package org.picketlink.idm.credential.internal;

import java.util.Date;
import org.picketlink.common.util.StringUtil;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.TOTPCredential;
import org.picketlink.idm.credential.TOTPCredentials;
import org.picketlink.idm.credential.spi.annotations.SupportsCredentials;
import org.picketlink.idm.credential.totp.TimeBasedOTP;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.SecurityContext;

@SupportsCredentials({TOTPCredentials.class, TOTPCredential.class})
/* loaded from: input_file:org/picketlink/idm/credential/internal/TOTPCredentialHandler.class */
public class TOTPCredentialHandler extends PasswordCredentialHandler<CredentialStore<?>, TOTPCredentials, TOTPCredential> {
    public static final String ALGORITHM = "ALGORITHM";
    public static final String INTERVAL_SECONDS = "INTERVAL_SECONDS";
    public static final String NUMBER_DIGITS = "NUMBER_DIGITS";
    public static final String DELAY_WINDOW = "DELAY_WINDOW";
    public static final String DEFAULT_DEVICE = "DEFAULT_DEVICE";
    private TimeBasedOTP totp;

    @Override // org.picketlink.idm.credential.internal.PasswordCredentialHandler
    public void setup(CredentialStore<?> credentialStore) {
        super.setup((TOTPCredentialHandler) credentialStore);
        String configurationProperty = getConfigurationProperty(credentialStore, ALGORITHM, "HmacSHA1");
        String configurationProperty2 = getConfigurationProperty(credentialStore, INTERVAL_SECONDS, "30");
        this.totp = new TimeBasedOTP(configurationProperty, Integer.parseInt(getConfigurationProperty(credentialStore, NUMBER_DIGITS, "6")), Integer.valueOf(configurationProperty2).intValue(), Integer.valueOf(getConfigurationProperty(credentialStore, DELAY_WINDOW, "1")).intValue());
    }

    @Override // org.picketlink.idm.credential.internal.PasswordCredentialHandler
    public void validate(SecurityContext securityContext, TOTPCredentials tOTPCredentials, CredentialStore<?> credentialStore) {
        super.validate(securityContext, (SecurityContext) tOTPCredentials, (TOTPCredentials) credentialStore);
        boolean z = false;
        if (Credentials.Status.VALID.equals(tOTPCredentials.getStatus())) {
            OTPCredentialStorage oTPCredentialStorage = null;
            String device = getDevice(tOTPCredentials.getDevice());
            for (OTPCredentialStorage oTPCredentialStorage2 : credentialStore.retrieveCredentials(securityContext, tOTPCredentials.getValidatedAgent(), OTPCredentialStorage.class)) {
                if (oTPCredentialStorage2.getDevice().equals(device) && CredentialUtils.isCurrentCredential(oTPCredentialStorage2) && (oTPCredentialStorage == null || oTPCredentialStorage.getEffectiveDate().compareTo(oTPCredentialStorage2.getEffectiveDate()) <= 0)) {
                    oTPCredentialStorage = oTPCredentialStorage2;
                }
            }
            if (oTPCredentialStorage != null) {
                z = this.totp.validate(tOTPCredentials.getToken(), oTPCredentialStorage.getSecretKey().getBytes());
            }
        }
        if (z) {
            return;
        }
        tOTPCredentials.setStatus(Credentials.Status.INVALID);
        tOTPCredentials.setValidatedAgent((Agent) null);
    }

    @Override // org.picketlink.idm.credential.internal.PasswordCredentialHandler
    public void update(SecurityContext securityContext, Agent agent, TOTPCredential tOTPCredential, CredentialStore<?> credentialStore, Date date, Date date2) {
        if (tOTPCredential.getValue() != null && tOTPCredential.getValue().length > 0) {
            super.update(securityContext, agent, (Agent) tOTPCredential, (TOTPCredential) credentialStore, date, date2);
        }
        OTPCredentialStorage oTPCredentialStorage = new OTPCredentialStorage();
        oTPCredentialStorage.setEffectiveDate(date);
        oTPCredentialStorage.setExpiryDate(date2);
        oTPCredentialStorage.setSecretKey(tOTPCredential.getSecret());
        oTPCredentialStorage.setDevice(getDevice(tOTPCredential.getDevice()));
        credentialStore.storeCredential(securityContext, agent, oTPCredentialStorage);
    }

    private String getDevice(String str) {
        if (StringUtil.isNullOrEmpty(str)) {
            str = DEFAULT_DEVICE;
        }
        return str;
    }

    private String getConfigurationProperty(CredentialStore<?> credentialStore, String str, String str2) {
        Object obj = credentialStore.getConfig().getCredentialHandlerProperties().get(str);
        return obj != null ? String.valueOf(obj) : str2;
    }
}
