package org.keycloak.authentication.authenticators.broker;

import javax.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.AuthenticationFlowException;
import org.keycloak.authentication.authenticators.broker.util.ExistingUserInfo;
import org.keycloak.authentication.authenticators.broker.util.SerializedBrokeredIdentityContext;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/authentication/authenticators/broker/IdpConfirmLinkAuthenticator.class */
public class IdpConfirmLinkAuthenticator extends AbstractIdpAuthenticator {
    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void authenticateImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        String authNote = authenticationFlowContext.getAuthenticationSession().getAuthNote(AbstractIdpAuthenticator.EXISTING_USER_INFO);
        if (authNote == null) {
            ServicesLogger.LOGGER.noDuplicationDetected();
            authenticationFlowContext.attempted();
        } else {
            ExistingUserInfo deserialize = ExistingUserInfo.deserialize(authNote);
            authenticationFlowContext.challenge(authenticationFlowContext.form().setStatus(Response.Status.OK).setAttribute("identityProviderBrokerCtx", brokeredIdentityContext).setError(Messages.FEDERATED_IDENTITY_CONFIRM_LINK_MESSAGE, new Object[]{deserialize.getDuplicateAttributeName(), deserialize.getDuplicateAttributeValue()}).createIdpLinkConfirmLinkPage());
        }
    }

    @Override // org.keycloak.authentication.authenticators.broker.AbstractIdpAuthenticator
    protected void actionImpl(AuthenticationFlowContext authenticationFlowContext, SerializedBrokeredIdentityContext serializedBrokeredIdentityContext, BrokeredIdentityContext brokeredIdentityContext) {
        String str = (String) authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("submitAction");
        if (str != null && str.equals("updateProfile")) {
            authenticationFlowContext.resetFlow(() -> {
                AuthenticationSessionModel authenticationSession = authenticationFlowContext.getAuthenticationSession();
                serializedBrokeredIdentityContext.saveToAuthenticationSession(authenticationSession, AbstractIdpAuthenticator.BROKERED_CONTEXT_NOTE);
                authenticationSession.setAuthNote(AbstractIdpAuthenticator.ENFORCE_UPDATE_PROFILE, "true");
            });
        } else {
            if (str == null || !str.equals("linkAccount")) {
                throw new AuthenticationFlowException("Unknown action: " + str, AuthenticationFlowError.INTERNAL_ERROR);
            }
            authenticationFlowContext.success();
        }
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return false;
    }
}
