package org.keycloak.credential;

import java.io.IOException;
import java.util.Objects;
import java.util.Optional;
import org.jboss.logging.Logger;
import org.keycloak.credential.CredentialTypeMetadata;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.RecoveryAuthnCodesCredentialModel;
import org.keycloak.models.credential.dto.RecoveryAuthnCodeRepresentation;
import org.keycloak.models.credential.dto.RecoveryAuthnCodesCredentialData;
import org.keycloak.models.utils.RecoveryAuthnCodesUtils;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/credential/RecoveryAuthnCodesCredentialProvider.class */
public class RecoveryAuthnCodesCredentialProvider implements CredentialProvider<RecoveryAuthnCodesCredentialModel>, CredentialInputValidator {
    private static final Logger logger = Logger.getLogger(RecoveryAuthnCodesCredentialProvider.class);
    private final KeycloakSession session;

    public RecoveryAuthnCodesCredentialProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public String getType() {
        return "recovery-authn-codes";
    }

    public CredentialModel createCredential(RealmModel realmModel, UserModel userModel, RecoveryAuthnCodesCredentialModel recoveryAuthnCodesCredentialModel) {
        userModel.credentialManager().getStoredCredentialsByTypeStream(getType()).findFirst().ifPresent(credentialModel -> {
            deleteCredential(realmModel, userModel, credentialModel.getId());
        });
        return userModel.credentialManager().createStoredCredential(recoveryAuthnCodesCredentialModel);
    }

    public boolean deleteCredential(RealmModel realmModel, UserModel userModel, String str) {
        return userModel.credentialManager().removeStoredCredentialById(str);
    }

    /* renamed from: getCredentialFromModel, reason: merged with bridge method [inline-methods] */
    public RecoveryAuthnCodesCredentialModel m195getCredentialFromModel(CredentialModel credentialModel) {
        return RecoveryAuthnCodesCredentialModel.createFromCredentialModel(credentialModel);
    }

    public CredentialTypeMetadata getCredentialTypeMetadata(CredentialTypeMetadataContext credentialTypeMetadataContext) {
        CredentialTypeMetadata.CredentialTypeMetadataBuilder removeable = CredentialTypeMetadata.builder().type(getType()).category(CredentialTypeMetadata.Category.TWO_FACTOR).displayName("recovery-authn-codes-display-name").helpText("recovery-authn-codes-help-text").iconCssClass("kcAuthenticatorRecoveryAuthnCodesClass").removeable(true);
        credentialTypeMetadataContext.getUser();
        removeable.createAction(UserModel.RequiredAction.CONFIGURE_RECOVERY_AUTHN_CODES.name());
        return removeable.build(this.session);
    }

    public CredentialMetadata getCredentialMetadata(RecoveryAuthnCodesCredentialModel recoveryAuthnCodesCredentialModel, CredentialTypeMetadata credentialTypeMetadata) {
        CredentialMetadata credentialMetadata = new CredentialMetadata();
        try {
            RecoveryAuthnCodesCredentialData recoveryAuthnCodesCredentialData = (RecoveryAuthnCodesCredentialData) JsonSerialization.readValue(recoveryAuthnCodesCredentialModel.getCredentialData(), RecoveryAuthnCodesCredentialData.class);
            if (recoveryAuthnCodesCredentialData.getRemainingCodes() < getWarningThreshold()) {
                credentialMetadata.setWarningMessageTitle("recovery-codes-number-remaining", new String[]{String.valueOf(recoveryAuthnCodesCredentialData.getRemainingCodes())});
                credentialMetadata.setWarningMessageDescription("recovery-codes-generate-new-codes", new String[0]);
            }
            credentialMetadata.setInfoMessage("recovery-codes-number-used", new String[]{(recoveryAuthnCodesCredentialData.getTotalCodes() - recoveryAuthnCodesCredentialData.getRemainingCodes()) + "/" + recoveryAuthnCodesCredentialData.getTotalCodes()});
        } catch (IOException e) {
            logger.warn("unable to deserialize model information, skipping messages", e);
        }
        credentialMetadata.setCredentialModel(recoveryAuthnCodesCredentialModel);
        return credentialMetadata;
    }

    public boolean supportsCredentialType(String str) {
        return getType().equals(str);
    }

    public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String str) {
        return userModel.credentialManager().getStoredCredentialsByTypeStream(str).anyMatch((v0) -> {
            return Objects.nonNull(v0);
        });
    }

    public boolean isValid(RealmModel realmModel, UserModel userModel, CredentialInput credentialInput) {
        String challengeResponse = credentialInput.getChallengeResponse();
        Optional findFirst = userModel.credentialManager().getStoredCredentialsByTypeStream(getType()).findFirst();
        if (!findFirst.isPresent()) {
            return false;
        }
        RecoveryAuthnCodesCredentialModel createFromCredentialModel = RecoveryAuthnCodesCredentialModel.createFromCredentialModel((CredentialModel) findFirst.get());
        if (createFromCredentialModel.allCodesUsed()) {
            return false;
        }
        Optional nextRecoveryAuthnCode = createFromCredentialModel.getNextRecoveryAuthnCode();
        if (!nextRecoveryAuthnCode.isPresent() || !RecoveryAuthnCodesUtils.verifyRecoveryCodeInput(challengeResponse, ((RecoveryAuthnCodeRepresentation) nextRecoveryAuthnCode.get()).getEncodedHashedValue())) {
            return false;
        }
        createFromCredentialModel.removeRecoveryAuthnCode();
        userModel.credentialManager().updateStoredCredential(createFromCredentialModel);
        return true;
    }

    protected int getWarningThreshold() {
        return this.session.getContext().getRealm().getPasswordPolicy().getRecoveryCodesWarningThreshold();
    }
}
