package org.keycloak.authentication.requiredactions;

import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.Time;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ModelException;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/requiredactions/UpdatePassword.class */
public class UpdatePassword implements RequiredActionProvider, RequiredActionFactory {
    protected static Logger logger = Logger.getLogger(UpdatePassword.class);

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
        int daysToExpirePassword = requiredActionContext.getRealm().getPasswordPolicy().getDaysToExpirePassword();
        if (daysToExpirePassword != -1) {
            for (UserCredentialValueModel userCredentialValueModel : requiredActionContext.getUser().getCredentialsDirectly()) {
                if (userCredentialValueModel.getType().equals("password")) {
                    if (userCredentialValueModel.getCreatedDate() == null) {
                        requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
                        logger.debug("User is required to update password");
                        return;
                    } else {
                        if (Time.toMillis(Time.currentTime()) - userCredentialValueModel.getCreatedDate().longValue() > TimeUnit.DAYS.toMillis(daysToExpirePassword)) {
                            requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
                            logger.debug("User is required to update password");
                            return;
                        }
                        return;
                    }
                }
            }
        }
    }

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        requiredActionContext.challenge(requiredActionContext.form().createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
    }

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void processAction(RequiredActionContext requiredActionContext) {
        EventBuilder event = requiredActionContext.getEvent();
        MultivaluedMap decodedFormParameters = requiredActionContext.getHttpRequest().getDecodedFormParameters();
        event.event(EventType.UPDATE_PASSWORD);
        String str = (String) decodedFormParameters.getFirst("password-new");
        String str2 = (String) decodedFormParameters.getFirst("password-confirm");
        if (Validation.isBlank(str)) {
            requiredActionContext.challenge(requiredActionContext.form().setError(Messages.MISSING_PASSWORD, new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
            return;
        }
        if (!str.equals(str2)) {
            requiredActionContext.challenge(requiredActionContext.form().setError(Messages.NOTMATCH_PASSWORD, new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
            return;
        }
        try {
            requiredActionContext.getSession().users().updateCredential(requiredActionContext.getRealm(), requiredActionContext.getUser(), UserCredentialModel.password(str));
            requiredActionContext.success();
        } catch (ModelException e) {
            requiredActionContext.challenge(requiredActionContext.form().setError(e.getMessage(), e.getParameters()).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
        } catch (Exception e2) {
            requiredActionContext.challenge(requiredActionContext.form().setError(e2.getMessage(), new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
        }
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public RequiredActionProvider m41create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.authentication.RequiredActionFactory
    public String getDisplayText() {
        return "Update Password";
    }

    public String getId() {
        return UserModel.RequiredAction.UPDATE_PASSWORD.name();
    }
}
