package org.keycloak.authentication.authenticators.browser;

import jakarta.ws.rs.core.MultivaluedMap;
import jakarta.ws.rs.core.Response;
import java.util.Objects;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.services.messages.Messages;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/authentication/authenticators/browser/UsernameForm.class */
public final class UsernameForm extends UsernamePasswordForm {
    @Override // org.keycloak.authentication.authenticators.browser.UsernamePasswordForm
    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        if (authenticationFlowContext.getUser() == null || hasLinkedBrokers(authenticationFlowContext)) {
            super.authenticate(authenticationFlowContext);
        } else {
            authenticationFlowContext.success();
        }
    }

    @Override // org.keycloak.authentication.authenticators.browser.UsernamePasswordForm
    protected boolean validateForm(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        return validateUser(authenticationFlowContext, multivaluedMap);
    }

    @Override // org.keycloak.authentication.authenticators.browser.UsernamePasswordForm
    protected Response challenge(AuthenticationFlowContext authenticationFlowContext, MultivaluedMap<String, String> multivaluedMap) {
        LoginFormsProvider form = authenticationFlowContext.form();
        if (!multivaluedMap.isEmpty()) {
            form.setFormData(multivaluedMap);
        }
        return form.createLoginUsername();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
    public Response createLoginForm(LoginFormsProvider loginFormsProvider) {
        return loginFormsProvider.createLoginUsername();
    }

    @Override // org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
    protected String getDefaultChallengeMessage(AuthenticationFlowContext authenticationFlowContext) {
        return authenticationFlowContext.getRealm().isLoginWithEmailAllowed() ? Messages.INVALID_USERNAME_OR_EMAIL : Messages.INVALID_USERNAME;
    }

    private boolean hasLinkedBrokers(AuthenticationFlowContext authenticationFlowContext) {
        KeycloakSession session = authenticationFlowContext.getSession();
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            return false;
        }
        AuthenticationSessionModel authenticationSession = authenticationFlowContext.getAuthenticationSession();
        SerializedBrokeredIdentityContext readFromAuthenticationSession = SerializedBrokeredIdentityContext.readFromAuthenticationSession(authenticationSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
        IdentityProviderModel idpConfig = readFromAuthenticationSession == null ? null : readFromAuthenticationSession.deserialize(session, authenticationSession).getIdpConfig();
        return session.users().getFederatedIdentitiesStream(session.getContext().getRealm(), user).map(federatedIdentityModel -> {
            return session.identityProviders().getByAlias(federatedIdentityModel.getIdentityProvider());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).anyMatch(identityProviderModel -> {
            return idpConfig == null || !Objects.equals(idpConfig.getAlias(), identityProviderModel.getAlias());
        });
    }
}
