package org.keycloak.authentication.requiredactions;

import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilderException;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.authentication.actiontoken.verifyemail.VerifyEmailActionToken;
import org.keycloak.common.util.Time;
import org.keycloak.email.EmailException;
import org.keycloak.email.EmailTemplateProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.Urls;
import org.keycloak.services.validation.Validation;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:org/keycloak/authentication/requiredactions/VerifyEmail.class */
public class VerifyEmail implements RequiredActionProvider, RequiredActionFactory {
    private static final Logger logger = Logger.getLogger(VerifyEmail.class);

    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
        if (!requiredActionContext.getRealm().isVerifyEmail() || requiredActionContext.getUser().isEmailVerified()) {
            return;
        }
        requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
        logger.debug("User is required to verify email");
    }

    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        Response createResponse;
        AuthenticationSessionModel authenticationSession = requiredActionContext.getAuthenticationSession();
        if (requiredActionContext.getUser().isEmailVerified()) {
            requiredActionContext.success();
            authenticationSession.removeAuthNote("VERIFY_EMAIL_KEY");
            return;
        }
        String email = requiredActionContext.getUser().getEmail();
        if (Validation.isBlank(email)) {
            requiredActionContext.ignore();
            return;
        }
        LoginFormsProvider form = requiredActionContext.form();
        if (Objects.equals(authenticationSession.getAuthNote("VERIFY_EMAIL_KEY"), email)) {
            createResponse = form.createResponse(UserModel.RequiredAction.VERIFY_EMAIL);
        } else {
            authenticationSession.setAuthNote("VERIFY_EMAIL_KEY", email);
            createResponse = sendVerifyEmail(requiredActionContext.getSession(), form, requiredActionContext.getUser(), requiredActionContext.getAuthenticationSession(), requiredActionContext.getEvent().clone().event(EventType.SEND_VERIFY_EMAIL).detail("email", email));
        }
        requiredActionContext.challenge(createResponse);
    }

    public void processAction(RequiredActionContext requiredActionContext) {
        logger.debugf("Re-sending email requested for user: %s", requiredActionContext.getUser().getUsername());
        requiredActionContext.getAuthenticationSession().removeAuthNote("VERIFY_EMAIL_KEY");
        requiredActionChallenge(requiredActionContext);
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public RequiredActionProvider m84create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getDisplayText() {
        return "Verify Email";
    }

    public String getId() {
        return UserModel.RequiredAction.VERIFY_EMAIL.name();
    }

    private Response sendVerifyEmail(KeycloakSession keycloakSession, LoginFormsProvider loginFormsProvider, UserModel userModel, AuthenticationSessionModel authenticationSessionModel, EventBuilder eventBuilder) throws UriBuilderException, IllegalArgumentException {
        RealmModel realm = keycloakSession.getContext().getRealm();
        UriInfo uri = keycloakSession.getContext().getUri();
        int actionTokenGeneratedByUserLifespan = realm.getActionTokenGeneratedByUserLifespan();
        try {
            keycloakSession.getProvider(EmailTemplateProvider.class).setRealm(realm).setUser(userModel).sendVerifyEmail(Urls.actionTokenBuilder(uri.getBaseUri(), new VerifyEmailActionToken(userModel.getId(), Time.currentTime() + actionTokenGeneratedByUserLifespan, authenticationSessionModel.getId(), userModel.getEmail()).serialize(keycloakSession, realm, uri)).build(new Object[]{realm.getName()}).toString(), TimeUnit.SECONDS.toMinutes(actionTokenGeneratedByUserLifespan));
            eventBuilder.success();
        } catch (EmailException e) {
            logger.error("Failed to send verification email", e);
            eventBuilder.error("email_send_failed");
        }
        return loginFormsProvider.createResponse(UserModel.RequiredAction.VERIFY_EMAIL);
    }
}
