package org.keycloak.examples.authenticator;

import java.util.Collections;
import java.util.List;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.CredentialValidator;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.common.util.ServerCookie;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.examples.authenticator.credential.SecretQuestionCredentialModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:org/keycloak/examples/authenticator/SecretQuestionAuthenticator.class */
public class SecretQuestionAuthenticator implements Authenticator, CredentialValidator<SecretQuestionCredentialProvider> {
    protected boolean hasCookie(AuthenticationFlowContext authenticationFlowContext) {
        boolean z = ((Cookie) authenticationFlowContext.getHttpRequest().getHttpHeaders().getCookies().get("SECRET_QUESTION_ANSWERED")) != null;
        if (z) {
            System.out.println("Bypassing secret question because cookie is set");
        }
        return z;
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        if (hasCookie(authenticationFlowContext)) {
            authenticationFlowContext.success();
        } else {
            authenticationFlowContext.challenge(authenticationFlowContext.form().createForm("secret-question.ftl"));
        }
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        if (validateAnswer(authenticationFlowContext)) {
            setCookie(authenticationFlowContext);
            authenticationFlowContext.success();
        } else {
            authenticationFlowContext.failureChallenge(AuthenticationFlowError.INVALID_CREDENTIALS, authenticationFlowContext.form().setError("badSecret", new Object[0]).createForm("secret-question.ftl"));
        }
    }

    protected void setCookie(AuthenticationFlowContext authenticationFlowContext) {
        AuthenticatorConfigModel authenticatorConfig = authenticationFlowContext.getAuthenticatorConfig();
        int i = 2592000;
        if (authenticatorConfig != null) {
            i = Integer.valueOf((String) authenticatorConfig.getConfig().get("cookie.max.age")).intValue();
        }
        addCookie(authenticationFlowContext, "SECRET_QUESTION_ANSWERED", "true", authenticationFlowContext.getUriInfo().getBaseUriBuilder().path("realms").path(authenticationFlowContext.getRealm().getName()).build(new Object[0]).getRawPath(), null, null, i, false, true);
    }

    public void addCookie(AuthenticationFlowContext authenticationFlowContext, String str, String str2, String str3, String str4, String str5, int i, boolean z, boolean z2) {
        HttpResponse httpResponse = (HttpResponse) authenticationFlowContext.getSession().getContext().getContextObject(HttpResponse.class);
        StringBuffer stringBuffer = new StringBuffer();
        ServerCookie.appendCookieValue(stringBuffer, 1, str, str2, str3, str4, str5, i, z, z2, (ServerCookie.SameSiteAttributeValue) null);
        httpResponse.getOutputHeaders().add("Set-Cookie", stringBuffer.toString());
    }

    protected boolean validateAnswer(AuthenticationFlowContext authenticationFlowContext) {
        MultivaluedMap decodedFormParameters = authenticationFlowContext.getHttpRequest().getDecodedFormParameters();
        String str = (String) decodedFormParameters.getFirst("secret_answer");
        String str2 = (String) decodedFormParameters.getFirst("credentialId");
        if (str2 == null || str2.isEmpty()) {
            str2 = ((SecretQuestionCredentialModel) m0getCredentialProvider(authenticationFlowContext.getSession()).getDefaultCredential(authenticationFlowContext.getSession(), authenticationFlowContext.getRealm(), authenticationFlowContext.getUser())).getId();
        }
        return m0getCredentialProvider(authenticationFlowContext.getSession()).isValid(authenticationFlowContext.getRealm(), authenticationFlowContext.getUser(), new UserCredentialModel(str2, getType(authenticationFlowContext.getSession()), str));
    }

    public boolean requiresUser() {
        return true;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return m0getCredentialProvider(keycloakSession).isConfiguredFor(realmModel, userModel, getType(keycloakSession));
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        userModel.addRequiredAction(SecretQuestionRequiredAction.PROVIDER_ID);
    }

    public List<RequiredActionFactory> getRequiredActions(KeycloakSession keycloakSession) {
        return Collections.singletonList(keycloakSession.getKeycloakSessionFactory().getProviderFactory(RequiredActionProvider.class, SecretQuestionRequiredAction.PROVIDER_ID));
    }

    public void close() {
    }

    /* renamed from: getCredentialProvider, reason: merged with bridge method [inline-methods] */
    public SecretQuestionCredentialProvider m0getCredentialProvider(KeycloakSession keycloakSession) {
        return keycloakSession.getProvider(CredentialProvider.class, SecretQuestionCredentialProviderFactory.PROVIDER_ID);
    }
}
