package org.keycloak.authentication.requiredactions;

import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.events.EventType;
import org.keycloak.login.LoginFormsProvider;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.HmacOTP;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.services.validation.Validation;

/* loaded from: input_file:org/keycloak/authentication/requiredactions/VerifyEmail.class */
public class VerifyEmail implements RequiredActionProvider, RequiredActionFactory {
    protected static Logger logger = Logger.getLogger(VerifyEmail.class);

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
        if (!requiredActionContext.getRealm().isVerifyEmail() || requiredActionContext.getUser().isEmailVerified()) {
            return;
        }
        requiredActionContext.getUser().addRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL);
        logger.debug("User is required to verify email");
    }

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        if (requiredActionContext.getUser().isEmailVerified()) {
            requiredActionContext.success();
            return;
        }
        if (Validation.isBlank(requiredActionContext.getUser().getEmail())) {
            requiredActionContext.ignore();
            return;
        }
        requiredActionContext.getEvent().clone().event(EventType.SEND_VERIFY_EMAIL).detail("email", requiredActionContext.getUser().getEmail()).success();
        LoginActionsService.createActionCookie(requiredActionContext.getRealm(), requiredActionContext.getUriInfo(), requiredActionContext.getConnection(), requiredActionContext.getUserSession().getId());
        setupKey(requiredActionContext.getClientSession());
        requiredActionContext.challenge(requiredActionContext.getSession().getProvider(LoginFormsProvider.class).setClientSessionCode(requiredActionContext.generateCode()).setClientSession(requiredActionContext.getClientSession()).setUser(requiredActionContext.getUser()).createResponse(UserModel.RequiredAction.VERIFY_EMAIL));
    }

    @Override // org.keycloak.authentication.RequiredActionProvider
    public void processAction(RequiredActionContext requiredActionContext) {
        requiredActionContext.failure();
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public RequiredActionProvider m65create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    @Override // org.keycloak.authentication.RequiredActionFactory
    public String getDisplayText() {
        return "Verify Email";
    }

    public String getId() {
        return UserModel.RequiredAction.VERIFY_EMAIL.name();
    }

    public static void setupKey(ClientSessionModel clientSessionModel) {
        clientSessionModel.setNote("VERIFY_EMAIL_KEY", HmacOTP.generateSecret(10));
    }
}
