package org.keycloak.policy;

import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.hash.PasswordHashProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.PasswordCredentialModel;

/* loaded from: input_file:org/keycloak/policy/HistoryPasswordPolicyProvider.class */
public class HistoryPasswordPolicyProvider implements PasswordPolicyProvider {
    private static final Logger logger = Logger.getLogger(HistoryPasswordPolicyProvider.class);
    private static final String ERROR_MESSAGE = "invalidPasswordHistoryMessage";
    private KeycloakSession session;

    public HistoryPasswordPolicyProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public PolicyError validate(String str, String str2) {
        return null;
    }

    public PolicyError validate(RealmModel realmModel, UserModel userModel, String str) {
        int intValue = ((Integer) this.session.getContext().getRealm().getPasswordPolicy().getPolicyConfig("passwordHistory")).intValue();
        if (intValue == -1) {
            return null;
        }
        Iterator it = this.session.userCredentialManager().getStoredCredentialsByType(realmModel, userModel, "password").iterator();
        while (it.hasNext()) {
            PasswordCredentialModel createFromCredentialModel = PasswordCredentialModel.createFromCredentialModel((CredentialModel) it.next());
            PasswordHashProvider provider = this.session.getProvider(PasswordHashProvider.class, createFromCredentialModel.getPasswordCredentialData().getAlgorithm());
            if (provider != null && provider.verify(str, createFromCredentialModel)) {
                return new PolicyError(ERROR_MESSAGE, new Object[]{Integer.valueOf(intValue)});
            }
        }
        if (intValue <= 0) {
            return null;
        }
        Iterator<CredentialModel> it2 = getRecent(this.session.userCredentialManager().getStoredCredentialsByType(realmModel, userModel, "password-history"), intValue - 1).iterator();
        while (it2.hasNext()) {
            PasswordCredentialModel createFromCredentialModel2 = PasswordCredentialModel.createFromCredentialModel(it2.next());
            if (this.session.getProvider(PasswordHashProvider.class, createFromCredentialModel2.getPasswordCredentialData().getAlgorithm()).verify(str, createFromCredentialModel2)) {
                return new PolicyError(ERROR_MESSAGE, new Object[]{Integer.valueOf(intValue)});
            }
        }
        return null;
    }

    private List<CredentialModel> getRecent(List<CredentialModel> list, int i) {
        return (List) list.stream().sorted(CredentialModel.comparingByStartDateDesc()).limit(i).collect(Collectors.toList());
    }

    public Object parseConfig(String str) {
        return parseInteger(str, HistoryPasswordPolicyProviderFactory.DEFAULT_VALUE);
    }

    public void close() {
    }
}
