package org.keycloak.authentication.requiredactions;

import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.DisplayTypeRequiredActionFactory;
import org.keycloak.authentication.InitiatedActionSupport;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.Time;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProviderFactory;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.ModelException;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.PasswordCredentialModel;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/requiredactions/UpdatePassword.class */
public class UpdatePassword implements RequiredActionProvider, RequiredActionFactory, DisplayTypeRequiredActionFactory {
    private static final Logger logger = Logger.getLogger(UpdatePassword.class);

    public InitiatedActionSupport initiatedActionSupport() {
        return InitiatedActionSupport.SUPPORTED;
    }

    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
        PasswordCredentialModel password;
        int daysToExpirePassword = requiredActionContext.getRealm().getPasswordPolicy().getDaysToExpirePassword();
        if (daysToExpirePassword == -1 || (password = requiredActionContext.getSession().getProvider(CredentialProvider.class, PasswordCredentialProviderFactory.PROVIDER_ID).getPassword(requiredActionContext.getRealm(), requiredActionContext.getUser())) == null) {
            return;
        }
        if (password.getCreatedDate() == null) {
            requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            logger.debug("User is required to update password");
        } else if (Time.toMillis(Time.currentTime()) - password.getCreatedDate().longValue() > TimeUnit.DAYS.toMillis(daysToExpirePassword)) {
            requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
            logger.debug("User is required to update password");
        }
    }

    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        requiredActionContext.challenge(requiredActionContext.form().setAttribute("username", requiredActionContext.getAuthenticationSession().getAuthenticatedUser().getUsername()).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
    }

    public void processAction(RequiredActionContext requiredActionContext) {
        EventBuilder event = requiredActionContext.getEvent();
        MultivaluedMap decodedFormParameters = requiredActionContext.getHttpRequest().getDecodedFormParameters();
        event.event(EventType.UPDATE_PASSWORD);
        String str = (String) decodedFormParameters.getFirst(ConsoleUpdatePassword.PASSWORD_NEW);
        String str2 = (String) decodedFormParameters.getFirst("password-confirm");
        EventBuilder user = event.clone().event(EventType.UPDATE_PASSWORD_ERROR).client(requiredActionContext.getAuthenticationSession().getClient()).user(requiredActionContext.getAuthenticationSession().getAuthenticatedUser());
        if (Validation.isBlank(str)) {
            requiredActionContext.challenge(requiredActionContext.form().setAttribute("username", requiredActionContext.getAuthenticationSession().getAuthenticatedUser().getUsername()).setError(Messages.MISSING_PASSWORD, new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
            user.error("password_missing");
            return;
        }
        if (!str.equals(str2)) {
            requiredActionContext.challenge(requiredActionContext.form().setAttribute("username", requiredActionContext.getAuthenticationSession().getAuthenticatedUser().getUsername()).setError(Messages.NOTMATCH_PASSWORD, new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
            user.error("password_confirm_error");
            return;
        }
        try {
            requiredActionContext.getSession().userCredentialManager().updateCredential(requiredActionContext.getRealm(), requiredActionContext.getUser(), UserCredentialModel.password(str, false));
            requiredActionContext.success();
        } catch (ModelException e) {
            user.detail("reason", e.getMessage()).error("password_rejected");
            requiredActionContext.challenge(requiredActionContext.form().setAttribute("username", requiredActionContext.getAuthenticationSession().getAuthenticatedUser().getUsername()).setError(e.getMessage(), e.getParameters()).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
        } catch (Exception e2) {
            user.detail("reason", e2.getMessage()).error("password_rejected");
            requiredActionContext.challenge(requiredActionContext.form().setAttribute("username", requiredActionContext.getAuthenticationSession().getAuthenticatedUser().getUsername()).setError(e2.getMessage(), new Object[0]).createResponse(UserModel.RequiredAction.UPDATE_PASSWORD));
        }
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public RequiredActionProvider m121create(KeycloakSession keycloakSession) {
        return this;
    }

    public RequiredActionProvider createDisplay(KeycloakSession keycloakSession, String str) {
        if (str == null) {
            return this;
        }
        if ("console".equalsIgnoreCase(str)) {
            return ConsoleUpdatePassword.SINGLETON;
        }
        return null;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getDisplayText() {
        return "Update Password";
    }

    public String getId() {
        return UserModel.RequiredAction.UPDATE_PASSWORD.name();
    }

    public boolean isOneTimeAction() {
        return true;
    }
}
