package io.phasetwo.service.auth.action;

import io.phasetwo.service.Orgs;
import jakarta.ws.rs.core.Response;
import org.jboss.logging.Logger;
import org.keycloak.authentication.actiontoken.AbstractActionTokenHandler;
import org.keycloak.authentication.actiontoken.ActionTokenContext;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.ClientModel;
import org.keycloak.protocol.oidc.utils.RedirectUtils;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.sessions.AuthenticationSessionModel;

/* loaded from: input_file:io/phasetwo/service/auth/action/PortalLinkActionTokenHandler.class */
public class PortalLinkActionTokenHandler extends AbstractActionTokenHandler<PortalLinkActionToken> {
    private static final Logger log = Logger.getLogger(PortalLinkActionTokenHandler.class);
    public static final String ORIGINAL_ACTION_TOKEN = "ORIGINAL_ACTION_TOKEN";

    public PortalLinkActionTokenHandler() {
        super("org-portal-link", PortalLinkActionToken.class, "invalidRequestMessage", EventType.EXECUTE_ACTION_TOKEN, "invalid_request");
    }

    public AuthenticationSessionModel startFreshAuthenticationSession(PortalLinkActionToken portalLinkActionToken, ActionTokenContext<PortalLinkActionToken> actionTokenContext) {
        return actionTokenContext.createAuthenticationSessionForClient(portalLinkActionToken.getIssuedFor());
    }

    public Response handleToken(PortalLinkActionToken portalLinkActionToken, ActionTokenContext<PortalLinkActionToken> actionTokenContext) {
        EventBuilder event = actionTokenContext.getEvent();
        log.infof("handleToken for iss:%s, org:%s, user:%s, rdu:%s", new Object[]{portalLinkActionToken.getIssuedFor(), portalLinkActionToken.getOrgId(), portalLinkActionToken.getUserId(), portalLinkActionToken.getRedirectUri()});
        actionTokenContext.getAuthenticationSession().getAuthenticatedUser();
        AuthenticationSessionModel authenticationSession = actionTokenContext.getAuthenticationSession();
        ClientModel client = authenticationSession.getClient();
        String redirectUri = portalLinkActionToken.getRedirectUri() != null ? portalLinkActionToken.getRedirectUri() : ResolveRelative.resolveRelativeUri(actionTokenContext.getSession(), client.getRootUrl(), client.getBaseUrl());
        log.infof("Using client_id %s redirect_uri %s", client.getClientId(), redirectUri);
        String verifyRedirectUri = RedirectUtils.verifyRedirectUri(actionTokenContext.getSession(), redirectUri, authenticationSession.getClient());
        log.infof("Redirect after verify %s -> %s", redirectUri, verifyRedirectUri);
        if (verifyRedirectUri != null) {
            authenticationSession.setAuthNote("SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS", "true");
            authenticationSession.setRedirectUri(verifyRedirectUri);
            authenticationSession.setClientNote("redirect_uri", redirectUri);
        }
        authenticationSession.setUserSessionNote(Orgs.FIELD_ORG_ID, portalLinkActionToken.getOrgId());
        event.detail(Orgs.FIELD_ORG_ID, portalLinkActionToken.getOrgId()).success();
        return AuthenticationManager.redirectToRequiredActions(actionTokenContext.getSession(), actionTokenContext.getRealm(), authenticationSession, actionTokenContext.getUriInfo(), AuthenticationManager.nextRequiredAction(actionTokenContext.getSession(), authenticationSession, actionTokenContext.getRequest(), actionTokenContext.getEvent()));
    }

    public /* bridge */ /* synthetic */ AuthenticationSessionModel startFreshAuthenticationSession(JsonWebToken jsonWebToken, ActionTokenContext actionTokenContext) {
        return startFreshAuthenticationSession((PortalLinkActionToken) jsonWebToken, (ActionTokenContext<PortalLinkActionToken>) actionTokenContext);
    }

    public /* bridge */ /* synthetic */ Response handleToken(JsonWebToken jsonWebToken, ActionTokenContext actionTokenContext) {
        return handleToken((PortalLinkActionToken) jsonWebToken, (ActionTokenContext<PortalLinkActionToken>) actionTokenContext);
    }
}
