package org.keycloak.models.utils;

import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.keycloak.common.util.Time;
import org.keycloak.hash.PasswordHashManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.OTPPolicy;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
import org.keycloak.storage.federated.UserFederatedStorageProvider;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-server-spi/main/keycloak-server-spi-2.1.0.Final.jar:org/keycloak/models/utils/FederatedCredentials.class */
public class FederatedCredentials {
    public static void updateCredential(KeycloakSession keycloakSession, UserFederatedStorageProvider userFederatedStorageProvider, RealmModel realmModel, UserModel userModel, UserCredentialModel userCredentialModel) {
        if (userCredentialModel.getType().equals("password")) {
            updatePasswordCredential(keycloakSession, userFederatedStorageProvider, realmModel, userModel, userCredentialModel);
            return;
        }
        if (UserCredentialModel.isOtp(userCredentialModel.getType())) {
            updateOtpCredential(keycloakSession, userFederatedStorageProvider, realmModel, userModel, userCredentialModel);
            return;
        }
        UserCredentialValueModel credentialByType = getCredentialByType(userFederatedStorageProvider, realmModel, userModel, userCredentialModel.getType());
        if (credentialByType == null) {
            credentialByType.setCreatedDate(Long.valueOf(Time.toMillis(Time.currentTime())));
            credentialByType.setType(userCredentialModel.getType());
            credentialByType.setDevice(userCredentialModel.getDevice());
            credentialByType.setValue(userCredentialModel.getValue());
        } else {
            credentialByType.setValue(userCredentialModel.getValue());
        }
        userFederatedStorageProvider.updateCredential(realmModel, userModel, credentialByType);
    }

    public static UserCredentialValueModel getCredentialByType(UserFederatedStorageProvider userFederatedStorageProvider, RealmModel realmModel, UserModel userModel, String str) {
        for (UserCredentialValueModel userCredentialValueModel : userFederatedStorageProvider.getCredentials(realmModel, userModel)) {
            if (userCredentialValueModel.getType().equals(str)) {
                return userCredentialValueModel;
            }
        }
        return null;
    }

    public static LinkedList<UserCredentialValueModel> getCredentialsByType(UserFederatedStorageProvider userFederatedStorageProvider, RealmModel realmModel, UserModel userModel, String str) {
        List<UserCredentialValueModel> credentials = userFederatedStorageProvider.getCredentials(realmModel, userModel);
        LinkedList<UserCredentialValueModel> linkedList = new LinkedList<>();
        for (UserCredentialValueModel userCredentialValueModel : credentials) {
            if (userCredentialValueModel.getType().equals(str)) {
                linkedList.add(userCredentialValueModel);
            }
        }
        return linkedList;
    }

    public static void updatePasswordCredential(KeycloakSession keycloakSession, UserFederatedStorageProvider userFederatedStorageProvider, RealmModel realmModel, UserModel userModel, UserCredentialModel userCredentialModel) {
        UserCredentialValueModel credentialByType = getCredentialByType(userFederatedStorageProvider, realmModel, userModel, userCredentialModel.getType());
        if (credentialByType == null) {
            UserCredentialValueModel encode = PasswordHashManager.encode(keycloakSession, realmModel, userCredentialModel.getValue());
            encode.setCreatedDate(Long.valueOf(Time.toMillis(Time.currentTime())));
            encode.setType(userCredentialModel.getType());
            encode.setDevice(userCredentialModel.getDevice());
            userFederatedStorageProvider.updateCredential(realmModel, userModel, encode);
            return;
        }
        int i = -1;
        PasswordPolicy passwordPolicy = realmModel.getPasswordPolicy();
        if (passwordPolicy != null) {
            i = passwordPolicy.getExpiredPasswords();
        }
        if (i == -1) {
            Iterator<UserCredentialValueModel> it = getCredentialsByType(userFederatedStorageProvider, realmModel, userModel, UserCredentialModel.PASSWORD_HISTORY).iterator();
            while (it.hasNext()) {
                userFederatedStorageProvider.removeCredential(realmModel, userModel, it.next());
            }
            UserCredentialValueModel encode2 = PasswordHashManager.encode(keycloakSession, realmModel, userCredentialModel.getValue());
            encode2.setCreatedDate(Long.valueOf(Time.toMillis(Time.currentTime())));
            encode2.setType(userCredentialModel.getType());
            encode2.setDevice(userCredentialModel.getDevice());
            encode2.setId(credentialByType.getId());
            userFederatedStorageProvider.updateCredential(realmModel, userModel, encode2);
            return;
        }
        credentialByType.setType(UserCredentialModel.PASSWORD_HISTORY);
        LinkedList<UserCredentialValueModel> credentialsByType = getCredentialsByType(userFederatedStorageProvider, realmModel, userModel, UserCredentialModel.PASSWORD_HISTORY);
        if (credentialsByType.size() > i - 1) {
            Collections.sort(credentialsByType, new Comparator<UserCredentialValueModel>() { // from class: org.keycloak.models.utils.FederatedCredentials.1
                @Override // java.util.Comparator
                public int compare(UserCredentialValueModel userCredentialValueModel, UserCredentialValueModel userCredentialValueModel2) {
                    if (userCredentialValueModel.getCreatedDate().equals(userCredentialValueModel2.getCreatedDate())) {
                        return 0;
                    }
                    return userCredentialValueModel.getCreatedDate().longValue() < userCredentialValueModel2.getCreatedDate().longValue() ? -1 : 1;
                }
            });
            while (credentialsByType.size() > i - 1) {
                userFederatedStorageProvider.removeCredential(realmModel, userModel, credentialsByType.removeFirst());
            }
        }
        userFederatedStorageProvider.updateCredential(realmModel, userModel, credentialByType);
        UserCredentialValueModel encode3 = PasswordHashManager.encode(keycloakSession, realmModel, userCredentialModel.getValue());
        encode3.setCreatedDate(Long.valueOf(Time.toMillis(Time.currentTime())));
        encode3.setType(userCredentialModel.getType());
        encode3.setDevice(userCredentialModel.getDevice());
        userFederatedStorageProvider.updateCredential(realmModel, userModel, encode3);
    }

    public static void updateOtpCredential(KeycloakSession keycloakSession, UserFederatedStorageProvider userFederatedStorageProvider, RealmModel realmModel, UserModel userModel, UserCredentialModel userCredentialModel) {
        LinkedList<UserCredentialValueModel> credentialsByType = getCredentialsByType(userFederatedStorageProvider, realmModel, userModel, UserCredentialModel.PASSWORD_HISTORY);
        if (credentialsByType.isEmpty()) {
            UserCredentialValueModel userCredentialValueModel = new UserCredentialValueModel();
            userCredentialValueModel.setCreatedDate(Long.valueOf(Time.toMillis(Time.currentTime())));
            userCredentialValueModel.setType(userCredentialModel.getType());
            userCredentialValueModel.setDevice(userCredentialModel.getDevice());
            userCredentialValueModel.setValue(userCredentialModel.getValue());
            OTPPolicy oTPPolicy = realmModel.getOTPPolicy();
            userCredentialValueModel.setAlgorithm(oTPPolicy.getAlgorithm());
            userCredentialValueModel.setDigits(oTPPolicy.getDigits());
            userCredentialValueModel.setCounter(oTPPolicy.getInitialCounter());
            userCredentialValueModel.setPeriod(oTPPolicy.getPeriod());
            userFederatedStorageProvider.updateCredential(realmModel, userModel, userCredentialValueModel);
            return;
        }
        OTPPolicy oTPPolicy2 = realmModel.getOTPPolicy();
        if (userCredentialModel.getDevice() == null) {
            Iterator<UserCredentialValueModel> it = credentialsByType.iterator();
            while (it.hasNext()) {
                userFederatedStorageProvider.removeCredential(realmModel, userModel, it.next());
            }
            UserCredentialValueModel userCredentialValueModel2 = new UserCredentialValueModel();
            userCredentialValueModel2.setCreatedDate(Long.valueOf(Time.toMillis(Time.currentTime())));
            userCredentialValueModel2.setType(userCredentialModel.getType());
            userCredentialValueModel2.setDevice(userCredentialModel.getDevice());
            userCredentialValueModel2.setDigits(oTPPolicy2.getDigits());
            userCredentialValueModel2.setCounter(oTPPolicy2.getInitialCounter());
            userCredentialValueModel2.setAlgorithm(oTPPolicy2.getAlgorithm());
            userCredentialValueModel2.setValue(userCredentialModel.getValue());
            userCredentialValueModel2.setPeriod(oTPPolicy2.getPeriod());
            userFederatedStorageProvider.updateCredential(realmModel, userModel, userCredentialValueModel2);
            return;
        }
        UserCredentialValueModel userCredentialValueModel3 = new UserCredentialValueModel();
        Iterator<UserCredentialValueModel> it2 = credentialsByType.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            UserCredentialValueModel next = it2.next();
            if (userCredentialModel.getDevice().equals(next.getDevice())) {
                userCredentialValueModel3 = next;
                break;
            }
        }
        userCredentialValueModel3.setCreatedDate(Long.valueOf(Time.toMillis(Time.currentTime())));
        userCredentialValueModel3.setType(userCredentialModel.getType());
        userCredentialValueModel3.setDevice(userCredentialModel.getDevice());
        userCredentialValueModel3.setDigits(oTPPolicy2.getDigits());
        userCredentialValueModel3.setCounter(oTPPolicy2.getInitialCounter());
        userCredentialValueModel3.setAlgorithm(oTPPolicy2.getAlgorithm());
        userCredentialValueModel3.setValue(userCredentialModel.getValue());
        userCredentialValueModel3.setPeriod(oTPPolicy2.getPeriod());
        userFederatedStorageProvider.updateCredential(realmModel, userModel, userCredentialValueModel3);
    }
}
