package org.keycloak.authentication.forms;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.util.EntityUtils;
import org.jboss.logging.Logger;
import org.keycloak.authentication.ValidationContext;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.services.ServicesLogger;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/authentication/forms/RegistrationRecaptchaEnterprise.class */
public class RegistrationRecaptchaEnterprise extends AbstractRegistrationRecaptcha {
    public static final String PROVIDER_ID = "registration-recaptcha-enterprise";
    public static final String PROJECT_ID = "project.id";
    public static final String API_KEY = "api.key";
    public static final String SCORE_THRESHOLD = "score.threshold";
    private static final Logger LOGGER = Logger.getLogger(RegistrationRecaptchaEnterprise.class);

    public String getDisplayType() {
        return "reCAPTCHA Enterprise";
    }

    public String getHelpText() {
        return "Adds Google reCAPTCHA Enterprise to the form.";
    }

    public String getId() {
        return PROVIDER_ID;
    }

    @Override // org.keycloak.authentication.forms.AbstractRegistrationRecaptcha
    protected boolean validateConfig(Map<String, String> map) {
        return (Stream.of((Object[]) new String[]{PROJECT_ID, AbstractRegistrationRecaptcha.SITE_KEY, API_KEY, AbstractRegistrationRecaptcha.ACTION}).anyMatch(str -> {
            return StringUtil.isNullOrEmpty((String) map.get(str));
        }) || parseDoubleFromConfig(map, SCORE_THRESHOLD) == null) ? false : true;
    }

    @Override // org.keycloak.authentication.forms.AbstractRegistrationRecaptcha
    protected String getScriptUrl(Map<String, String> map, String str) {
        return "https://www." + getRecaptchaDomain(map) + "/recaptcha/enterprise.js?hl=" + str;
    }

    @Override // org.keycloak.authentication.forms.AbstractRegistrationRecaptcha
    protected boolean validate(ValidationContext validationContext, String str, Map<String, String> map) {
        LOGGER.trace("Requesting assessment of Google reCAPTCHA Enterprise");
        try {
            HttpResponse execute = validationContext.getSession().getProvider(HttpClientProvider.class).getHttpClient().execute(buildAssessmentRequest(str, map));
            if (execute.getStatusLine().getStatusCode() != 200) {
                LOGGER.errorf("Could not create reCAPTCHA assessment: %s", execute.getStatusLine());
                EntityUtils.consumeQuietly(execute.getEntity());
                throw new Exception(execute.getStatusLine().getReasonPhrase());
            }
            RecaptchaAssessmentResponse recaptchaAssessmentResponse = (RecaptchaAssessmentResponse) JsonSerialization.readValue(execute.getEntity().getContent(), RecaptchaAssessmentResponse.class);
            LOGGER.tracef("Got assessment response: %s", recaptchaAssessmentResponse);
            String action = recaptchaAssessmentResponse.getTokenProperties().getAction();
            String expectedAction = recaptchaAssessmentResponse.getEvent().getExpectedAction();
            if (!action.equals(expectedAction)) {
                LOGGER.warnf("The action name of the reCAPTCHA token '%s' does not match the expected action '%s'!", action, expectedAction);
                return false;
            }
            boolean isValid = recaptchaAssessmentResponse.getTokenProperties().isValid();
            double score = recaptchaAssessmentResponse.getRiskAnalysis().getScore();
            LOGGER.debugf("reCAPTCHA assessment: valid=%s, score=%f", Boolean.valueOf(isValid), Double.valueOf(score));
            return isValid && score >= parseDoubleFromConfig(map, SCORE_THRESHOLD).doubleValue();
        } catch (Exception e) {
            ServicesLogger.LOGGER.recaptchaFailed(e);
            return false;
        }
    }

    private HttpPost buildAssessmentRequest(String str, Map<String, String> map) throws IOException {
        HttpPost httpPost = new HttpPost(String.format("https://recaptchaenterprise.googleapis.com/v1/projects/%s/assessments?key=%s", map.get(PROJECT_ID), map.get(API_KEY)));
        RecaptchaAssessmentRequest recaptchaAssessmentRequest = new RecaptchaAssessmentRequest(str, map.get(AbstractRegistrationRecaptcha.SITE_KEY), map.get(AbstractRegistrationRecaptcha.ACTION));
        httpPost.setEntity(new StringEntity(JsonSerialization.writeValueAsString(recaptchaAssessmentRequest)));
        httpPost.setHeader("Content-type", "application/json; charset=utf-8");
        LOGGER.tracef("Built assessment request: %s", recaptchaAssessmentRequest);
        return httpPost;
    }

    @Override // org.keycloak.authentication.forms.AbstractRegistrationRecaptcha
    public List<ProviderConfigProperty> getConfigProperties() {
        List<ProviderConfigProperty> build = ProviderConfigurationBuilder.create().property().name(PROJECT_ID).label("Project ID").helpText("Project ID the site key belongs to.").type("String").add().property().name(AbstractRegistrationRecaptcha.SITE_KEY).label("reCAPTCHA Site Key").helpText("The site key.").type("String").add().property().name(API_KEY).label("Google API Key").helpText("An API key with the reCAPTCHA Enterprise API enabled in the given project ID.").type("String").secret(true).add().property().name(SCORE_THRESHOLD).label("Min. Score Threshold").helpText("The minimum score threshold for considering the reCAPTCHA valid (inclusive). Must be a valid double between 0.0 and 1.0.").type("String").defaultValue("0.7").add().build();
        build.addAll(super.getConfigProperties());
        return build;
    }

    private Double parseDoubleFromConfig(Map<String, String> map, String str) {
        String orDefault = map.getOrDefault(str, "");
        try {
            return Double.valueOf(Double.parseDouble(orDefault));
        } catch (NumberFormatException e) {
            LOGGER.warnf("Could not parse config %s as double: '%s'", str, orDefault);
            return null;
        }
    }
}
