package kr.co.dozn.auth.user.authenticators;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import kr.co.dozn.auth.user.UserConsentManager;
import net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;

/* loaded from: input_file:kr/co/dozn/auth/user/authenticators/ConsentRegistration.class */
public class ConsentRegistration extends BaseDirectGrantAuthenticator {
    public static final String PROVIDER_ID = "consent-register";
    public static final String CONF_FORM_PARAMETER_NAME = "form_parameter_name";
    public static final String CONF_CONSENT_SCOPE_NAME = "consent_scope_name";
    public static final String CONF_CONSENT_REQUIRED = "consent_required";
    private static final Logger logger = Logger.getLogger(ConsentRegistration.class);

    public ConsentRegistration() {
        super(PROVIDER_ID, "[Dozn] Consent registration", "Register consent supplied in direct grant request");
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        UserModel user = authenticationFlowContext.getUser();
        if (user == null) {
            invalidNotFoundUser(authenticationFlowContext);
            return;
        }
        Map config = authenticationFlowContext.getAuthenticatorConfig().getConfig();
        String str = (String) config.get("form_parameter_name");
        String str2 = (String) config.get("consent_scope_name");
        boolean booleanValue = Boolean.valueOf((String) config.get("consent_required")).booleanValue();
        Optional<String> retrieve = retrieve(authenticationFlowContext, str);
        if (booleanValue) {
            if (retrieve.isPresent() && !Boolean.parseBoolean(retrieve.get())) {
                invalidRequest(authenticationFlowContext, "Consent required");
                return;
            } else if (!retrieve.isPresent() && !UserConsentManager.hasConsentScopeGranted(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user.getId(), str2)) {
                invalidRequest(authenticationFlowContext, "Consent required");
                return;
            }
        }
        if (retrieve.isPresent()) {
            if (Boolean.parseBoolean(retrieve.get())) {
                UserConsentManager.upsertUserConsent(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user.getId(), str2);
                logger.info(String.format("upsertUserConsent realm: %s, clientId: %s, userId: %s", authenticationFlowContext.getRealm().getName(), authenticationFlowContext.getSession().getContext().getClient().getId(), user.getId()));
            } else {
                logger.info(String.format("revokeUserConsent realm: %s, clientId: %s, userId: %s, revoked: %s", authenticationFlowContext.getRealm().getName(), authenticationFlowContext.getSession().getContext().getClient().getId(), user.getId(), Boolean.valueOf(UserConsentManager.revokeUserConsent(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), user.getId(), str2))));
            }
        }
        authenticationFlowContext.success();
    }

    public boolean requiresUser() {
        return true;
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public boolean isConfigurable() {
        return true;
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public List<ProviderConfigProperty> getConfigProperties() {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setType("String");
        providerConfigProperty.setName("form_parameter_name");
        providerConfigProperty.setLabel("Form parameter name");
        providerConfigProperty.setHelpText("Name of the form parameter");
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setType("String");
        providerConfigProperty2.setName("consent_scope_name");
        providerConfigProperty2.setLabel("Consent scope name");
        providerConfigProperty2.setHelpText("Name of the consent to check");
        ProviderConfigProperty providerConfigProperty3 = new ProviderConfigProperty();
        providerConfigProperty3.setType("boolean");
        providerConfigProperty3.setName("consent_required");
        providerConfigProperty3.setLabel("Consent required");
        providerConfigProperty3.setHelpText("Apply a not to the check required");
        return Arrays.asList(providerConfigProperty, providerConfigProperty2, providerConfigProperty3);
    }

    @Override // net.interus.keycloak.phone.authenticators.BaseDirectGrantAuthenticator
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.ALTERNATIVE, AuthenticationExecutionModel.Requirement.DISABLED};
    }
}
