package kr.co.dozn.auth.user.authenticators;

import net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.PasswordCredentialModel;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:kr/co/dozn/auth/user/authenticators/SimplePasswordRegistration.class */
public class SimplePasswordRegistration extends BaseDirectGrantAuthenticator {
    public static final String PROVIDER_ID = "simple-password-register";
    private static final Logger logger = Logger.getLogger(SimplePasswordRegistration.class);

    public SimplePasswordRegistration() {
        super(PROVIDER_ID, "[Dozn] Simple password registration", "Register the six digit password supplied as a 'password' form parameter in direct grant request");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.REGISTER).detail("identity_provider", PROVIDER_ID).detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, PasswordFormKeys.FORM_PASSWORD);
        String str = retrieve(authenticationFlowContext, PasswordFormKeys.FORM_NEW_PASSWORD).get();
        if (Validation.isBlank(str)) {
            authenticationFlowContext.getEvent().event(EventType.REGISTER_ERROR);
            invalidRequest(authenticationFlowContext, "Missing parameter: newPassword");
            return;
        }
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            authenticationFlowContext.getEvent().event(EventType.REGISTER_ERROR);
            invalidNotFoundUser(authenticationFlowContext);
            return;
        }
        PasswordCredentialProvider credentialProvider = getCredentialProvider(authenticationFlowContext.getSession());
        PasswordCredentialModel password = credentialProvider.getPassword(authenticationFlowContext.getRealm(), user);
        if (password != null) {
            credentialProvider.deleteCredential(authenticationFlowContext.getRealm(), authenticationFlowContext.getUser(), password.getId());
            logger.info(String.format("Reset password credentialId: %s", password.getId()));
        }
        if (credentialProvider.createCredential(authenticationFlowContext.getRealm(), authenticationFlowContext.getUser(), str)) {
            logger.info(String.format("Set new password", new Object[0]));
            authenticationFlowContext.success();
        } else {
            authenticationFlowContext.getEvent().event(EventType.REGISTER_ERROR);
            invalidUserCredentials(authenticationFlowContext, user);
        }
    }

    public boolean requiresUser() {
        return true;
    }

    public PasswordCredentialProvider getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, "keycloak-password");
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED};
    }
}
