package kr.co.dozn.auth.residence.authenticators;

import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import kr.co.dozn.auth.residence.UserComplexAdminAttributes;
import kr.co.dozn.auth.residence.credentials.ComplexAdminCredentialModel;
import kr.co.dozn.auth.residence.credentials.ComplexAdminCredentialProvider;
import kr.co.dozn.auth.residence.credentials.ComplexAdminCredentialProviderFactory;
import kr.co.dozn.auth.residence.credentials.data.ComplexAdminCredentialOtpData;
import kr.co.dozn.auth.user.authenticators.UserCredentialValidation;
import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import net.interus.keycloak.phone.authenticators.PhoneNumberFormKeys;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.CredentialValidator;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.validation.Validation;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:kr/co/dozn/auth/residence/authenticators/ComplexAdminOtpForm.class */
public class ComplexAdminOtpForm extends AbstractUsernameFormAuthenticator implements Authenticator, CredentialValidator<ComplexAdminCredentialProvider> {
    protected static final Logger logger = Logger.getLogger(ComplexAdminOtpValidation.class);

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        validateOTP(authenticationFlowContext);
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        validateOTP(authenticationFlowContext);
    }

    public void validateOTP(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.IDENTITY_PROVIDER_RETRIEVE_TOKEN).detail("identity_provider", ComplexAdminOtpFormFactory.PROVIDER_ID).detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, getType(authenticationFlowContext.getSession()));
        MultivaluedMap queryParameters = authenticationFlowContext.getUriInfo().getQueryParameters();
        String str = (String) queryParameters.getFirst(PhoneNumberFormKeys.FORM_OTP_CODE);
        if (str == null) {
            authenticationFlowContext.challenge(challenge(authenticationFlowContext, null));
            return;
        }
        String str2 = (String) queryParameters.getFirst("phoneNumber");
        if (Validation.isBlank(str2)) {
            authenticationFlowContext.challenge(challenge(authenticationFlowContext, null));
            return;
        }
        if (!isValidDigitsPhoneNumber(str2)) {
            authenticationFlowContext.challenge(challenge(authenticationFlowContext, null));
            return;
        }
        logger.info(String.format("Validate OTP code:%s phone:%s", str, str2));
        authenticationFlowContext.getEvent().detail("selected_credential_id", ComplexAdminCredentialProviderFactory.PROVIDER_ID);
        UserModel user = authenticationFlowContext.getUser();
        try {
            UserModel findUserByNameOrEmail = KeycloakModelUtils.findUserByNameOrEmail(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), str2);
            if (findUserByNameOrEmail != null) {
                if (user != null && !user.getId().contentEquals(findUserByNameOrEmail.getId())) {
                    authenticationFlowContext.getEvent().error("invalid_user_credentials");
                    authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challenge(authenticationFlowContext, "invalidTotpMessage", "totp"));
                    return;
                }
                user = findUserByNameOrEmail;
            }
            if (user == null) {
                user = authenticationFlowContext.getSession().users().addUser(authenticationFlowContext.getRealm(), str2);
                authenticationFlowContext.getAuthenticationSession().setClientNote("login_hint", str2);
            }
            ComplexAdminCredentialProvider m25getCredentialProvider = m25getCredentialProvider(authenticationFlowContext.getSession());
            boolean isValid = user.credentialManager().isValid(new CredentialInput[]{new UserCredentialModel(ComplexAdminCredentialProviderFactory.PROVIDER_ID, m25getCredentialProvider.getType(), str)});
            logger.info(String.format("valid %s", Boolean.valueOf(isValid)));
            if (!isValid) {
                authenticationFlowContext.getEvent().user(user).error("invalid_user_credentials");
                authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challenge(authenticationFlowContext, "invalidTotpMessage", "totp"));
            } else {
                apply(authenticationFlowContext.getSession(), user, (ComplexAdminCredentialModel) m25getCredentialProvider.getDefaultCredential(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user));
                authenticationFlowContext.setUser(user);
                authenticationFlowContext.success();
            }
        } catch (ModelDuplicateException e) {
            ServicesLogger.LOGGER.modelDuplicateException(e);
            authenticationFlowContext.getEvent().error("invalid_user_credentials");
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, challenge(authenticationFlowContext, "invalidTotpMessage", "totp"));
        }
    }

    public boolean isValidDigitsPhoneNumber(String str) {
        return Pattern.compile("^\\d{10}$|^\\d{11}$").matcher(str).matches();
    }

    public void apply(KeycloakSession keycloakSession, UserModel userModel, ComplexAdminCredentialModel complexAdminCredentialModel) {
        logger.info(String.format("apply %s", complexAdminCredentialModel.getCredentialData()));
        ComplexAdminCredentialOtpData credentialDataObject = complexAdminCredentialModel.getCredentialDataObject();
        if (credentialDataObject == null) {
            return;
        }
        keycloakSession.getContext().getAuthenticationSession().setUserSessionNote(getType(keycloakSession), complexAdminCredentialModel.getCredentialData());
        UserPhoneNumberAttributes.setPhoneNumberAttributesOnly(keycloakSession, keycloakSession.getContext().getRealm(), userModel, credentialDataObject.getPhoneNumber());
        UserComplexAdminAttributes.setComplexAdminAttributes(keycloakSession, keycloakSession.getContext().getRealm(), userModel, credentialDataObject.getOriginalId(), credentialDataObject.getComplexCode());
        keycloakSession.getContext().getClient().getRolesStream().forEach(roleModel -> {
            userModel.grantRole(roleModel);
        });
        userModel.setFirstName(credentialDataObject.getFirstName());
        userModel.setEnabled(true);
        logger.info(String.format("applied", new Object[0]));
    }

    public boolean requiresUser() {
        return false;
    }

    protected void invalidRequest(AuthenticationFlowContext authenticationFlowContext, String str) {
        authenticationFlowContext.getEvent().error("invalid_request");
        authenticationFlowContext.failure(AuthenticationFlowError.INVALID_USER, errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_request", str));
    }

    public Response errorResponse(int i, String str, String str2) {
        return Response.status(i).entity(new OAuth2ErrorRepresentation(str, str2)).type(MediaType.APPLICATION_JSON_TYPE).build();
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return userModel.credentialManager().isConfiguredFor(m25getCredentialProvider(keycloakSession).getType());
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        AuthenticationSessionModel authenticationSession = keycloakSession.getContext().getAuthenticationSession();
        if (authenticationSession.getRequiredActions().contains(UserModel.RequiredAction.CONFIGURE_TOTP.name())) {
            return;
        }
        authenticationSession.addRequiredAction(UserModel.RequiredAction.CONFIGURE_TOTP);
    }

    public List<RequiredActionFactory> getRequiredActions(KeycloakSession keycloakSession) {
        return Collections.singletonList(keycloakSession.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, UserModel.RequiredAction.CONFIGURE_TOTP.name()));
    }

    public void close() {
    }

    /* renamed from: getCredentialProvider, reason: merged with bridge method [inline-methods] */
    public ComplexAdminCredentialProvider m25getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, ComplexAdminCredentialProviderFactory.PROVIDER_ID);
    }
}
