package org.keycloak.authentication.authenticators.browser;

import java.net.URI;
import java.util.LinkedList;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorContext;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.LoginActionsService;

/* loaded from: input_file:org/keycloak/authentication/authenticators/browser/AbstractFormAuthenticator.class */
public abstract class AbstractFormAuthenticator implements Authenticator {
    private static final Logger logger = Logger.getLogger(AbstractFormAuthenticator.class);
    public static final String REGISTRATION_FORM_ACTION = "registration_form";
    public static final String EXECUTION = "execution";
    public static final String ATTEMPTED_USERNAME = "ATTEMPTED_USERNAME";

    @Override // org.keycloak.authentication.Authenticator
    public void action(AuthenticatorContext authenticatorContext) {
    }

    public void close() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LoginFormsProvider loginForm(AuthenticatorContext authenticatorContext) {
        String generateAccessCode = authenticatorContext.generateAccessCode();
        LoginFormsProvider clientSessionCode = authenticatorContext.getSession().getProvider(LoginFormsProvider.class).setUser(authenticatorContext.getUser()).setActionUri(getActionUrl(authenticatorContext, generateAccessCode)).setClientSessionCode(generateAccessCode);
        if (authenticatorContext.getForwardedErrorMessage() != null) {
            clientSessionCode.setError(authenticatorContext.getForwardedErrorMessage(), new Object[0]);
        }
        return clientSessionCode;
    }

    public URI getActionUrl(AuthenticatorContext authenticatorContext, String str) {
        return LoginActionsService.authenticationFormProcessor(authenticatorContext.getUriInfo()).queryParam("code", new Object[]{str}).queryParam("execution", new Object[]{authenticatorContext.getExecution().getId()}).build(new Object[]{authenticatorContext.getRealm().getName()});
    }

    protected Response invalidUser(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setError(Messages.INVALID_USER, new Object[0]).createLogin();
    }

    protected Response disabledUser(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setError(Messages.ACCOUNT_DISABLED, new Object[0]).createLogin();
    }

    protected Response temporarilyDisabledUser(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setError(Messages.ACCOUNT_TEMPORARILY_DISABLED, new Object[0]).createLogin();
    }

    protected Response invalidCredentials(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setError(Messages.INVALID_USER, new Object[0]).createLogin();
    }

    protected Response setDuplicateUserChallenge(AuthenticatorContext authenticatorContext, String str, String str2, AuthenticationProcessor.Error error) {
        authenticatorContext.getEvent().error(str);
        Response createLogin = loginForm(authenticatorContext).setError(str2, new Object[0]).createLogin();
        authenticatorContext.failureChallenge(error, createLogin);
        return createLogin;
    }

    public boolean invalidUser(AuthenticatorContext authenticatorContext, UserModel userModel) {
        if (userModel == null) {
            authenticatorContext.getEvent().error("user_not_found");
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.INVALID_USER, invalidUser(authenticatorContext));
            return true;
        }
        if (!userModel.isEnabled()) {
            authenticatorContext.getEvent().user(userModel);
            authenticatorContext.getEvent().error("user_disabled");
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.USER_DISABLED, disabledUser(authenticatorContext));
            return true;
        }
        if (!authenticatorContext.getRealm().isBruteForceProtected() || !authenticatorContext.getProtector().isTemporarilyDisabled(authenticatorContext.getSession(), authenticatorContext.getRealm(), userModel.getUsername())) {
            return false;
        }
        authenticatorContext.getEvent().user(userModel);
        authenticatorContext.getEvent().error("user_temporarily_disabled");
        authenticatorContext.failureChallenge(AuthenticationProcessor.Error.USER_TEMPORARILY_DISABLED, temporarilyDisabledUser(authenticatorContext));
        return true;
    }

    public boolean validateUser(AuthenticatorContext authenticatorContext, MultivaluedMap<String, String> multivaluedMap) {
        String str = (String) multivaluedMap.getFirst("username");
        if (str == null) {
            authenticatorContext.getEvent().error("user_not_found");
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.INVALID_USER, invalidUser(authenticatorContext));
            return false;
        }
        authenticatorContext.getEvent().detail("username", str);
        authenticatorContext.getClientSession().setNote(ATTEMPTED_USERNAME, str);
        try {
            UserModel findUserByNameOrEmail = KeycloakModelUtils.findUserByNameOrEmail(authenticatorContext.getSession(), authenticatorContext.getRealm(), str);
            if (invalidUser(authenticatorContext, findUserByNameOrEmail)) {
                return false;
            }
            String str2 = (String) multivaluedMap.getFirst("rememberMe");
            if (str2 != null && str2.equalsIgnoreCase("on")) {
                authenticatorContext.getClientSession().setNote("remember_me", "true");
                authenticatorContext.getEvent().detail("remember_me", "true");
            } else {
                authenticatorContext.getClientSession().removeNote("remember_me");
            }
            authenticatorContext.setUser(findUserByNameOrEmail);
            return true;
        } catch (ModelDuplicateException e) {
            logger.error(e.getMessage(), e);
            if (e.getDuplicateFieldName() == null || !e.getDuplicateFieldName().equals("email")) {
                setDuplicateUserChallenge(authenticatorContext, "username_in_use", Messages.USERNAME_EXISTS, AuthenticationProcessor.Error.INVALID_USER);
                return false;
            }
            setDuplicateUserChallenge(authenticatorContext, "email_in_use", Messages.EMAIL_EXISTS, AuthenticationProcessor.Error.INVALID_USER);
            return false;
        }
    }

    public boolean validatePassword(AuthenticatorContext authenticatorContext, MultivaluedMap<String, String> multivaluedMap) {
        LinkedList linkedList = new LinkedList();
        String str = (String) multivaluedMap.getFirst("password");
        if (str == null || str.isEmpty()) {
            if (authenticatorContext.getUser() != null) {
                authenticatorContext.getEvent().user(authenticatorContext.getUser());
            }
            authenticatorContext.getEvent().error("invalid_user_credentials");
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.INVALID_CREDENTIALS, invalidCredentials(authenticatorContext));
            return false;
        }
        linkedList.add(UserCredentialModel.password(str));
        if (authenticatorContext.getSession().users().validCredentials(authenticatorContext.getRealm(), authenticatorContext.getUser(), linkedList)) {
            return true;
        }
        authenticatorContext.getEvent().user(authenticatorContext.getUser());
        authenticatorContext.getEvent().error("invalid_user_credentials");
        authenticatorContext.failureChallenge(AuthenticationProcessor.Error.INVALID_CREDENTIALS, invalidCredentials(authenticatorContext));
        return false;
    }
}
