package org.keycloak.authentication.user.authenticators;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.AbstractFormAuthenticator;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.authentication.user.UserConsentManager;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;

/* loaded from: input_file:org/keycloak/authentication/user/authenticators/ConsentFormRegistration.class */
public class ConsentFormRegistration extends AbstractFormAuthenticator implements AuthenticatorFactory {
    public static final String PROVIDER_ID = "consent-form-register";
    public static final String CONF_FORM_PARAMETER_NAME = "form_parameter_name";
    public static final String CONF_CONSENT_SCOPE_NAME = "consent_scope_name";
    public static final String CONF_CONSENT_REQUIRED = "consent_required";
    private static final Logger logger = Logger.getLogger(ConsentFormRegistration.class);

    public String getId() {
        return PROVIDER_ID;
    }

    public String getDisplayType() {
        return "[Dozn] Consent URI registration";
    }

    public String getReferenceCategory() {
        return null;
    }

    public String getHelpText() {
        return "Register consent supplied in direct grant request";
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public Authenticator m60create(KeycloakSession keycloakSession) {
        return new ConsentFormRegistration();
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        validate(authenticationFlowContext);
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        validate(authenticationFlowContext);
    }

    public void validate(AuthenticationFlowContext authenticationFlowContext) {
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            authenticationFlowContext.failure(AuthenticationFlowError.INVALID_CREDENTIALS);
            return;
        }
        Map config = authenticationFlowContext.getAuthenticatorConfig().getConfig();
        String str = (String) config.get("form_parameter_name");
        String str2 = (String) config.get("consent_scope_name");
        boolean booleanValue = Boolean.valueOf((String) config.get("consent_required")).booleanValue();
        Optional<String> retrieveUriQuery = retrieveUriQuery(authenticationFlowContext, str);
        if (booleanValue) {
            if (retrieveUriQuery.isPresent() && !Boolean.parseBoolean(retrieveUriQuery.get())) {
                authenticationFlowContext.failure(AuthenticationFlowError.INVALID_CREDENTIALS);
                return;
            } else if (!retrieveUriQuery.isPresent() && !UserConsentManager.hasConsentScopeGranted(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user.getId(), str2)) {
                authenticationFlowContext.failure(AuthenticationFlowError.INVALID_CREDENTIALS);
                return;
            }
        }
        if (retrieveUriQuery.isPresent()) {
            if (Boolean.parseBoolean(retrieveUriQuery.get())) {
                UserConsentManager.upsertUserConsent(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user.getId(), str2);
                logger.info(String.format("upsertUserConsent realm: %s, clientId: %s, userId: %s", authenticationFlowContext.getRealm().getName(), authenticationFlowContext.getSession().getContext().getClient().getId(), user.getId()));
            } else {
                logger.info(String.format("revokeUserConsent realm: %s, clientId: %s, userId: %s, revoked: %s", authenticationFlowContext.getRealm().getName(), authenticationFlowContext.getSession().getContext().getClient().getId(), user.getId(), Boolean.valueOf(UserConsentManager.revokeUserConsent(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user.getId(), str2))));
            }
        }
        authenticationFlowContext.success();
    }

    protected Optional<String> retrieveUriQuery(AuthenticationFlowContext authenticationFlowContext, String str) {
        MultivaluedMap queryParameters = authenticationFlowContext.getUriInfo().getQueryParameters();
        if (queryParameters.getFirst(str) == null) {
            return Optional.empty();
        }
        authenticationFlowContext.getEvent().detail(str, (String) queryParameters.getFirst(str));
        return Optional.of((String) queryParameters.getFirst(str));
    }

    public boolean requiresUser() {
        return true;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void close() {
    }

    public boolean isConfigurable() {
        return true;
    }

    public boolean isUserSetupAllowed() {
        return true;
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setType("String");
        providerConfigProperty.setName("form_parameter_name");
        providerConfigProperty.setLabel("Form parameter name");
        providerConfigProperty.setHelpText("Name of the form parameter");
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setType("String");
        providerConfigProperty2.setName("consent_scope_name");
        providerConfigProperty2.setLabel("Consent scope name");
        providerConfigProperty2.setHelpText("Name of the consent to check");
        ProviderConfigProperty providerConfigProperty3 = new ProviderConfigProperty();
        providerConfigProperty3.setType("boolean");
        providerConfigProperty3.setName("consent_required");
        providerConfigProperty3.setLabel("Consent required");
        providerConfigProperty3.setHelpText("Apply a not to the check required");
        return Arrays.asList(providerConfigProperty, providerConfigProperty2, providerConfigProperty3);
    }

    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED};
    }
}
