package org.keycloak.authentication.residence.authenticators;

import java.util.Optional;
import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import net.interus.keycloak.tokencode.exception.ValidatingFailure;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.authentication.residence.credentials.ResidenceCredentialModel;
import org.keycloak.authentication.residence.integrated.APTOccupantPayerMemberPhoneNumberVerifier;
import org.keycloak.authentication.user.authenticators.UserCredentialValidation;
import org.keycloak.events.EventType;
import org.keycloak.models.UserModel;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/residence/authenticators/ResidenceDirectValidation.class */
public class ResidenceDirectValidation extends AbstractResidenceDirectGrantAuthenticator {
    public static final String PROVIDER_ID = "resident-direct";

    public ResidenceDirectValidation() {
        super(PROVIDER_ID, "[Dozn] Residence member Direct validation", "Validates the residence member by The API of Dozn");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN).detail("identity_provider", PROVIDER_ID).detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, getType(authenticationFlowContext.getSession()));
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidNotFoundUser(authenticationFlowContext);
            return;
        }
        String verifiedPhoneNumber = UserPhoneNumberAttributes.getVerifiedPhoneNumber(user);
        logger.info(String.format("Residence OTP authenticate phoneNumber %s username %s", verifiedPhoneNumber, user.getUsername()));
        if (Validation.isBlank(verifiedPhoneNumber)) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid parameter: phoneNumber");
            return;
        }
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, verifiedPhoneNumber);
        Optional<String> retrieve = retrieve(authenticationFlowContext, "complexCode");
        if (!retrieve.isPresent()) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid parameter: complexCode");
            return;
        }
        Optional<String> retrieve2 = retrieve(authenticationFlowContext, "buildingNo");
        if (!retrieve2.isPresent()) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid parameter: buildingNo");
            return;
        }
        Optional<String> retrieve3 = retrieve(authenticationFlowContext, "unitNo");
        if (!retrieve3.isPresent()) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid parameter: unitNo");
            return;
        }
        logger.info(String.format("Set parameters complexCode: %s, buildingNoOptional: %s, unitNoOptional: %s", retrieve.orElse("no complexCode"), retrieve2.orElse("no buildingNo"), retrieve3.orElse("no unitNo")));
        String disabledByBruteForceEventError = AuthenticatorUtils.getDisabledByBruteForceEventError(authenticationFlowContext.getProtector(), authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user);
        if (disabledByBruteForceEventError != null) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserWithGrantFailures(authenticationFlowContext, user, disabledByBruteForceEventError);
            return;
        }
        try {
            ResidenceCredentialModel verify = new APTOccupantPayerMemberPhoneNumberVerifier().verify(retrieve.get(), retrieve2.get(), retrieve3.get(), verifiedPhoneNumber);
            if (verify == null) {
                authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
                invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user);
            } else {
                apply(authenticationFlowContext.getSession(), verify, user);
                resetUserLoginFailures(authenticationFlowContext, user);
                authenticationFlowContext.success();
            }
        } catch (ValidatingFailure e) {
            e.printStackTrace();
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user);
        }
    }

    public boolean requiresUser() {
        return true;
    }
}
