package org.keycloak.authentication.authenticators;

import java.util.LinkedList;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.AuthenticatorContext;
import org.keycloak.models.AuthenticatorModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/authenticators/LoginFormPasswordAuthenticator.class */
public class LoginFormPasswordAuthenticator extends LoginFormUsernameAuthenticator {
    public LoginFormPasswordAuthenticator(AuthenticatorModel authenticatorModel) {
        super(authenticatorModel);
    }

    @Override // org.keycloak.authentication.authenticators.LoginFormUsernameAuthenticator, org.keycloak.authentication.Authenticator
    public void authenticate(AuthenticatorContext authenticatorContext) {
        if (isActionUrl(authenticatorContext)) {
            validatePassword(authenticatorContext);
        } else {
            authenticatorContext.failure(AuthenticationProcessor.Error.INTERNAL_ERROR);
        }
    }

    protected Response badPassword(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setError(Messages.INVALID_USER, new Object[0]).createLogin();
    }

    public void validatePassword(AuthenticatorContext authenticatorContext) {
        MultivaluedMap formParameters = authenticatorContext.getHttpRequest().getFormParameters();
        LinkedList linkedList = new LinkedList();
        String str = (String) formParameters.getFirst(Validation.FIELD_PASSWORD);
        if (str == null) {
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.INVALID_CREDENTIALS, badPassword(authenticatorContext));
            return;
        }
        linkedList.add(UserCredentialModel.password(str));
        if (authenticatorContext.getSession().users().validCredentials(authenticatorContext.getRealm(), authenticatorContext.getUser(), linkedList)) {
            authenticatorContext.success();
        } else {
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.INVALID_CREDENTIALS, badPassword(authenticatorContext));
        }
    }

    @Override // org.keycloak.authentication.authenticators.LoginFormUsernameAuthenticator, org.keycloak.authentication.Authenticator
    public boolean requiresUser() {
        return true;
    }

    @Override // org.keycloak.authentication.authenticators.LoginFormUsernameAuthenticator, org.keycloak.authentication.Authenticator
    public boolean configuredFor(UserModel userModel) {
        return userModel.configuredForCredentialType(Validation.FIELD_PASSWORD);
    }

    @Override // org.keycloak.authentication.authenticators.LoginFormUsernameAuthenticator, org.keycloak.authentication.Authenticator
    public String getRequiredAction() {
        return UserModel.RequiredAction.UPDATE_PASSWORD.name();
    }

    @Override // org.keycloak.authentication.authenticators.LoginFormUsernameAuthenticator
    public void close() {
    }
}
