package org.keycloak.authentication.authenticators;

import java.net.URI;
import javax.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.AuthenticatorContext;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.LoginActionsService;

/* loaded from: input_file:org/keycloak/authentication/authenticators/AbstractFormAuthenticator.class */
public class AbstractFormAuthenticator {
    public static final String LOGIN_FORM_ACTION = "login_form";
    public static final String REGISTRATION_FORM_ACTION = "registration_form";
    public static final String ACTION = "action";

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAction(AuthenticatorContext authenticatorContext, String str) {
        return str.equals(authenticatorContext.getAction());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public LoginFormsProvider loginForm(AuthenticatorContext authenticatorContext) {
        ClientSessionCode clientSessionCode = new ClientSessionCode(authenticatorContext.getRealm(), authenticatorContext.getClientSession());
        clientSessionCode.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
        LoginFormsProvider clientSessionCode2 = authenticatorContext.getSession().getProvider(LoginFormsProvider.class).setUser(authenticatorContext.getUser()).setActionUri(getActionUrl(authenticatorContext, clientSessionCode, LOGIN_FORM_ACTION)).setClientSessionCode(clientSessionCode.getCode());
        if (authenticatorContext.getForwardedErrorMessage() != null) {
            clientSessionCode2.setError(authenticatorContext.getForwardedErrorMessage(), new Object[0]);
        }
        return clientSessionCode2;
    }

    public static URI getActionUrl(AuthenticatorContext authenticatorContext, ClientSessionCode clientSessionCode, String str) {
        return LoginActionsService.authenticationFormProcessor(authenticatorContext.getUriInfo()).queryParam("code", new Object[]{clientSessionCode.getCode()}).queryParam(ACTION, new Object[]{str}).build(new Object[]{authenticatorContext.getRealm().getName()});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response invalidUser(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setError(Messages.INVALID_USER, new Object[0]).setClientSessionCode(new ClientSessionCode(authenticatorContext.getRealm(), authenticatorContext.getClientSession()).getCode()).createLogin();
    }

    protected Response disabledUser(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setClientSessionCode(new ClientSessionCode(authenticatorContext.getRealm(), authenticatorContext.getClientSession()).getCode()).setError(Messages.ACCOUNT_DISABLED, new Object[0]).createLogin();
    }

    protected Response temporarilyDisabledUser(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setClientSessionCode(new ClientSessionCode(authenticatorContext.getRealm(), authenticatorContext.getClientSession()).getCode()).setError(Messages.ACCOUNT_TEMPORARILY_DISABLED, new Object[0]).createLogin();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response invalidCredentials(AuthenticatorContext authenticatorContext) {
        return loginForm(authenticatorContext).setClientSessionCode(new ClientSessionCode(authenticatorContext.getRealm(), authenticatorContext.getClientSession()).getCode()).setError(Messages.INVALID_USER, new Object[0]).createLogin();
    }

    public boolean invalidUser(AuthenticatorContext authenticatorContext, UserModel userModel) {
        if (userModel == null) {
            authenticatorContext.getEvent().error("user_not_found");
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.INVALID_USER, invalidUser(authenticatorContext));
            return true;
        }
        if (!userModel.isEnabled()) {
            authenticatorContext.getEvent().user(userModel);
            authenticatorContext.getEvent().error("user_disabled");
            authenticatorContext.failureChallenge(AuthenticationProcessor.Error.USER_DISABLED, disabledUser(authenticatorContext));
            return true;
        }
        if (!authenticatorContext.getRealm().isBruteForceProtected() || !authenticatorContext.getProtector().isTemporarilyDisabled(authenticatorContext.getSession(), authenticatorContext.getRealm(), userModel.getUsername())) {
            return false;
        }
        authenticatorContext.getEvent().user(userModel);
        authenticatorContext.getEvent().error("user_temporarily_disabled");
        authenticatorContext.failureChallenge(AuthenticationProcessor.Error.USER_TEMPORARILY_DISABLED, temporarilyDisabledUser(authenticatorContext));
        return true;
    }
}
