package org.picketlink.idm.ldap.internal;

import java.util.Date;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.ModificationItem;
import org.apache.commons.lang.CharEncoding;
import org.picketlink.idm.IDMLog;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.credential.handler.CredentialHandler;
import org.picketlink.idm.credential.handler.annotations.SupportsCredentials;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.basic.Agent;
import org.picketlink.idm.model.basic.BasicModel;
import org.picketlink.idm.spi.IdentityContext;

@SupportsCredentials(credentialClass = {UsernamePasswordCredentials.class, Password.class}, credentialStorage = SupportsCredentials.NO_CREDENTIAL_STORAGE.class)
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-impl-2.6.0.CR3.jar:org/picketlink/idm/ldap/internal/LDAPPlainTextPasswordCredentialHandler.class */
public class LDAPPlainTextPasswordCredentialHandler<S, V, U> implements CredentialHandler<LDAPIdentityStore, UsernamePasswordCredentials, Password> {
    private static final String USER_PASSWORD_ATTRIBUTE = "userpassword";

    @Override // org.picketlink.idm.credential.handler.CredentialHandler
    public void setup(LDAPIdentityStore lDAPIdentityStore) {
    }

    @Override // org.picketlink.idm.credential.handler.CredentialHandler
    public void validate(IdentityContext identityContext, UsernamePasswordCredentials usernamePasswordCredentials, LDAPIdentityStore lDAPIdentityStore) {
        usernamePasswordCredentials.setStatus(Credentials.Status.INVALID);
        usernamePasswordCredentials.setValidatedAccount(null);
        if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Validating credentials [%s][%s] using identity store [%s] and credential handler [%s].", new Object[]{usernamePasswordCredentials.getClass(), usernamePasswordCredentials, lDAPIdentityStore, this});
        }
        Account account = getAccount(identityContext, usernamePasswordCredentials.getUsername());
        if (account != null) {
            if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
                IDMLog.CREDENTIAL_LOGGER.debugf("Found account [%s] from credentials [%s].", account, usernamePasswordCredentials);
            }
            if (account.isEnabled()) {
                if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
                    IDMLog.CREDENTIAL_LOGGER.debugf("Account [%s] is ENABLED.", account, usernamePasswordCredentials);
                }
                if (lDAPIdentityStore.getOperationManager().authenticate(lDAPIdentityStore.getBindingDN(account), new String(usernamePasswordCredentials.getPassword().getValue()))) {
                    usernamePasswordCredentials.setValidatedAccount(account);
                    usernamePasswordCredentials.setStatus(Credentials.Status.VALID);
                }
            } else {
                if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
                    IDMLog.CREDENTIAL_LOGGER.debugf("Account [%s] is DISABLED.", account, usernamePasswordCredentials);
                }
                usernamePasswordCredentials.setStatus(Credentials.Status.ACCOUNT_DISABLED);
            }
        } else if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Account NOT FOUND for credentials [%s][%s].", usernamePasswordCredentials.getClass(), usernamePasswordCredentials);
        }
        if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Credential [%s][%s] validated using identity store [%s] and credential handler [%s]. Status [%s]. Validated Account [%s]", new Object[]{usernamePasswordCredentials.getClass(), usernamePasswordCredentials, lDAPIdentityStore, this, usernamePasswordCredentials.getStatus(), usernamePasswordCredentials.getValidatedAccount()});
        }
    }

    @Override // org.picketlink.idm.credential.handler.CredentialHandler
    public void update(IdentityContext identityContext, Account account, Password password, LDAPIdentityStore lDAPIdentityStore, Date date, Date date2) {
        if (lDAPIdentityStore.getConfig().isActiveDirectory()) {
            updateADPassword(account, new String(password.getValue()), lDAPIdentityStore);
            return;
        }
        ModificationItem[] modificationItemArr = new ModificationItem[1];
        try {
            BasicAttribute basicAttribute = new BasicAttribute(USER_PASSWORD_ATTRIBUTE, new String(password.getValue()));
            modificationItemArr[0] = new ModificationItem(2, basicAttribute);
            lDAPIdentityStore.getOperationManager().modifyAttribute(lDAPIdentityStore.getBindingDN(account), basicAttribute);
        } catch (Exception e) {
            throw new IdentityManagementException("Error updating password.", e);
        }
    }

    private void updateADPassword(Account account, String str, LDAPIdentityStore lDAPIdentityStore) {
        try {
            lDAPIdentityStore.getOperationManager().modifyAttribute(lDAPIdentityStore.getBindingDN(account), new BasicAttribute("unicodePwd", ("\"" + str + "\"").getBytes(CharEncoding.UTF_16LE)));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected Account getAccount(IdentityContext identityContext, String str) {
        IdentityManager identityManager = getIdentityManager(identityContext);
        if (IDMLog.CREDENTIAL_LOGGER.isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Trying to find account [%s] using default account type [%s]. If you're using a custom account type, it will not be retrieved until you provide a credential handler that knows how to retrieve it.", str, Agent.class);
        }
        Agent agent = BasicModel.getAgent(identityManager, str);
        if (agent == null) {
            agent = BasicModel.getUser(identityManager, str);
        }
        return agent;
    }

    protected IdentityManager getIdentityManager(IdentityContext identityContext) {
        IdentityManager identityManager = (IdentityManager) identityContext.getParameter(IdentityManager.IDENTITY_MANAGER_CTX_PARAMETER);
        if (identityManager == null) {
            throw new IdentityManagementException("IdentityManager not set into context.");
        }
        return identityManager;
    }
}
