package org.keycloak.authentication.residence.authenticators;

import java.util.Optional;
import net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.CredentialValidator;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.authentication.residence.credentials.ComplexAdminNameCredentialInputModel;
import org.keycloak.authentication.residence.credentials.ComplexAdminNameCredentialModel;
import org.keycloak.authentication.residence.credentials.ComplexAdminTemporaryCredentialProvider;
import org.keycloak.authentication.user.authenticators.UserCredentialValidation;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/residence/authenticators/ComplexAdminNameValidation.class */
public class ComplexAdminNameValidation extends BaseDirectGrantAuthenticator implements CredentialValidator<ComplexAdminTemporaryCredentialProvider> {
    public static final String PROVIDER_ID = "complex-admin-name";
    protected static final Logger logger = Logger.getLogger(ComplexAdminNameValidation.class);

    public ComplexAdminNameValidation() {
        super("complex-admin-name", "[Dozn] Complex admin name validation", "Validates the complex admin temporary by name");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN).detail("identity_provider", "complex-admin-name").detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, getType(authenticationFlowContext.getSession()));
        String retrievePhoneNumber = retrievePhoneNumber(authenticationFlowContext);
        if (Validation.isBlank(retrievePhoneNumber)) {
            authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid: phoneNumber");
            return;
        }
        authenticationFlowContext.getEvent().detail("username", retrievePhoneNumber);
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, retrievePhoneNumber);
        UserModel user = authenticationFlowContext.getUser();
        try {
            UserModel findUserByNameOrEmail = KeycloakModelUtils.findUserByNameOrEmail(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), retrievePhoneNumber);
            if (user == null) {
                user = findUserByNameOrEmail;
            } else if (findUserByNameOrEmail != null && !user.getId().contentEquals(findUserByNameOrEmail.getId())) {
                invalidUser(authenticationFlowContext, user, "Mismatch phone number");
                return;
            }
            if (user == null) {
                user = authenticationFlowContext.getSession().users().addUser(authenticationFlowContext.getRealm(), retrievePhoneNumber);
                authenticationFlowContext.getAuthenticationSession().setClientNote("login_hint", retrievePhoneNumber);
            }
            String disabledByBruteForceEventError = AuthenticatorUtils.getDisabledByBruteForceEventError(authenticationFlowContext.getProtector(), authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user);
            if (disabledByBruteForceEventError != null) {
                invalidUserWithGrantFailures(authenticationFlowContext, user, disabledByBruteForceEventError);
                return;
            }
            Optional<String> retrieve = retrieve(authenticationFlowContext, "complexCode");
            if (!retrieve.isPresent()) {
                authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
                invalidRequest(authenticationFlowContext, "Invalid parameter: complexCode");
                return;
            }
            logger.info(String.format("Set parameters complexCode: %s", retrieve.orElse("no complexCode")));
            String str = retrieve.get();
            Optional<String> retrieve2 = retrieve(authenticationFlowContext, "name");
            if (!retrieve2.isPresent()) {
                authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
                invalidRequest(authenticationFlowContext, "Invalid parameter: holderName");
                return;
            }
            logger.info(String.format("Set parameters holder name: %s", retrieve2.orElse("no name")));
            if (user.credentialManager().isValid(new CredentialInput[]{new ComplexAdminNameCredentialInputModel(str, retrieve2.get())})) {
                apply(authenticationFlowContext.getSession(), user, (ComplexAdminNameCredentialModel) m29getCredentialProvider(authenticationFlowContext.getSession()).getDefaultCredential(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user));
                resetUserLoginFailures(authenticationFlowContext, user);
                authenticationFlowContext.success();
            } else {
                authenticationFlowContext.getEvent().user(user).error("invalid_user_credentials");
                authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR);
                invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user, "잘못된 접근입니다.\n고객센터(1600-7495)로 문의해주세요.");
            }
        } catch (ModelDuplicateException e) {
            ServicesLogger.LOGGER.modelDuplicateException(e);
            invalidNotFoundUser(authenticationFlowContext);
        }
    }

    public void apply(KeycloakSession keycloakSession, UserModel userModel, CredentialModel credentialModel) {
        logger.info(String.format("Apply %s %s", userModel.getUsername(), credentialModel));
        if (credentialModel == null || credentialModel.getCredentialData() == null) {
            return;
        }
        keycloakSession.getContext().getAuthenticationSession().setUserSessionNote("complex-admin-temporary", credentialModel.getCredentialData());
    }

    public boolean requiresUser() {
        return false;
    }

    /* renamed from: getCredentialProvider, reason: merged with bridge method [inline-methods] */
    public ComplexAdminTemporaryCredentialProvider m29getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, "complex-admin-temporary");
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.CONDITIONAL, AuthenticationExecutionModel.Requirement.DISABLED};
    }
}
