package org.keycloak.examples.authenticator;

import java.util.Iterator;
import javax.ws.rs.core.Cookie;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.util.CookieHelper;

/* loaded from: input_file:org/keycloak/examples/authenticator/SecretQuestionAuthenticator.class */
public class SecretQuestionAuthenticator implements Authenticator {
    public static final String CREDENTIAL_TYPE = "secret_question";

    protected boolean hasCookie(AuthenticationFlowContext authenticationFlowContext) {
        boolean z = ((Cookie) authenticationFlowContext.getHttpRequest().getHttpHeaders().getCookies().get("SECRET_QUESTION_ANSWERED")) != null;
        if (z) {
            System.out.println("Bypassing secret question because cookie as set");
        }
        return z;
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        if (hasCookie(authenticationFlowContext)) {
            authenticationFlowContext.success();
        } else {
            authenticationFlowContext.challenge(authenticationFlowContext.form().createForm("secret-question.ftl"));
        }
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        if (authenticationFlowContext.getHttpRequest().getDecodedFormParameters().containsKey("cancel")) {
            authenticationFlowContext.cancelLogin();
        } else if (validateAnswer(authenticationFlowContext)) {
            setCookie(authenticationFlowContext);
            authenticationFlowContext.success();
        } else {
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, authenticationFlowContext.form().setError("badSecret", new Object[0]).createForm("secret-question.ftl"));
        }
    }

    protected void setCookie(AuthenticationFlowContext authenticationFlowContext) {
        AuthenticatorConfigModel authenticatorConfig = authenticationFlowContext.getAuthenticatorConfig();
        int i = 2592000;
        if (authenticatorConfig != null) {
            i = Integer.valueOf((String) authenticatorConfig.getConfig().get("cookie.max.age")).intValue();
        }
        CookieHelper.addCookie("SECRET_QUESTION_ANSWERED", "true", authenticationFlowContext.getUriInfo().getBaseUriBuilder().path("realms").path(authenticationFlowContext.getRealm().getName()).build(new Object[0]).getRawPath(), (String) null, (String) null, i, false, true);
    }

    protected boolean validateAnswer(AuthenticationFlowContext authenticationFlowContext) {
        String str = (String) authenticationFlowContext.getHttpRequest().getDecodedFormParameters().getFirst("secret_answer");
        UserCredentialValueModel userCredentialValueModel = null;
        Iterator it = authenticationFlowContext.getUser().getCredentialsDirectly().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            UserCredentialValueModel userCredentialValueModel2 = (UserCredentialValueModel) it.next();
            if (userCredentialValueModel2.getType().equals(CREDENTIAL_TYPE)) {
                userCredentialValueModel = userCredentialValueModel2;
                break;
            }
        }
        return userCredentialValueModel.getValue().equals(str);
    }

    public boolean requiresUser() {
        return true;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return keycloakSession.users().configuredForCredentialType(CREDENTIAL_TYPE, realmModel, userModel);
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        userModel.addRequiredAction(SecretQuestionRequiredAction.PROVIDER_ID);
    }

    public void close() {
    }
}
