegalStateException(e);
        }
    }

    private void saveCurrentAuthenticatedLevelsMap(Map<Integer, Integer> map) {
        try {
            this.authSession.setAuthNote("loa-map", JsonSerialization.writeValueAsString(map));
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }
}
