package org.keycloak.authentication.forms;

import java.util.ArrayList;
import java.util.List;
import javax.ws.rs.core.MultivaluedMap;
import org.keycloak.Config;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormActionFactory;
import org.keycloak.authentication.FormContext;
import org.keycloak.authentication.ValidationContext;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.7.0.Final.jar:org/keycloak/authentication/forms/RegistrationPassword.class */
public class RegistrationPassword implements FormAction, FormActionFactory {
    public static final String PROVIDER_ID = "registration-password-action";
    private static AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.DISABLED};

    @Override // org.keycloak.provider.ConfiguredProvider
    public String getHelpText() {
        return "Validates that password matches password confirmation field.  It also will store password in user's credential store.";
    }

    @Override // org.keycloak.provider.ConfiguredProvider
    public List<ProviderConfigProperty> getConfigProperties() {
        return null;
    }

    @Override // org.keycloak.authentication.FormAction
    public void validate(ValidationContext validationContext) {
        MultivaluedMap<String, String> decodedFormParameters = validationContext.getHttpRequest().getDecodedFormParameters();
        ArrayList arrayList = new ArrayList();
        validationContext.getEvent().detail(Details.REGISTER_METHOD, "form");
        if (Validation.isBlank(decodedFormParameters.getFirst("password"))) {
            arrayList.add(new FormMessage("password", Messages.MISSING_PASSWORD));
        } else if (!decodedFormParameters.getFirst("password").equals(decodedFormParameters.getFirst("password-confirm"))) {
            arrayList.add(new FormMessage("password-confirm", Messages.INVALID_PASSWORD_CONFIRM));
        }
        if (decodedFormParameters.getFirst("password") != null) {
            PasswordPolicy.Error validate = validationContext.getRealm().getPasswordPolicy().validate(validationContext.getRealm().isRegistrationEmailAsUsername() ? decodedFormParameters.getFirst("email") : decodedFormParameters.getFirst("username"), decodedFormParameters.getFirst("password"));
            if (validate != null) {
                arrayList.add(new FormMessage("password", validate.getMessage(), validate.getParameters()));
            }
        }
        if (arrayList.size() <= 0) {
            validationContext.success();
            return;
        }
        validationContext.error(Errors.INVALID_REGISTRATION);
        decodedFormParameters.remove("password");
        decodedFormParameters.remove("password-confirm");
        validationContext.validationError(decodedFormParameters, arrayList);
    }

    @Override // org.keycloak.authentication.FormAction
    public void success(FormContext formContext) {
        MultivaluedMap decodedFormParameters = formContext.getHttpRequest().getDecodedFormParameters();
        String str = (String) decodedFormParameters.getFirst("password");
        UserCredentialModel userCredentialModel = new UserCredentialModel();
        userCredentialModel.setType("password");
        userCredentialModel.setValue(str);
        UserModel user = formContext.getUser();
        try {
            formContext.getSession().users().updateCredential(formContext.getRealm(), user, UserCredentialModel.password((String) decodedFormParameters.getFirst("password")));
        } catch (Exception e) {
            user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
        }
    }

    @Override // org.keycloak.authentication.FormAction
    public void buildPage(FormContext formContext, LoginFormsProvider loginFormsProvider) {
        loginFormsProvider.setAttribute("passwordRequired", true);
    }

    @Override // org.keycloak.authentication.FormAction
    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.FormAction
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    @Override // org.keycloak.authentication.FormAction
    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public boolean isUserSetupAllowed() {
        return false;
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public String getDisplayType() {
        return "Password Validation";
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public String getReferenceCategory() {
        return "password";
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public boolean isConfigurable() {
        return false;
    }

    @Override // org.keycloak.authentication.ConfigurableAuthenticatorFactory
    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return REQUIREMENT_CHOICES;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.keycloak.provider.ProviderFactory
    public FormAction create(KeycloakSession keycloakSession) {
        return this;
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void init(Config.Scope scope) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.provider.ProviderFactory
    public String getId() {
        return PROVIDER_ID;
    }
}
