package org.keycloak.authentication.residence.authenticators;

import java.util.Optional;
import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator;
import net.interus.keycloak.phone.authenticators.PhoneNumberFormKeys;
import net.interus.keycloak.tokencode.exception.ValidatingFailure;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.CredentialValidator;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.authentication.residence.credentials.ComplexAdminCredentialModel;
import org.keycloak.authentication.residence.credentials.ComplexAdminCredentialProvider;
import org.keycloak.authentication.residence.credentials.ComplexAdminCredentialProviderFactory;
import org.keycloak.authentication.residence.integrated.APTComplexAdminVerifier;
import org.keycloak.authentication.user.authenticators.UserCredentialValidation;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/residence/authenticators/ComplexAdminOtpValidation.class */
public class ComplexAdminOtpValidation extends BaseDirectGrantAuthenticator implements CredentialValidator<ComplexAdminCredentialProvider> {
    public static final String PROVIDER_ID = "complex-admin-otp";
    protected static final Logger logger = Logger.getLogger(ComplexAdminOtpValidation.class);

    public ComplexAdminOtpValidation() {
        super(PROVIDER_ID, "[Dozn] Complex Admin OTP validation", "Validates the complex admin by The API of Dozn");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN).detail("identity_provider", PROVIDER_ID).detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, getType(authenticationFlowContext.getSession()));
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidNotFoundUser(authenticationFlowContext);
            return;
        }
        if (!user.isEnabled()) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUser(authenticationFlowContext, user, "User is now allowed");
            return;
        }
        String disabledByBruteForceEventError = AuthenticatorUtils.getDisabledByBruteForceEventError(authenticationFlowContext.getProtector(), authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user);
        if (disabledByBruteForceEventError != null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserWithGrantFailures(authenticationFlowContext, user, disabledByBruteForceEventError);
            return;
        }
        String verifiedPhoneNumber = UserPhoneNumberAttributes.getVerifiedPhoneNumber(user);
        logger.info(String.format("ComplexAdmin OTP authenticate phoneNumber %s username %s", verifiedPhoneNumber, user.getUsername()));
        if (Validation.isBlank(verifiedPhoneNumber)) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Must have verified phone number");
            return;
        }
        authenticationFlowContext.getEvent().detail("username", verifiedPhoneNumber);
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, verifiedPhoneNumber);
        Optional<String> retrieve = retrieve(authenticationFlowContext, PhoneNumberFormKeys.FORM_OTP_CODE);
        if (!retrieve.isPresent()) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid parameter: code");
            return;
        }
        try {
            ComplexAdminCredentialModel verify = new APTComplexAdminVerifier().verify(verifiedPhoneNumber, retrieve.get());
            if (verify == null) {
                authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
                invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user);
            } else {
                apply(authenticationFlowContext.getSession(), verify, user);
                resetUserLoginFailures(authenticationFlowContext, user);
                authenticationFlowContext.success();
            }
        } catch (ValidatingFailure e) {
            e.printStackTrace();
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user);
        }
    }

    public void apply(KeycloakSession keycloakSession, ComplexAdminCredentialModel complexAdminCredentialModel, UserModel userModel) {
        keycloakSession.getContext().getAuthenticationSession().setUserSessionNote("complex-admin-name", complexAdminCredentialModel.getCredentialData());
        Optional findFirst = userModel.credentialManager().getStoredCredentialsByTypeStream(getType(keycloakSession)).findFirst();
        if (!findFirst.isPresent()) {
            userModel.credentialManager().createStoredCredential(complexAdminCredentialModel);
            logger.info(String.format("Credential created", new Object[0]));
            return;
        }
        logger.info(String.format("Credential Model %s", ((CredentialModel) findFirst.get()).getCredentialData()));
        CredentialModel credentialModel = (CredentialModel) findFirst.get();
        credentialModel.setCredentialData(complexAdminCredentialModel.getCredentialData());
        userModel.credentialManager().updateStoredCredential(ComplexAdminCredentialModel.createFromModel(credentialModel));
        logger.info(String.format("Credential updated", new Object[0]));
    }

    /* renamed from: getCredentialProvider, reason: merged with bridge method [inline-methods] */
    public ComplexAdminCredentialProvider m37getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, ComplexAdminCredentialProviderFactory.PROVIDER_ID);
    }

    public boolean requiresUser() {
        return true;
    }
}
