package org.keycloak.authentication.bankaccount.authenticators;

import java.io.IOException;
import java.util.Optional;
import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator;
import net.interus.keycloak.tokencode.TokenCodeService;
import net.interus.keycloak.tokencode.TokenCodeType;
import net.interus.keycloak.tokencode.exception.ValidatingFailure;
import net.interus.keycloak.tokencode.jpa.representations.TokenCodeRepresentation;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.CredentialValidator;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.authentication.bankaccount.credentials.BankAccountCredentialModel;
import org.keycloak.authentication.bankaccount.credentials.BankAccountCredentialProvider;
import org.keycloak.authentication.bankaccount.credentials.BankAccountCredentialProviderFactory;
import org.keycloak.authentication.bankaccount.credentials.data.BankAccountArsSecretData;
import org.keycloak.authentication.bankaccount.integrated.FirmBankingBankAccountArsTokenCodeDelegator;
import org.keycloak.authentication.residence.authenticators.AbstractUsernameFormAuthenticator;
import org.keycloak.authentication.user.authenticators.UserCredentialValidation;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.services.validation.Validation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authentication/bankaccount/authenticators/BankAccountArsValidation.class */
public class BankAccountArsValidation extends BaseDirectGrantAuthenticator implements CredentialValidator<BankAccountCredentialProvider>, TokenCodeService.OnUserConfirmedListener {
    public static final String PROVIDER_ID = "bank-account-ars";
    private static final Logger logger = Logger.getLogger(BankAccountArsValidation.class);

    public BankAccountArsValidation() {
        super(PROVIDER_ID, "[Dozn] Bank account ARS validation", "Validates the holding of bank account by a phone ars");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN).detail("identity_provider", PROVIDER_ID).detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, getType(authenticationFlowContext.getSession()));
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidNotFoundUser(authenticationFlowContext);
            return;
        }
        String verifiedPhoneNumber = UserPhoneNumberAttributes.getVerifiedPhoneNumber(user);
        if (Validation.isBlank(verifiedPhoneNumber)) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Must have verified phone number");
            return;
        }
        if (!isValidDigitsPhoneNumber(verifiedPhoneNumber)) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid parameter: phoneNumber");
            return;
        }
        authenticationFlowContext.getEvent().detail("username", verifiedPhoneNumber);
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, verifiedPhoneNumber);
        String disabledByBruteForceEventError = AuthenticatorUtils.getDisabledByBruteForceEventError(authenticationFlowContext.getProtector(), authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user);
        if (disabledByBruteForceEventError != null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserWithGrantFailures(authenticationFlowContext, user, disabledByBruteForceEventError);
            return;
        }
        BankAccountArsSecretData.BankAccountArsSecretDataBuilder builder = BankAccountArsSecretData.builder();
        TokenCodeService provider = authenticationFlowContext.getSession().getProvider(TokenCodeService.class);
        provider.setOnUserConfirmedListener(this);
        try {
            if (provider.validateCode(verifiedPhoneNumber, "no_code", TokenCodeType.OTP, getType(authenticationFlowContext.getSession()), JsonSerialization.writeValueAsString(builder.build()), user, new FirmBankingBankAccountArsTokenCodeDelegator())) {
                resetUserLoginFailures(authenticationFlowContext, user);
                authenticationFlowContext.success();
            } else {
                logger.info(String.format("Bank Account ARS is not valid", new Object[0]));
                authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
                invalidUserCredentialsWithGrantFailures(authenticationFlowContext, authenticationFlowContext.getUser());
            }
        } catch (IOException e) {
            e.printStackTrace();
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserCredentialsWithGrantFailures(authenticationFlowContext, authenticationFlowContext.getUser());
        } catch (ValidatingFailure e2) {
            e2.printStackTrace();
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserCredentialsWithGrantFailures(authenticationFlowContext, authenticationFlowContext.getUser());
        }
    }

    public void onUserConfirmed(KeycloakSession keycloakSession, TokenCodeRepresentation tokenCodeRepresentation, UserModel userModel) {
        logger.info(String.format("onUserConfirmed %s %s %s", tokenCodeRepresentation.getUri(), tokenCodeRepresentation.getCredentialData(), userModel.getUsername()));
        if (tokenCodeRepresentation.getCredentialData() == null) {
            return;
        }
        keycloakSession.getContext().getAuthenticationSession().setUserSessionNote(BankAccountCredentialModel.TYPE, tokenCodeRepresentation.getCredentialData());
        Optional findFirst = userModel.credentialManager().getStoredCredentialsByTypeStream(getType(keycloakSession)).findFirst();
        if (!findFirst.isPresent()) {
            userModel.credentialManager().createStoredCredential(BankAccountCredentialModel.createFromData(tokenCodeRepresentation.getCredentialData()));
            logger.info(String.format("Credential added", new Object[0]));
            return;
        }
        logger.info(String.format("Credential Model %s", ((CredentialModel) findFirst.get()).getCredentialData()));
        CredentialModel credentialModel = (CredentialModel) findFirst.get();
        credentialModel.setCredentialData(tokenCodeRepresentation.getCredentialData());
        userModel.credentialManager().updateStoredCredential(BankAccountCredentialModel.createFromModel(credentialModel));
        logger.info(String.format("Credential Updated", new Object[0]));
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED};
    }

    public boolean requiresUser() {
        return true;
    }

    /* renamed from: getCredentialProvider, reason: merged with bridge method [inline-methods] */
    public BankAccountCredentialProvider m9getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, BankAccountCredentialProviderFactory.PROVIDER_ID);
    }
}
