package org.keycloak.authentication.residence.authenticators;

import java.io.IOException;
import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import net.interus.keycloak.tokencode.TokenCodeService;
import net.interus.keycloak.tokencode.TokenCodeType;
import net.interus.keycloak.tokencode.exception.ValidatingFailure;
import net.interus.keycloak.tokencode.jpa.representations.TokenCodeRepresentation;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.authentication.residence.credentials.ResidenceCredentialModel;
import org.keycloak.authentication.residence.credentials.data.ResidenceSecretOtpData;
import org.keycloak.authentication.user.authenticators.UserCredentialValidation;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.services.validation.Validation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authentication/residence/authenticators/ResidenceOtpValidation.class */
public class ResidenceOtpValidation extends AbstractResidenceDirectGrantAuthenticator implements TokenCodeService.OnUserConfirmedListener {
    public static final String PROVIDER_ID = "resident-otp";

    public ResidenceOtpValidation() {
        super(PROVIDER_ID, "[Dozn] Residence member OTP validation", "Validates the residence member by The API of Dozn");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN).detail("identity_provider", PROVIDER_ID).detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, getType(authenticationFlowContext.getSession()));
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidNotFoundUser(authenticationFlowContext);
            return;
        }
        String verifiedPhoneNumber = UserPhoneNumberAttributes.getVerifiedPhoneNumber(user);
        logger.info(String.format("Residence OTP authenticate phoneNumber %s username %s", verifiedPhoneNumber, user.getUsername()));
        if (Validation.isBlank(verifiedPhoneNumber)) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Must have verified phone number");
            return;
        }
        authenticationFlowContext.getEvent().detail("username", verifiedPhoneNumber);
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, verifiedPhoneNumber);
        String retrieveOtpCode = retrieveOtpCode(authenticationFlowContext);
        if (Validation.isBlank(retrieveOtpCode)) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Must have verified code");
            return;
        }
        String disabledByBruteForceEventError = AuthenticatorUtils.getDisabledByBruteForceEventError(authenticationFlowContext.getProtector(), authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user);
        if (disabledByBruteForceEventError != null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserWithGrantFailures(authenticationFlowContext, user, disabledByBruteForceEventError);
            return;
        }
        ResidenceSecretOtpData.ResidenceSecretOtpDataBuilder code = ResidenceSecretOtpData.builder().phoneNumber(verifiedPhoneNumber).code(retrieveOtpCode);
        TokenCodeService provider = authenticationFlowContext.getSession().getProvider(TokenCodeService.class);
        provider.setOnUserConfirmedListener(this);
        try {
            if (provider.validateCode(verifiedPhoneNumber, retrieveOtpCode, TokenCodeType.OTP, getType(authenticationFlowContext.getSession()), JsonSerialization.writeValueAsString(code.build()), user)) {
                resetUserLoginFailures(authenticationFlowContext, user);
                authenticationFlowContext.success();
            } else {
                authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
                invalidUserCredentials(authenticationFlowContext, user);
            }
        } catch (ValidatingFailure e) {
            e.printStackTrace();
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user);
        } catch (IOException e2) {
            e2.printStackTrace();
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user);
        }
    }

    public void onUserConfirmed(KeycloakSession keycloakSession, TokenCodeRepresentation tokenCodeRepresentation, UserModel userModel) {
        apply(keycloakSession, new ResidenceCredentialModel(tokenCodeRepresentation.getCredentialData()), userModel);
    }

    public boolean requiresUser() {
        return true;
    }
}
