package org.keycloak.authentication.forms;

import jakarta.ws.rs.core.MultivaluedMap;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormActionFactory;
import org.keycloak.authentication.FormContext;
import org.keycloak.authentication.ValidationContext;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.provider.ConfiguredProvider;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/authentication/forms/RegistrationRecaptcha.class */
public class RegistrationRecaptcha implements FormAction, FormActionFactory, ConfiguredProvider {
    public static final String G_RECAPTCHA_RESPONSE = "g-recaptcha-response";
    public static final String RECAPTCHA_REFERENCE_CATEGORY = "recaptcha";
    public static final String SITE_KEY = "site.key";
    public static final String SITE_SECRET = "secret";
    public static final String USE_RECAPTCHA_NET = "useRecaptchaNet";
    public static final String PROVIDER_ID = "registration-recaptcha-action";
    private static final Logger logger = Logger.getLogger(RegistrationRecaptcha.class);
    private static AuthenticationExecutionModel.Requirement[] REQUIREMENT_CHOICES = {AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.DISABLED};
    private static final List<ProviderConfigProperty> CONFIG_PROPERTIES = new ArrayList();

    public String getDisplayType() {
        return "Recaptcha";
    }

    public String getReferenceCategory() {
        return RECAPTCHA_REFERENCE_CATEGORY;
    }

    public boolean isConfigurable() {
        return true;
    }

    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return REQUIREMENT_CHOICES;
    }

    public void buildPage(FormContext formContext, LoginFormsProvider loginFormsProvider) {
        AuthenticatorConfigModel authenticatorConfig = formContext.getAuthenticatorConfig();
        String languageTag = formContext.getSession().getContext().resolveLocale(formContext.getUser()).toLanguageTag();
        if (authenticatorConfig == null || authenticatorConfig.getConfig() == null || authenticatorConfig.getConfig().get(SITE_KEY) == null || authenticatorConfig.getConfig().get("secret") == null) {
            loginFormsProvider.addError(new FormMessage((String) null, Messages.RECAPTCHA_NOT_CONFIGURED));
            return;
        }
        String str = (String) authenticatorConfig.getConfig().get(SITE_KEY);
        loginFormsProvider.setAttribute("recaptchaRequired", true);
        loginFormsProvider.setAttribute("recaptchaSiteKey", str);
        loginFormsProvider.addScript("https://www." + getRecaptchaDomain(authenticatorConfig) + "/recaptcha/api.js?hl=" + languageTag);
    }

    public void validate(ValidationContext validationContext) {
        MultivaluedMap decodedFormParameters = validationContext.getHttpRequest().getDecodedFormParameters();
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        validationContext.getEvent().detail("register_method", "form");
        String str = (String) decodedFormParameters.getFirst(G_RECAPTCHA_RESPONSE);
        if (!Validation.isBlank(str)) {
            z = validateRecaptcha(validationContext, false, str, (String) validationContext.getAuthenticatorConfig().getConfig().get("secret"));
        }
        if (z) {
            validationContext.success();
            return;
        }
        arrayList.add(new FormMessage((String) null, Messages.RECAPTCHA_FAILED));
        decodedFormParameters.remove(G_RECAPTCHA_RESPONSE);
        validationContext.error("invalid_registration");
        validationContext.validationError(decodedFormParameters, arrayList);
        validationContext.excludeOtherErrors();
    }

    private String getRecaptchaDomain(AuthenticatorConfigModel authenticatorConfigModel) {
        return ((Boolean) Optional.ofNullable(authenticatorConfigModel).map(authenticatorConfigModel2 -> {
            return authenticatorConfigModel2.getConfig();
        }).map(map -> {
            return Boolean.valueOf((String) map.get(USE_RECAPTCHA_NET));
        }).orElse(false)).booleanValue() ? "recaptcha.net" : "google.com";
    }

    protected boolean validateRecaptcha(ValidationContext validationContext, boolean z, String str, String str2) {
        CloseableHttpClient httpClient = validationContext.getSession().getProvider(HttpClientProvider.class).getHttpClient();
        HttpPost httpPost = new HttpPost("https://www." + getRecaptchaDomain(validationContext.getAuthenticatorConfig()) + "/recaptcha/api/siteverify");
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("secret", str2));
        linkedList.add(new BasicNameValuePair("response", str));
        linkedList.add(new BasicNameValuePair("remoteip", validationContext.getConnection().getRemoteAddr()));
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
            CloseableHttpResponse execute = httpClient.execute(httpPost);
            try {
                try {
                    z = Boolean.TRUE.equals(((Map) JsonSerialization.readValue(execute.getEntity().getContent(), Map.class)).get("success"));
                    EntityUtils.consumeQuietly(execute.getEntity());
                    if (execute != null) {
                        execute.close();
                    }
                } catch (Throwable th) {
                    EntityUtils.consumeQuietly(execute.getEntity());
                    throw th;
                }
            } finally {
            }
        } catch (Exception e) {
            ServicesLogger.LOGGER.recaptchaFailed(e);
        }
        return z;
    }

    public void success(FormContext formContext) {
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public boolean isUserSetupAllowed() {
        return false;
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public FormAction m114create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public String getHelpText() {
        return "Adds Google Recaptcha button.  Recaptchas verify that the entity that is registering is a human.  This can only be used on the internet and must be configured after you add it.";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return CONFIG_PROPERTIES;
    }

    static {
        ProviderConfigProperty providerConfigProperty = new ProviderConfigProperty();
        providerConfigProperty.setName(SITE_KEY);
        providerConfigProperty.setLabel("Recaptcha Site Key");
        providerConfigProperty.setType("String");
        providerConfigProperty.setHelpText("Google Recaptcha Site Key");
        CONFIG_PROPERTIES.add(providerConfigProperty);
        ProviderConfigProperty providerConfigProperty2 = new ProviderConfigProperty();
        providerConfigProperty2.setName("secret");
        providerConfigProperty2.setLabel("Recaptcha Secret");
        providerConfigProperty2.setType("String");
        providerConfigProperty2.setHelpText("Google Recaptcha Secret");
        CONFIG_PROPERTIES.add(providerConfigProperty2);
        ProviderConfigProperty providerConfigProperty3 = new ProviderConfigProperty();
        providerConfigProperty3.setName(USE_RECAPTCHA_NET);
        providerConfigProperty3.setLabel("use recaptcha.net");
        providerConfigProperty3.setType("boolean");
        providerConfigProperty3.setHelpText("Use recaptcha.net? (or else google.com)");
        CONFIG_PROPERTIES.add(providerConfigProperty3);
    }
}
