package net.interus.keycloak.phone.authenticators;

import com.fasterxml.jackson.core.JsonProcessingException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import net.interus.keycloak.phone.credentials.PhoneNumberCredentialModel;
import net.interus.keycloak.phone.credentials.PhoneNumberCredentialProvider;
import net.interus.keycloak.phone.credentials.PhoneNumberCredentialProviderFactory;
import net.interus.keycloak.phone.credentials.data.PhoneNumberOtpCredentialData;
import net.interus.keycloak.phone.credentials.data.PhoneNumberOtpSecretData;
import net.interus.keycloak.tokencode.TokenCodeService;
import net.interus.keycloak.tokencode.TokenCodeType;
import net.interus.keycloak.tokencode.exception.ValidatingFailure;
import net.interus.keycloak.tokencode.jpa.representations.TokenCodeRepresentation;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.CredentialValidator;
import org.keycloak.authentication.authenticators.util.AuthenticatorUtils;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.validation.Validation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:net/interus/keycloak/phone/authenticators/PhoneNumberOtpValidation.class */
public class PhoneNumberOtpValidation extends BaseDirectGrantAuthenticator implements CredentialValidator<PhoneNumberCredentialProvider>, TokenCodeService.OnUserConfirmedListener {
    public static final String PROVIDER_ID = "phone-number-otp";
    public static final String MAX_AGE = "phone.number.max.age";
    private static final Logger logger = Logger.getLogger(PhoneNumberOtpValidation.class);
    private static final List<ProviderConfigProperty> configProperties = new ArrayList();

    public PhoneNumberOtpValidation() {
        super(PROVIDER_ID, "[Dozn] Phone number OTP validation", "Validates the national number by a phone otp");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN).detail("identity_provider", PROVIDER_ID).detail("credential_type", getType(authenticationFlowContext.getSession()));
        String retrievePhoneNumber = retrievePhoneNumber(authenticationFlowContext);
        if (Validation.isBlank(retrievePhoneNumber)) {
            invalidRequest(authenticationFlowContext, "Missing parameter: phoneNumber");
            return;
        }
        if (!isValidDigitsPhoneNumber(retrievePhoneNumber)) {
            invalidRequest(authenticationFlowContext, "Invalid parameter: phoneNumber");
            return;
        }
        authenticationFlowContext.getEvent().detail("username", retrievePhoneNumber);
        authenticationFlowContext.getAuthenticationSession().setAuthNote("ATTEMPTED_USERNAME", retrievePhoneNumber);
        String retrieveOtpCode = retrieveOtpCode(authenticationFlowContext);
        if (Validation.isBlank(retrieveOtpCode)) {
            invalidRequest(authenticationFlowContext, "Missing parameter: code");
            return;
        }
        Optional<String> retrieve = retrieve(authenticationFlowContext, "ticket");
        logger.info(String.format("Set parameters ticket name: %s", retrieve.orElse("no ticket")));
        String orElse = retrieve.orElse(null);
        UserModel user = authenticationFlowContext.getUser();
        try {
            UserModel findUserByNameOrEmail = KeycloakModelUtils.findUserByNameOrEmail(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), retrievePhoneNumber);
            if (user == null) {
                user = findUserByNameOrEmail;
            } else if (findUserByNameOrEmail != null && !user.getId().contentEquals(findUserByNameOrEmail.getId())) {
                invalidUser(authenticationFlowContext, user, "Mismatch phone number");
                return;
            }
            if (user == null) {
                user = authenticationFlowContext.getSession().users().addUser(authenticationFlowContext.getRealm(), retrievePhoneNumber);
                authenticationFlowContext.getAuthenticationSession().setClientNote("login_hint", retrievePhoneNumber);
            }
            String disabledByBruteForceEventError = AuthenticatorUtils.getDisabledByBruteForceEventError(authenticationFlowContext.getProtector(), authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user);
            if (disabledByBruteForceEventError != null) {
                invalidUserWithGrantFailures(authenticationFlowContext, user, disabledByBruteForceEventError);
                return;
            }
            PhoneNumberOtpSecretData.PhoneNumberOtpSecretDataBuilder code = PhoneNumberOtpSecretData.builder().phoneNumber(retrievePhoneNumber).code(retrieveOtpCode);
            TokenCodeService provider = authenticationFlowContext.getSession().getProvider(TokenCodeService.class);
            provider.setOnUserConfirmedListener(this);
            try {
                if (!provider.validateCode(PhoneNumberCredentialModel.getUri(retrievePhoneNumber, orElse), retrieveOtpCode, TokenCodeType.OTP, PhoneNumberCredentialModel.TYPE, JsonSerialization.writeValueAsString(code.build()), user)) {
                    logger.info(String.format("Phone Number OTP is not valid", new Object[0]));
                    invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user, "잘못된 링크입니다.\n고객센터(1600-7495)로 문의해주세요.");
                } else {
                    resetUserLoginFailures(authenticationFlowContext, user);
                    authenticationFlowContext.setUser(user);
                    authenticationFlowContext.getEvent().success();
                    authenticationFlowContext.success();
                }
            } catch (ValidatingFailure e) {
                e.printStackTrace();
                invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user, "잘못된 링크입니다.\n고객센터(1600-7495)로 문의해주세요.");
            } catch (IOException e2) {
                e2.printStackTrace();
                invalidUserCredentialsWithGrantFailures(authenticationFlowContext, user, "서버에 문제가 발생했습니다.\n잠시후 다시 시도해주세요.");
            }
        } catch (ModelDuplicateException e3) {
            ServicesLogger.LOGGER.modelDuplicateException(e3);
            invalidNotFoundUser(authenticationFlowContext);
        }
    }

    public void onUserConfirmed(KeycloakSession keycloakSession, TokenCodeRepresentation tokenCodeRepresentation, UserModel userModel) {
        logger.info(String.format("onUserConfirmed %s %s %s", tokenCodeRepresentation.getUri(), tokenCodeRepresentation.getCredentialData(), userModel.getUsername()));
        if (tokenCodeRepresentation.getCredentialData() == null) {
            return;
        }
        try {
            PhoneNumberOtpCredentialData valueOf = PhoneNumberOtpCredentialData.valueOf(tokenCodeRepresentation.getCredentialData());
            if (valueOf == null) {
                return;
            }
            keycloakSession.getContext().getAuthenticationSession().setUserSessionNote(PhoneNumberCredentialModel.TYPE, tokenCodeRepresentation.getCredentialData());
            UserPhoneNumberAttributes.setPhoneNumberAttributesOnly(keycloakSession, keycloakSession.getContext().getRealm(), userModel, valueOf.getPhoneNumber());
            userModel.setEnabled(true);
            Optional findFirst = userModel.credentialManager().getStoredCredentialsByTypeStream(getType(keycloakSession)).findFirst();
            if (!findFirst.isPresent()) {
                userModel.credentialManager().createStoredCredential(PhoneNumberCredentialModel.createFromData(tokenCodeRepresentation.getCredentialData()));
                logger.info(String.format("%s Credential is created", getType(keycloakSession)));
                return;
            }
            logger.info(String.format("Credential Model %s", ((CredentialModel) findFirst.get()).getCredentialData()));
            CredentialModel credentialModel = (CredentialModel) findFirst.get();
            credentialModel.setCredentialData(tokenCodeRepresentation.getCredentialData());
            userModel.credentialManager().updateStoredCredential(PhoneNumberCredentialModel.createFromModel(credentialModel));
            logger.info(String.format("%s Credential is updated", getType(keycloakSession)));
        } catch (JsonProcessingException e) {
            e.printStackTrace();
        }
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public List<ProviderConfigProperty> getConfigProperties() {
        return configProperties;
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED};
    }

    public boolean requiresUser() {
        return false;
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return m1getCredentialProvider(keycloakSession).isConfiguredFor(realmModel, userModel, getType(keycloakSession));
    }

    /* renamed from: getCredentialProvider, reason: merged with bridge method [inline-methods] */
    public PhoneNumberCredentialProvider m1getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, PhoneNumberCredentialProviderFactory.PROVIDER_ID);
    }

    static {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName(MAX_AGE);
        providerConfigProperty.setLabel("Phone Number Max Age");
        providerConfigProperty.setType("String");
        providerConfigProperty.setHelpText("Max age in seconds of the Phone Number");
        configProperties.add(providerConfigProperty);
    }
}
