package org.keycloak.authentication.requiredactions;

import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import org.keycloak.Config;
import org.keycloak.authentication.CredentialAction;
import org.keycloak.authentication.InitiatedActionSupport;
import org.keycloak.authentication.RequiredActionContext;
import org.keycloak.authentication.RequiredActionFactory;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.authentication.authenticators.util.AcrStore;
import org.keycloak.authentication.requiredactions.util.CredentialDeleteHelper;
import org.keycloak.credential.CredentialModel;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.UserModel;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/authentication/requiredactions/DeleteCredentialAction.class */
public class DeleteCredentialAction implements RequiredActionProvider, RequiredActionFactory, CredentialAction {
    public static final String PROVIDER_ID = "delete_credential";

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public RequiredActionProvider m122create(KeycloakSession keycloakSession) {
        return this;
    }

    public InitiatedActionSupport initiatedActionSupport() {
        return InitiatedActionSupport.SUPPORTED;
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public String getId() {
        return PROVIDER_ID;
    }

    public void evaluateTriggers(RequiredActionContext requiredActionContext) {
    }

    public String getCredentialType(KeycloakSession keycloakSession, AuthenticationSessionModel authenticationSessionModel) {
        UserModel authenticatedUser;
        String clientNote = authenticationSessionModel.getClientNote("kc_action_parameter");
        if (clientNote == null || (authenticatedUser = authenticationSessionModel.getAuthenticatedUser()) == null) {
            return null;
        }
        CredentialModel storedCredentialById = authenticatedUser.credentialManager().getStoredCredentialById(clientNote);
        if (storedCredentialById != null) {
            return storedCredentialById.getType();
        }
        if (clientNote.endsWith("-id")) {
            return clientNote.substring(0, clientNote.length() - 3);
        }
        return null;
    }

    public void requiredActionChallenge(RequiredActionContext requiredActionContext) {
        String userLabel;
        String clientNote = requiredActionContext.getAuthenticationSession().getClientNote("kc_action_parameter");
        UserModel user = requiredActionContext.getUser();
        if (clientNote == null) {
            requiredActionContext.getEvent().error("missing_credential_id");
            requiredActionContext.ignore();
            return;
        }
        CredentialModel storedCredentialById = user.credentialManager().getStoredCredentialById(clientNote);
        if (storedCredentialById != null) {
            userLabel = StringUtil.isNotBlank(storedCredentialById.getUserLabel()) ? storedCredentialById.getUserLabel() : storedCredentialById.getType();
        } else {
            if (!clientNote.endsWith("-id")) {
                requiredActionContext.getEvent().detail("credential_id", clientNote).error("credential_not_found");
                requiredActionContext.ignore();
                return;
            }
            userLabel = clientNote.substring(0, clientNote.length() - 3);
        }
        requiredActionContext.challenge(requiredActionContext.form().setAttribute("credentialLabel", userLabel).createForm("delete-credential.ftl"));
    }

    private void setupEvent(CredentialModel credentialModel, EventBuilder eventBuilder) {
        if (credentialModel != null) {
            if ("otp".equals(credentialModel.getType())) {
                eventBuilder.event(EventType.REMOVE_TOTP);
            }
            eventBuilder.detail("credential_type", credentialModel.getType()).detail("credential_id", credentialModel.getId()).detail("credential_user_label", credentialModel.getUserLabel());
        }
    }

    public void processAction(RequiredActionContext requiredActionContext) {
        EventBuilder event = requiredActionContext.getEvent();
        String clientNote = requiredActionContext.getAuthenticationSession().getClientNote("kc_action_parameter");
        setupEvent(requiredActionContext.getUser().credentialManager().getStoredCredentialById(clientNote), event);
        try {
            CredentialDeleteHelper.removeCredential(requiredActionContext.getSession(), requiredActionContext.getUser(), clientNote, () -> {
                return Integer.valueOf(getCurrentLoa(requiredActionContext.getSession(), requiredActionContext.getAuthenticationSession()));
            });
            requiredActionContext.success();
        } catch (WebApplicationException e) {
            Response createErrorPage = requiredActionContext.getSession().getProvider(LoginFormsProvider.class).setAuthenticationSession(requiredActionContext.getAuthenticationSession()).setUser(requiredActionContext.getUser()).setError(e.getMessage(), new Object[0]).createErrorPage(Response.Status.BAD_REQUEST);
            event.detail("reason", e.getMessage()).error("delete_credential_failed");
            requiredActionContext.challenge(createErrorPage);
        }
    }

    private int getCurrentLoa(KeycloakSession keycloakSession, AuthenticationSessionModel authenticationSessionModel) {
        return new AcrStore(keycloakSession, authenticationSessionModel).getLevelOfAuthenticationFromCurrentAuthentication();
    }

    public String getDisplayText() {
        return "Delete Credential";
    }

    public void close() {
    }
}
