package org.keycloak.authentication.requiredactions;

import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.Time;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProvider;
import org.keycloak.credential.PasswordCredentialProviderFactory;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ModelException;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/authentication/requiredactions/UpdatePassword.class */
public class UpdatePassword implements RequiredActionProvider, RequiredActionFactory {
    private static final Logger logger = Logger.getLogger((Class<?>) UpdatePassword.class);

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
        CredentialModel password;
        int daysToExpirePassword = requiredActionContext.getRealm().getPasswordPolicy().getDaysToExpirePassword();
        if (daysToExpirePassword == -1 || (password = ((PasswordCredentialProvider) requiredActionContext.getSession().getProvider(CredentialProvider.class, PasswordCredentialProviderFactory.PROVIDER_ID)).getPassword(requiredActionContext.getRealm(), requiredActionContext.getUser())) == null) {
            return;
        }
        if (password.getCreatedDate() == null) {
            requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            logger.debug("User is required to update password");
        } else if (Time.toMillis(Time.currentTime()) - password.getCreatedDate().longValue() > TimeUnit.DAYS.toMillis(daysToExpirePassword)) {
            requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            logger.debug("User is required to update password");
        }
    }

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        requiredActionContext.challenge(requiredActionContext.form().createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
    }

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void processAction(RequiredActionContext requiredActionContext) {
        EventBuilder event = requiredActionContext.getEvent();
        MultivaluedMap<String, String> decodedFormParameters = requiredActionContext.getHttpRequest().getDecodedFormParameters();
        event.event(EventType.UPDATE_PASSWORD);
        String first = decodedFormParameters.getFirst("password-new");
        String first2 = decodedFormParameters.getFirst("password-confirm");
        EventBuilder user = event.m17575clone().event(EventType.UPDATE_PASSWORD_ERROR).client(requiredActionContext.getClientSession().getClient()).user(requiredActionContext.getClientSession().getUserSession().getUser());
        if (Validation.isBlank(first)) {
            requiredActionContext.challenge(requiredActionContext.form().setError(Messages.MISSING_PASSWORD, new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
            user.error(Errors.PASSWORD_MISSING);
            return;
        }
        if (!first.equals(first2)) {
            requiredActionContext.challenge(requiredActionContext.form().setError(Messages.NOTMATCH_PASSWORD, new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
            user.error(Errors.PASSWORD_CONFIRM_ERROR);
            return;
        }
        try {
            requiredActionContext.getSession().userCredentialManager().updateCredential(requiredActionContext.getRealm(), requiredActionContext.getUser(), UserCredentialModel.password(first, false));
            requiredActionContext.success();
        } catch (ModelException e) {
            user.detail("reason", e.getMessage()).error(Errors.PASSWORD_REJECTED);
            requiredActionContext.challenge(requiredActionContext.form().setError(e.getMessage(), e.getParameters()).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
        } catch (Exception e2) {
            user.detail("reason", e2.getMessage()).error(Errors.PASSWORD_REJECTED);
            requiredActionContext.challenge(requiredActionContext.form().setError(e2.getMessage(), new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
        }
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.provider.ProviderFactory
    /* renamed from: create */
    public RequiredActionProvider create2(KeycloakSession keycloakSession) {
        return this;
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void init(Config.Scope scope) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.authentication.RequiredActionFactory
    public String getDisplayText() {
        return "Update Password";
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return UserModel.RequiredAction.UPDATE_PASSWORD.name();
    }
}
