package org.picketlink.idm.credential.internal;

import java.util.Date;
import java.util.Iterator;
import org.picketlink.common.util.Base64;
import org.picketlink.common.util.StringUtil;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Digest;
import org.picketlink.idm.credential.DigestCredentials;
import org.picketlink.idm.credential.spi.CredentialHandler;
import org.picketlink.idm.credential.spi.annotations.SupportsCredentials;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.SecurityContext;

@SupportsCredentials({DigestCredentials.class, Digest.class})
/* loaded from: input_file:org/picketlink/idm/credential/internal/DigestCredentialHandler.class */
public class DigestCredentialHandler<S, V, U> implements CredentialHandler<CredentialStore<?>, DigestCredentials, Digest> {
    public void setup(CredentialStore<?> credentialStore) {
    }

    public void validate(SecurityContext securityContext, DigestCredentials digestCredentials, CredentialStore<?> credentialStore) {
        if (!DigestCredentials.class.isInstance(digestCredentials)) {
            throw IDMMessages.MESSAGES.credentialUnsupportedType(digestCredentials.getClass(), this);
        }
        digestCredentials.setStatus(Credentials.Status.INVALID);
        digestCredentials.setValidatedAgent((Agent) null);
        Digest digest = digestCredentials.getDigest();
        Agent agent = credentialStore.getAgent(securityContext, digest.getUsername());
        if (agent != null) {
            if (agent.isEnabled()) {
                DigestCredentialStorage digestCredentialStorage = null;
                Iterator it = credentialStore.retrieveCredentials(securityContext, agent, DigestCredentialStorage.class).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    DigestCredentialStorage digestCredentialStorage2 = (DigestCredentialStorage) it.next();
                    if (digestCredentialStorage2.getRealm().equals(digest.getRealm()) && CredentialUtils.isCurrentCredential(digestCredentialStorage2)) {
                        digestCredentialStorage = digestCredentialStorage2;
                        break;
                    }
                }
                if (digestCredentialStorage != null) {
                    if (digest.getMethod() == null || digest.getUri() == null) {
                        if (String.valueOf(Base64.encodeBytes(digestCredentialStorage.getHa1())).equals(digest.getDigest())) {
                            digestCredentials.setStatus(Credentials.Status.VALID);
                        }
                    } else if (DigestUtil.calculateDigest(digest, digestCredentialStorage.getHa1(), DigestUtil.calculateA2(digest.getMethod(), digest.getUri())).equals(digest.getDigest())) {
                        digestCredentials.setStatus(Credentials.Status.VALID);
                    }
                } else if (CredentialUtils.isLastCredentialExpired(securityContext, agent, credentialStore, DigestCredentialStorage.class)) {
                    digestCredentials.setStatus(Credentials.Status.EXPIRED);
                }
            } else {
                digestCredentials.setStatus(Credentials.Status.AGENT_DISABLED);
            }
            if (digestCredentials.getStatus().equals(Credentials.Status.VALID)) {
                digestCredentials.setValidatedAgent(agent);
            }
        }
    }

    public void update(SecurityContext securityContext, Agent agent, Digest digest, CredentialStore<?> credentialStore, Date date, Date date2) {
        if (StringUtil.isNullOrEmpty(digest.getRealm())) {
            throw IDMMessages.MESSAGES.credentialDigestInvalidRealm();
        }
        if (StringUtil.isNullOrEmpty(digest.getPassword())) {
            throw IDMMessages.MESSAGES.credentialInvalidPassword();
        }
        DigestCredentialStorage digestCredentialStorage = new DigestCredentialStorage(DigestUtil.calculateA1(agent.getLoginName(), digest.getRealm(), digest.getPassword().toCharArray()), digest.getRealm());
        digestCredentialStorage.setEffectiveDate(date);
        digestCredentialStorage.setExpiryDate(date2);
        credentialStore.storeCredential(securityContext, agent, digestCredentialStorage);
    }
}
