package org.keycloak.authentication.authenticators.util;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.authentication.AuthenticatorUtil;
import org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticator;
import org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticatorFactory;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.CachedRealmModel;

/* loaded from: input_file:org/keycloak/authentication/authenticators/util/LoAUtil.class */
public class LoAUtil {
    private static final Logger logger = Logger.getLogger(LoAUtil.class);

    public static int getCurrentLevelOfAuthentication(AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        String note = authenticatedClientSessionModel.getNote("level-of-authentication");
        if (note == null) {
            return -1;
        }
        return Integer.parseInt(note);
    }

    public static Stream<Integer> getLoAConfiguredInRealmBrowserFlow(RealmModel realmModel) {
        Map<Integer, Integer> loaMaxAgesConfiguredInRealmBrowserFlow = getLoaMaxAgesConfiguredInRealmBrowserFlow(realmModel);
        return loaMaxAgesConfiguredInRealmBrowserFlow.isEmpty() ? Stream.of((Object[]) new Integer[]{0, 1}) : Stream.concat(Stream.of(0), loaMaxAgesConfiguredInRealmBrowserFlow.keySet().stream());
    }

    public static Map<Integer, Integer> getLoaMaxAgesConfiguredInRealmBrowserFlow(RealmModel realmModel) {
        return getLoaMaxAgesConfiguredInRealmFlow(realmModel, realmModel.getBrowserFlow().getId());
    }

    public static Map<Integer, Integer> getLoaMaxAgesConfiguredInRealmFlow(RealmModel realmModel, String str) {
        List<AuthenticationExecutionModel> executionsByType = AuthenticatorUtil.getExecutionsByType(realmModel, str, ConditionalLoaAuthenticatorFactory.PROVIDER_ID);
        return executionsByType.isEmpty() ? Collections.emptyMap() : (Map) executionsByType.stream().map(authenticationExecutionModel -> {
            return realmModel.getAuthenticatorConfigById(authenticationExecutionModel.getAuthenticatorConfig());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(authenticatorConfigModel -> {
            return getLevelFromLoaConditionConfiguration(authenticatorConfigModel) != null;
        }).collect(Collectors.toMap(LoAUtil::getLevelFromLoaConditionConfiguration, LoAUtil::getMaxAgeFromLoaConditionConfiguration));
    }

    public static Integer getLevelFromLoaConditionConfiguration(AuthenticatorConfigModel authenticatorConfigModel) {
        String str = (String) authenticatorConfigModel.getConfig().get(ConditionalLoaAuthenticator.LEVEL);
        try {
            return Integer.valueOf(Integer.parseInt(str));
        } catch (NullPointerException | NumberFormatException e) {
            logger.warnf("Invalid level '%s' configured for the configuration of LoA condition with alias '%s'. Level should be number.", str, authenticatorConfigModel.getAlias());
            return null;
        }
    }

    public static int getMaxAgeFromLoaConditionConfiguration(AuthenticatorConfigModel authenticatorConfigModel) {
        try {
            return Integer.parseInt((String) authenticatorConfigModel.getConfig().get(ConditionalLoaAuthenticator.MAX_AGE));
        } catch (NullPointerException | NumberFormatException e) {
            String str = (String) authenticatorConfigModel.getConfig().get(ConditionalLoaAuthenticator.STORE_IN_USER_SESSION);
            if (str == null) {
                logger.errorf("Invalid max age configured for condition '%s'. Fallback to 0", authenticatorConfigModel.getAlias());
                return 0;
            }
            int i = Boolean.parseBoolean(str) ? ConditionalLoaAuthenticator.DEFAULT_MAX_AGE : 0;
            logger.warnf("Max age not configured for condition '%s' in the authentication flow. Fallback to %d based on the configuration option %s from previous version", authenticatorConfigModel.getAlias(), Integer.valueOf(i), ConditionalLoaAuthenticator.STORE_IN_USER_SESSION);
            return i;
        }
    }

    public static Map<String, Integer> getCredentialTypesToLoAMap(KeycloakSession keycloakSession, RealmModel realmModel, AuthenticationFlowModel authenticationFlowModel) {
        Map<String, Integer> map;
        String str = "flow:" + authenticationFlowModel.getId();
        if ((realmModel instanceof CachedRealmModel) && (map = (Map) ((CachedRealmModel) realmModel).getCachedWith().get(str)) != null) {
            return map;
        }
        HashMap hashMap = new HashMap();
        fillCredentialsToLoAMap(keycloakSession, realmModel, authenticationFlowModel, (Set) AuthenticatorUtil.getCredentialProviders(keycloakSession).map((v0) -> {
            return v0.getType();
        }).collect(Collectors.toSet()), new AtomicReference(-1), hashMap);
        logger.tracef("Computed credential types to LoA map for authentication flow '%s' in realm '%s'. Mapping: %s", authenticationFlowModel.getAlias(), realmModel.getName(), hashMap);
        if (realmModel instanceof CachedRealmModel) {
            ((CachedRealmModel) realmModel).getCachedWith().put(str, hashMap);
        }
        return hashMap;
    }

    private static void fillCredentialsToLoAMap(KeycloakSession keycloakSession, RealmModel realmModel, AuthenticationFlowModel authenticationFlowModel, Set<String> set, AtomicReference<Integer> atomicReference, Map<String, Integer> map) {
        realmModel.getAuthenticationExecutionsStream(authenticationFlowModel.getId()).forEachOrdered(authenticationExecutionModel -> {
            if (authenticationExecutionModel.isAuthenticatorFlow()) {
                AuthenticationFlowModel authenticationFlowById = realmModel.getAuthenticationFlowById(authenticationExecutionModel.getFlowId());
                int intValue = ((Integer) atomicReference.get()).intValue();
                fillCredentialsToLoAMap(keycloakSession, realmModel, authenticationFlowById, set, atomicReference, map);
                atomicReference.set(Integer.valueOf(intValue));
                return;
            }
            if (ConditionalLoaAuthenticatorFactory.PROVIDER_ID.equals(authenticationExecutionModel.getAuthenticator())) {
                Integer levelFromLoaConditionConfiguration = getLevelFromLoaConditionConfiguration(realmModel.getAuthenticatorConfigById(authenticationExecutionModel.getAuthenticatorConfig()));
                if (levelFromLoaConditionConfiguration != null) {
                    atomicReference.set(levelFromLoaConditionConfiguration);
                    return;
                }
                return;
            }
            AuthenticatorFactory providerFactory = keycloakSession.getKeycloakSessionFactory().getProviderFactory(Authenticator.class, authenticationExecutionModel.getAuthenticator());
            if (providerFactory == null || providerFactory.getReferenceCategory() == null || !set.contains(providerFactory.getReferenceCategory())) {
                return;
            }
            map.put(providerFactory.getReferenceCategory(), (Integer) atomicReference.get());
        });
    }
}
