package org.keycloak.authentication.residence.authenticators;

import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.authenticators.util.AcrStore;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.validation.Validation;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/authentication/residence/authenticators/CookieRefreshForm.class */
public class CookieRefreshForm implements Authenticator {
    protected static final Logger logger = Logger.getLogger(CookieRefreshForm.class);

    public boolean requiresUser() {
        return false;
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        AuthenticationManager.AuthResult authenticateIdentityCookie = AuthenticationManager.authenticateIdentityCookie(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), true);
        if (authenticateIdentityCookie == null) {
            authenticationFlowContext.attempted();
            return;
        }
        AuthenticationSessionModel authenticationSession = authenticationFlowContext.getAuthenticationSession();
        authenticationSession.setAuthNote("loa-map", authenticateIdentityCookie.getSession().getNote("loa-map"));
        AcrStore acrStore = new AcrStore(authenticationSession);
        UserModel user = authenticateIdentityCookie.getUser();
        UserSessionModel session = authenticateIdentityCookie.getSession();
        if (authenticationFlowContext.getSession().getProvider(LoginProtocol.class, authenticationSession.getProtocol()).requireReauthentication(session, authenticationSession)) {
            logger.info("Full re-authentication, so we start with no loa");
            acrStore.setLevelAuthenticatedToCurrentRequest(-1);
        } else {
            int highestAuthenticatedLevelFromPreviousAuthentication = acrStore.getHighestAuthenticatedLevelFromPreviousAuthentication();
            if (acrStore.getRequestedLevelOfAuthentication() > highestAuthenticatedLevelFromPreviousAuthentication) {
                logger.info("The cookie alone is not enough and other authentications must follow");
                acrStore.setLevelAuthenticatedToCurrentRequest(highestAuthenticatedLevelFromPreviousAuthentication);
            } else {
                String verifiedPhoneNumber = UserPhoneNumberAttributes.getVerifiedPhoneNumber(user);
                String str = (String) authenticationFlowContext.getUriInfo().getQueryParameters().getFirst("phoneNumber");
                if (!Validation.isBlank(verifiedPhoneNumber) && !Validation.isBlank(str) && verifiedPhoneNumber.contentEquals(str)) {
                    logger.info("Cookie only authentication");
                    acrStore.setLevelAuthenticatedToCurrentRequest(highestAuthenticatedLevelFromPreviousAuthentication);
                    authenticationSession.setAuthNote("SSO_AUTH", "true");
                    authenticationFlowContext.setUser(authenticateIdentityCookie.getUser());
                    authenticationFlowContext.attachUserSession(session);
                    authenticationFlowContext.success();
                    return;
                }
            }
        }
        logger.info("logout start");
        logger.info("logout end");
        authenticationFlowContext.getSession().sessions().removeUserSession(authenticationFlowContext.getRealm(), session);
        authenticationFlowContext.getSession().sessions().removeOfflineUserSession(authenticationFlowContext.getRealm(), session);
        authenticationFlowContext.attachUserSession((UserSessionModel) null);
        authenticationFlowContext.clearUser();
        authenticationFlowContext.attempted();
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void close() {
    }
}
