package org.picketlink.idm.credential.handler;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import org.picketlink.common.reflection.Reflections;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.config.SecurityConfigurationException;
import org.picketlink.idm.credential.AbstractBaseCredentials;
import org.picketlink.idm.credential.Token;
import org.picketlink.idm.credential.TokenCredential;
import org.picketlink.idm.credential.handler.annotations.SupportsCredentials;
import org.picketlink.idm.credential.storage.CredentialStorage;
import org.picketlink.idm.credential.storage.TokenCredentialStorage;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;

@SupportsCredentials(credentialClass = {TokenCredential.class, Token.class}, credentialStorage = TokenCredentialStorage.class)
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-api-2.7.0.Final.jar:org/picketlink/idm/credential/handler/TokenCredentialHandler.class */
public class TokenCredentialHandler<S extends CredentialStore<?>, V extends TokenCredential, U extends Token> extends AbstractCredentialHandler<S, V, U> {
    public static final String TOKEN_CONSUMER = "TOKEN_CONSUMER";
    private final List<Token.Consumer> tokenConsumers = new ArrayList();

    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler, org.picketlink.idm.credential.handler.CredentialHandler
    public void setup(S s) {
        super.setup((TokenCredentialHandler<S, V, U>) s);
        Object obj = s.getConfig().getCredentialHandlerProperties().get(TOKEN_CONSUMER);
        if (obj != null) {
            try {
                if (Token.Consumer.class.isInstance(obj)) {
                    this.tokenConsumers.add((Token.Consumer) obj);
                } else if (obj.getClass().isArray()) {
                    this.tokenConsumers.addAll(Arrays.asList((Token.Consumer[]) obj));
                } else if (List.class.isInstance(obj)) {
                    this.tokenConsumers.addAll((List) obj);
                }
            } catch (ClassCastException e) {
                throw new SecurityConfigurationException("Token consumer is not a " + Token.Consumer.class.getName() + " instance. You provided " + obj);
            }
        }
    }

    protected boolean validateCredential(IdentityContext identityContext, CredentialStorage credentialStorage, V v, S s) {
        Token token = v.getToken();
        if (getTokenConsumer(token) != null) {
            return getTokenConsumer(token).validate(token);
        }
        if (credentialStorage == null) {
            return false;
        }
        TokenCredentialStorage tokenCredentialStorage = (TokenCredentialStorage) credentialStorage;
        return tokenCredentialStorage.getToken().equals(token.getToken()) && tokenCredentialStorage.getType().equals(token.getType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public Account getAccount(IdentityContext identityContext, V v) {
        Token token = v.getToken();
        if (token == null) {
            return null;
        }
        String subject = token.getSubject();
        if (subject == null) {
            throw new IdentityManagementException("No subject returned from token [" + token + "].");
        }
        Account account = getAccount(identityContext, subject);
        if (account == null) {
            account = getAccountById(identityContext, subject);
        }
        return account;
    }

    protected CredentialStorage getCredentialStorage(IdentityContext identityContext, Account account, V v, S s) {
        return s.retrieveCurrentCredential(identityContext, account, getCredentialStorageType());
    }

    public CredentialStorage createCredentialStorage(IdentityContext identityContext, Account account, U u, S s, Date date, Date date2) {
        TokenCredentialStorage createCredentialStorageInstance = createCredentialStorageInstance();
        createCredentialStorageInstance.setType(u.getType());
        createCredentialStorageInstance.setToken(u.getToken());
        if (date != null) {
            createCredentialStorageInstance.setEffectiveDate(date);
        }
        if (createCredentialStorageInstance.getExpiryDate() == null) {
            createCredentialStorageInstance.setExpiryDate(date2);
        }
        if (createCredentialStorageInstance.getType() == null) {
            throw new IdentityManagementException("TokenCredentialStorage can not have a null type.");
        }
        return createCredentialStorageInstance;
    }

    protected Class<? extends TokenCredentialStorage> getCredentialStorageType() {
        return ((SupportsCredentials) getClass().getAnnotation(SupportsCredentials.class)).credentialStorage();
    }

    protected TokenCredentialStorage createCredentialStorageInstance() {
        try {
            return (TokenCredentialStorage) Reflections.newInstance(getCredentialStorageType());
        } catch (Exception e) {
            throw new IdentityManagementException("Could not create TokenStorageCredential [" + getCredentialStorageType() + "].", e);
        }
    }

    private <T extends Token> Token.Consumer<T> getTokenConsumer(T t) {
        for (Token.Consumer<T> consumer : this.tokenConsumers) {
            if (consumer.getTokenType().isAssignableFrom(t.getClass())) {
                return consumer;
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    protected /* bridge */ /* synthetic */ CredentialStorage getCredentialStorage(IdentityContext identityContext, Account account, AbstractBaseCredentials abstractBaseCredentials, CredentialStore credentialStore) {
        return getCredentialStorage(identityContext, account, (Account) abstractBaseCredentials, (TokenCredential) credentialStore);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    protected /* bridge */ /* synthetic */ boolean validateCredential(IdentityContext identityContext, CredentialStorage credentialStorage, AbstractBaseCredentials abstractBaseCredentials, CredentialStore credentialStore) {
        return validateCredential(identityContext, credentialStorage, (CredentialStorage) abstractBaseCredentials, (TokenCredential) credentialStore);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public /* bridge */ /* synthetic */ CredentialStorage createCredentialStorage(IdentityContext identityContext, Account account, Object obj, CredentialStore credentialStore, Date date, Date date2) {
        return createCredentialStorage(identityContext, account, (Account) obj, (Token) credentialStore, date, date2);
    }
}
