package kr.co.dozn.auth.user.authenticators;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.managers.AppAuthManager;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:kr/co/dozn/auth/user/authenticators/UserCredentialValidation.class */
public class UserCredentialValidation extends BaseDirectGrantAuthenticator {
    public static final String PROVIDER_ID = "user-credential";
    public static final String CONF_TOKEN_CLAIM_NAME = "token_claim_name";
    public static final String CONF_CREDENTIAL_TYPE = "credential_type";
    public static final String CONF_CREDENTIAL_REQUIRED = "credential_required";
    public static final String CONF_TOKEN_CLAIM_JSON_TYPE = "token_claim_json_type";
    public static final String CONF_CREDENTIAL_DATA_ID = "credential_data_id";
    private static final Logger logger = Logger.getLogger(UserCredentialValidation.class);

    public UserCredentialValidation() {
        super(PROVIDER_ID, "[Dozn] User Credential Validation", "Validates user credential with token claim");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        Map otherClaims;
        AuthenticationManager.AuthResult authenticate = new AppAuthManager.BearerTokenAuthenticator(authenticationFlowContext.getSession()).authenticate();
        if (authenticate == null || !authenticate.getToken().isActive()) {
            invalidNotFoundUserSession(authenticationFlowContext);
            return;
        }
        Map config = authenticationFlowContext.getAuthenticatorConfig().getConfig();
        String str = (String) config.get(CONF_TOKEN_CLAIM_NAME);
        String str2 = (String) config.get(CONF_CREDENTIAL_TYPE);
        if (!Validation.isEmpty(str) && ((otherClaims = authenticate.getToken().getOtherClaims()) == null || !otherClaims.containsKey(str))) {
            logger.info(String.format("No token claim %s", str));
            invalidUserCredentials(authenticationFlowContext, authenticationFlowContext.getUser(), "No token claim");
            return;
        }
        if (!Validation.isEmpty(str2)) {
            Optional findFirst = authenticationFlowContext.getUser().credentialManager().getStoredCredentialsByTypeStream(str2).map((v0) -> {
                return v0.getCredentialData();
            }).findFirst();
            if (!findFirst.isPresent()) {
                logger.info(String.format("No user credential %s", str2));
                invalidUserCredentials(authenticationFlowContext, authenticationFlowContext.getUser(), "No user credential");
                return;
            }
            authenticationFlowContext.getAuthenticationSession().setUserSessionNote(str2, (String) findFirst.get());
        }
        authenticationFlowContext.success();
    }

    public boolean requiresUser() {
        return true;
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public boolean isConfigurable() {
        return true;
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public List<ProviderConfigProperty> getConfigProperties() {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setType("String");
        providerConfigProperty.setName(CONF_TOKEN_CLAIM_NAME);
        providerConfigProperty.setLabel("Token claim name");
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setType("String");
        providerConfigProperty2.setName(CONF_CREDENTIAL_TYPE);
        providerConfigProperty2.setLabel("Credential type");
        ProviderConfigProperty providerConfigProperty3 = new ProviderConfigProperty();
        providerConfigProperty3.setType("boolean");
        providerConfigProperty3.setName(CONF_CREDENTIAL_REQUIRED);
        providerConfigProperty3.setLabel("Credential required");
        return Arrays.asList(providerConfigProperty, providerConfigProperty2, providerConfigProperty3);
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED};
    }
}
