package org.keycloak.services.resources.account;

import java.io.IOException;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.keycloak.credential.CredentialInput;
import org.keycloak.credential.CredentialProvider;
import org.keycloak.credential.PasswordCredentialProviderFactory;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.PasswordCredentialModel;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.managers.Auth;
import org.keycloak.services.messages.Messages;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/services/resources/account/AccountCredentialResource.class */
public class AccountCredentialResource {
    private final KeycloakSession session;
    private final EventBuilder event;
    private final UserModel user;
    private final RealmModel realm;
    private Auth auth;

    /* loaded from: input_file:org/keycloak/services/resources/account/AccountCredentialResource$PasswordDetails.class */
    public static class PasswordDetails {
        private boolean registered;
        private long lastUpdate;

        public boolean isRegistered() {
            return this.registered;
        }

        public void setRegistered(boolean z) {
            this.registered = z;
        }

        public long getLastUpdate() {
            return this.lastUpdate;
        }

        public void setLastUpdate(long j) {
            this.lastUpdate = j;
        }
    }

    /* loaded from: input_file:org/keycloak/services/resources/account/AccountCredentialResource$PasswordUpdate.class */
    public static class PasswordUpdate {
        private String currentPassword;
        private String newPassword;
        private String confirmation;

        public String getCurrentPassword() {
            return this.currentPassword;
        }

        public void setCurrentPassword(String str) {
            this.currentPassword = str;
        }

        public String getNewPassword() {
            return this.newPassword;
        }

        public void setNewPassword(String str) {
            this.newPassword = str;
        }

        public String getConfirmation() {
            return this.confirmation;
        }

        public void setConfirmation(String str) {
            this.confirmation = str;
        }
    }

    public AccountCredentialResource(KeycloakSession keycloakSession, EventBuilder eventBuilder, UserModel userModel, Auth auth) {
        this.session = keycloakSession;
        this.event = eventBuilder;
        this.user = userModel;
        this.auth = auth;
        this.realm = keycloakSession.getContext().getRealm();
    }

    @GET
    @Produces({MediaType.APPLICATION_JSON})
    @Path("password")
    public PasswordDetails passwordDetails() throws IOException {
        this.auth.requireOneOf("manage-account", "view-profile");
        PasswordCredentialModel password = this.session.getProvider(CredentialProvider.class, PasswordCredentialProviderFactory.PROVIDER_ID).getPassword(this.realm, this.user);
        PasswordDetails passwordDetails = new PasswordDetails();
        if (password != null) {
            passwordDetails.setRegistered(true);
            passwordDetails.setLastUpdate(password.getCreatedDate().longValue());
        } else {
            passwordDetails.setRegistered(false);
        }
        return passwordDetails;
    }

    @POST
    @Path("password")
    @Consumes({MediaType.APPLICATION_JSON})
    public Response passwordUpdate(PasswordUpdate passwordUpdate) {
        this.auth.require("manage-account");
        this.event.event(EventType.UPDATE_PASSWORD);
        if (!this.session.userCredentialManager().isValid(this.realm, this.user, new CredentialInput[]{UserCredentialModel.password(passwordUpdate.getCurrentPassword())})) {
            this.event.error("invalid_user_credentials");
            return ErrorResponse.error(Messages.INVALID_PASSWORD_EXISTING, Response.Status.BAD_REQUEST);
        }
        if (passwordUpdate.getNewPassword() == null) {
            return ErrorResponse.error(Messages.INVALID_PASSWORD_EXISTING, Response.Status.BAD_REQUEST);
        }
        String confirmation = passwordUpdate.getConfirmation();
        if (confirmation != null && !passwordUpdate.getNewPassword().equals(confirmation)) {
            return ErrorResponse.error(Messages.NOTMATCH_PASSWORD, Response.Status.BAD_REQUEST);
        }
        try {
            this.session.userCredentialManager().updateCredential(this.realm, this.user, UserCredentialModel.password(passwordUpdate.getNewPassword(), false));
            return Response.ok().build();
        } catch (ModelException e) {
            return ErrorResponse.error(e.getMessage(), e.getParameters(), Response.Status.BAD_REQUEST);
        }
    }
}
