package kr.co.dozn.auth.user.authenticators;

import kr.co.dozn.auth.identification.authenticators.PhoneIdentificationOtpValidation;
import kr.co.dozn.auth.residence.authenticators.AbstractUsernameFormAuthenticator;
import net.interus.keycloak.phone.UserPhoneNumberAttributes;
import net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.CredentialValidator;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProvider;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:kr/co/dozn/auth/user/authenticators/SimplePasswordValidation.class */
public class SimplePasswordValidation extends BaseDirectGrantAuthenticator implements CredentialValidator<PasswordCredentialProvider> {
    public static final String PROVIDER_ID = "simple-password-validation";
    private static final Logger logger = Logger.getLogger(PhoneIdentificationOtpValidation.class);

    public SimplePasswordValidation() {
        super(PROVIDER_ID, "[Dozn] Simple password validation", "Validates the six digit password supplied as a 'password' form parameter in direct grant request");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.getEvent().event(EventType.LOGIN).detail(UserCredentialValidation.CONF_CREDENTIAL_TYPE, PasswordFormKeys.FORM_PASSWORD).detail("identity_provider", PROVIDER_ID);
        UserModel user = authenticationFlowContext.getUser();
        String verifiedPhoneNumber = UserPhoneNumberAttributes.getVerifiedPhoneNumber(user);
        logger.info(String.format("Residence OTP authenticate phoneNumber %s username %s", verifiedPhoneNumber, user.getUsername()));
        if (Validation.isBlank(verifiedPhoneNumber)) {
            authenticationFlowContext.getEvent().event(EventType.LOGIN_ERROR);
            invalidRequest(authenticationFlowContext, "Invalid parameter: phoneNumber");
            return;
        }
        authenticationFlowContext.getEvent().detail("username", verifiedPhoneNumber);
        authenticationFlowContext.getAuthenticationSession().setAuthNote(AbstractUsernameFormAuthenticator.ATTEMPTED_USERNAME, verifiedPhoneNumber);
        String str = retrieve(authenticationFlowContext, PasswordFormKeys.FORM_PASSWORD).get();
        if (Validation.isBlank(str)) {
            authenticationFlowContext.getEvent().event(EventType.LOGIN_ERROR);
            invalidRequest(authenticationFlowContext, "Missing parameter: password");
        } else {
            if (authenticationFlowContext.getUser().credentialManager().isValid(new CredentialInput[]{UserCredentialModel.password(str)})) {
                authenticationFlowContext.success();
                return;
            }
            logger.info(String.format("Password registration is not valid", new Object[0]));
            authenticationFlowContext.getEvent().event(EventType.LOGIN_ERROR);
            invalidUserCredentials(authenticationFlowContext, authenticationFlowContext.getUser());
        }
    }

    public boolean requiresUser() {
        return true;
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED};
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return userModel.credentialManager().isConfiguredFor(m57getCredentialProvider(keycloakSession).getType());
    }

    /* renamed from: getCredentialProvider, reason: merged with bridge method [inline-methods] */
    public PasswordCredentialProvider m57getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, "keycloak-password");
    }
}
