package org.keycloak.authentication.forms;

import jakarta.ws.rs.core.MultivaluedMap;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.authentication.FormAction;
import org.keycloak.authentication.FormActionFactory;
import org.keycloak.authentication.FormContext;
import org.keycloak.authentication.ValidationContext;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.FormMessage;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.validation.Validation;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/authentication/forms/AbstractRegistrationRecaptcha.class */
public abstract class AbstractRegistrationRecaptcha implements FormAction, FormActionFactory {
    public static final String G_RECAPTCHA_RESPONSE = "g-recaptcha-response";
    public static final String RECAPTCHA_REFERENCE_CATEGORY = "recaptcha";
    public static final String SITE_KEY = "site.key";
    public static final String ACTION = "action";
    public static final String INVISIBLE = "recaptcha.v3";
    public static final String USE_RECAPTCHA_NET = "useRecaptchaNet";
    private static final Logger LOGGER = Logger.getLogger(AbstractRegistrationRecaptcha.class);

    public String getReferenceCategory() {
        return RECAPTCHA_REFERENCE_CATEGORY;
    }

    public boolean isConfigurable() {
        return true;
    }

    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[]{AuthenticationExecutionModel.Requirement.REQUIRED, AuthenticationExecutionModel.Requirement.DISABLED};
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRecaptchaDomain(Map<String, String> map) {
        return Boolean.parseBoolean(map.get(USE_RECAPTCHA_NET)) ? "recaptcha.net" : "google.com";
    }

    public void buildPage(FormContext formContext, LoginFormsProvider loginFormsProvider) {
        LOGGER.trace("Building page with reCAPTCHA");
        Map<String, String> config = formContext.getAuthenticatorConfig().getConfig();
        if (config == null) {
            loginFormsProvider.addError(new FormMessage((String) null, Messages.RECAPTCHA_NOT_CONFIGURED));
            return;
        }
        if (!validateConfig(config)) {
            loginFormsProvider.addError(new FormMessage((String) null, Messages.RECAPTCHA_NOT_CONFIGURED));
            return;
        }
        String languageTag = formContext.getSession().getContext().resolveLocale(formContext.getUser()).toLanguageTag();
        boolean parseBoolean = Boolean.parseBoolean(config.get(INVISIBLE));
        String str = StringUtil.isNullOrEmpty(config.get(ACTION)) ? "register" : config.get(ACTION);
        loginFormsProvider.setAttribute("recaptchaRequired", true);
        loginFormsProvider.setAttribute("recaptchaSiteKey", config.get(SITE_KEY));
        loginFormsProvider.setAttribute("recaptchaAction", str);
        loginFormsProvider.setAttribute("recaptchaVisible", Boolean.valueOf(!parseBoolean));
        loginFormsProvider.addScript(getScriptUrl(config, languageTag));
    }

    protected abstract String getScriptUrl(Map<String, String> map, String str);

    protected abstract boolean validateConfig(Map<String, String> map);

    public void validate(ValidationContext validationContext) {
        MultivaluedMap decodedFormParameters = validationContext.getHttpRequest().getDecodedFormParameters();
        String str = (String) decodedFormParameters.getFirst("g-recaptcha-response");
        LOGGER.trace("Got captcha: " + str);
        Map<String, String> config = validationContext.getAuthenticatorConfig().getConfig();
        if (!Validation.isBlank(str) && validate(validationContext, str, config)) {
            validationContext.success();
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new FormMessage((String) null, Messages.RECAPTCHA_FAILED));
        decodedFormParameters.remove("g-recaptcha-response");
        validationContext.error("invalid_registration");
        validationContext.validationError(decodedFormParameters, arrayList);
        validationContext.excludeOtherErrors();
    }

    protected abstract boolean validate(ValidationContext validationContext, String str, Map<String, String> map);

    public void success(FormContext formContext) {
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public boolean isUserSetupAllowed() {
        return false;
    }

    public void close() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public FormAction m109create(KeycloakSession keycloakSession) {
        return this;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return ProviderConfigurationBuilder.create().property().name(ACTION).label("Action Name").helpText("A meaningful name for this reCAPTCHA context (e.g. login, register). An action name can only contain alphanumeric characters, slashes and underscores and is not case-sensitive.").type("String").defaultValue("register").add().property().name(USE_RECAPTCHA_NET).label("Use recaptcha.net").helpText("Whether to use recaptcha.net instead of google.com, which may have other cookies set.").type("boolean").defaultValue(false).add().property().name(INVISIBLE).label("reCAPTCHA v3").helpText("Whether the site key belongs to a v3 (invisible, score-based reCAPTCHA) or v2 site (visible, checkbox-based).").type("boolean").defaultValue(false).add().build();
    }
}
