package org.keycloak.authentication.authenticators.cli;

import java.net.URI;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-11.0.2.jar:org/keycloak/authentication/authenticators/cli/CliUsernamePasswordAuthenticator.class */
public class CliUsernamePasswordAuthenticator extends AbstractUsernameFormAuthenticator implements Authenticator {
    @Override // org.keycloak.authentication.Authenticator
    public boolean requiresUser() {
        return false;
    }

    @Override // org.keycloak.authentication.Authenticator
    public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
        authenticationFlowContext.challenge(authenticationFlowContext.form().setStatus(Response.Status.UNAUTHORIZED).setMediaType(MediaType.TEXT_PLAIN_TYPE).setResponseHeader("WWW-Authenticate", getHeader(authenticationFlowContext)).createForm("cli_splash.ftl"));
    }

    private String getHeader(AuthenticationFlowContext authenticationFlowContext) {
        return "X-Text-Form-Challenge callback=\"" + getCallbackUrl(authenticationFlowContext) + "\" param=\"username\" label=\"Username: \" mask=false param=\"password\" label=\"Password: \" mask=true";
    }

    private URI getCallbackUrl(AuthenticationFlowContext authenticationFlowContext) {
        return authenticationFlowContext.getActionUrl(authenticationFlowContext.generateAccessCode(), true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
    public Response challenge(AuthenticationFlowContext authenticationFlowContext, String str) {
        return Response.status(401).type(MediaType.TEXT_PLAIN_TYPE).header("WWW-Authenticate", getHeader(authenticationFlowContext)).entity("\n" + authenticationFlowContext.form().getMessage(str) + "\n").build();
    }

    @Override // org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator
    protected Response setDuplicateUserChallenge(AuthenticationFlowContext authenticationFlowContext, String str, String str2, AuthenticationFlowError authenticationFlowError) {
        authenticationFlowContext.getEvent().error(str);
        Response build = Response.status(401).type(MediaType.TEXT_PLAIN_TYPE).header("WWW-Authenticate", getHeader(authenticationFlowContext)).entity("\n" + authenticationFlowContext.form().getMessage(str2) + "\n").build();
        authenticationFlowContext.failureChallenge(authenticationFlowError, build);
        return build;
    }

    @Override // org.keycloak.authentication.authenticators.browser.AbstractUsernameFormAuthenticator, org.keycloak.authentication.Authenticator
    public void action(AuthenticationFlowContext authenticationFlowContext) {
        if (validateUserAndPassword(authenticationFlowContext, authenticationFlowContext.getHttpRequest().getDecodedFormParameters())) {
            authenticationFlowContext.success();
        }
    }

    @Override // org.keycloak.authentication.Authenticator
    public boolean configuredFor(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
        return true;
    }

    @Override // org.keycloak.authentication.Authenticator
    public void setRequiredActions(KeycloakSession keycloakSession, RealmModel realmModel, UserModel userModel) {
    }

    @Override // org.keycloak.authentication.AbstractFormAuthenticator, org.keycloak.provider.Provider
    public void close() {
    }
}
