package io.phasetwo.service.auth;

import io.phasetwo.service.auth.action.PortalLinkActionTokenHandler;
import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.TokenVerifier;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.common.VerificationException;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:io/phasetwo/service/auth/PortalLinkAuthenticator.class */
public class PortalLinkAuthenticator implements Authenticator {
    private static final Logger log = Logger.getLogger(PortalLinkAuthenticator.class);
    private final KeycloakSession session;

    public PortalLinkAuthenticator(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        AuthenticationSessionModel authenticationSession = authenticationFlowContext.getAuthenticationSession();
        RealmModel realm = authenticationFlowContext.getRealm();
        String authNote = authenticationSession.getAuthNote(PortalLinkActionTokenHandler.ORIGINAL_ACTION_TOKEN);
        log.infof("Got token string from auth note (%s): %s", PortalLinkActionTokenHandler.ORIGINAL_ACTION_TOKEN, authNote);
        if (authNote == null) {
            authenticationFlowContext.attempted();
            return;
        }
        try {
            JsonWebToken token = TokenVerifier.create(authNote, JsonWebToken.class).getToken();
            log.infof("found user %s in token", token.getSubject());
            authenticationFlowContext.setUser(this.session.users().getUserById(realm, token.getSubject()));
            authenticationFlowContext.success();
        } catch (VerificationException e) {
            log.error("Error handling action token", e);
            authenticationFlowContext.failure(AuthenticationFlowError.INTERNAL_ERROR, authenticationFlowContext.form().setError("invalidParameterMessage", new Object[0]).createErrorPage(Response.Status.INTERNAL_SERVER_ERROR));
        }
        authenticationFlowContext.attempted();
    }

    public boolean requiresUser() {
        return false;
    }

    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    public void action(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.success();
    }

    public void close() {
    }
}
