package org.keycloak.authentication.authenticators.challenge;

import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.Authenticator;
import org.keycloak.credential.CredentialInput;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:org/keycloak/authentication/authenticators/challenge/BasicAuthOTPAuthenticator.class */
public class BasicAuthOTPAuthenticator extends BasicAuthAuthenticator implements Authenticator {
    @Override // org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator
    protected boolean onAuthenticate(AuthenticationFlowContext authenticationFlowContext, String[] strArr) {
        String str = strArr[0];
        String str2 = strArr[1];
        int digits = authenticationFlowContext.getRealm().getOTPPolicy().getDigits();
        if (str2.length() < digits) {
            return false;
        }
        String substring = str2.substring(0, str2.length() - digits);
        return checkUsernameAndPassword(authenticationFlowContext, str, substring) && checkOtp(authenticationFlowContext, substring.substring(substring.length() - digits));
    }

    private boolean checkOtp(AuthenticationFlowContext authenticationFlowContext, String str) {
        return authenticationFlowContext.getSession().userCredentialManager().isValid(authenticationFlowContext.getRealm(), authenticationFlowContext.getUser(), new CredentialInput[]{UserCredentialModel.otp(authenticationFlowContext.getRealm().getOTPPolicy().getType(), str)});
    }

    @Override // org.keycloak.authentication.authenticators.challenge.BasicAuthAuthenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return keycloakSession.userCredentialManager().isConfiguredFor(realmModel, userModel, realmModel.getOTPPolicy().getType());
    }
}
