package org.picketlink.idm.credential.internal;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.apache.commons.io.FileUtils;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.PlainTextPassword;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.credential.spi.CredentialHandler;
import org.picketlink.idm.credential.spi.annotations.SupportsCredentials;
import org.picketlink.idm.credential.spi.annotations.SupportsStores;
import org.picketlink.idm.file.internal.FileBasedIdentityStore;
import org.picketlink.idm.jpa.internal.JPAIdentityStore;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.password.internal.PlainTextPasswordStorage;
import org.picketlink.idm.password.internal.SHASaltedPasswordEncoder;
import org.picketlink.idm.password.internal.SHASaltedPasswordHash;
import org.picketlink.idm.spi.IdentityStore;

@SupportsStores({JPAIdentityStore.class, FileBasedIdentityStore.class})
@SupportsCredentials({UsernamePasswordCredentials.class, PlainTextPassword.class})
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-impl-3.0-2013Jan04.jar:org/picketlink/idm/credential/internal/PlainTextPasswordCredentialHandler.class */
public class PlainTextPasswordCredentialHandler implements CredentialHandler {
    private static final String PASSWORD_SALT_USER_ATTRIBUTE = "passwordSalt";

    @Override // org.picketlink.idm.credential.spi.CredentialHandler
    public void validate(Credentials credentials, IdentityStore<?> identityStore) {
        if (!UsernamePasswordCredentials.class.isInstance(credentials)) {
            throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler.");
        }
        UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
        usernamePasswordCredentials.setStatus(Credentials.Status.INVALID);
        Agent agent = identityStore.getAgent(usernamePasswordCredentials.getUsername());
        if (agent != null) {
            doValidate(agent, usernamePasswordCredentials, identityStore);
        }
    }

    protected void doValidate(Agent agent, UsernamePasswordCredentials usernamePasswordCredentials, IdentityStore<?> identityStore) {
        PlainTextPassword password = usernamePasswordCredentials.getPassword();
        if (!password.isEncodePassword()) {
            PlainTextPasswordStorage plainTextPasswordStorage = (PlainTextPasswordStorage) identityStore.retrieveCredential(agent, PlainTextPasswordStorage.class);
            if (plainTextPasswordStorage == null || !plainTextPasswordStorage.getPassword().equals(String.valueOf(password.getValue()))) {
                return;
            }
            usernamePasswordCredentials.setStatus(Credentials.Status.VALID);
            usernamePasswordCredentials.setValidatedAgent(agent);
            return;
        }
        SHASaltedPasswordHash sHASaltedPasswordHash = (SHASaltedPasswordHash) identityStore.retrieveCredential(agent, SHASaltedPasswordHash.class);
        if (sHASaltedPasswordHash != null) {
            if (sHASaltedPasswordHash.getEncodedHash().equals(new SHASaltedPasswordEncoder(512).encodePassword(getSalt(agent, identityStore), new String(usernamePasswordCredentials.getPassword().getValue())))) {
                usernamePasswordCredentials.setStatus(Credentials.Status.VALID);
                usernamePasswordCredentials.setValidatedAgent(agent);
            }
        }
    }

    protected String getSalt(Agent agent, IdentityStore<?> identityStore) {
        Attribute attribute = agent.getAttribute(PASSWORD_SALT_USER_ATTRIBUTE);
        String str = null;
        if (attribute != null) {
            str = (String) attribute.getValue();
        }
        if (str == null) {
            try {
                SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
                secureRandom.setSeed(FileUtils.ONE_KB);
                str = String.valueOf(secureRandom.nextLong());
                agent.setAttribute(new Attribute<>(PASSWORD_SALT_USER_ATTRIBUTE, str));
                identityStore.update(agent);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Error getting SecureRandom instance: SHA1PRNG", e);
            }
        }
        return str;
    }

    @Override // org.picketlink.idm.credential.spi.CredentialHandler
    public void update(Agent agent, Object obj, IdentityStore<?> identityStore) {
        if (!PlainTextPassword.class.isInstance(obj)) {
            throw new IllegalArgumentException("Credential class [" + obj.getClass().getName() + "] not supported by this handler.");
        }
        doUpdate(agent, identityStore, (PlainTextPassword) obj);
    }

    protected void doUpdate(Agent agent, IdentityStore<?> identityStore, PlainTextPassword plainTextPassword) {
        if (!plainTextPassword.isEncodePassword()) {
            identityStore.storeCredential(agent, new PlainTextPasswordStorage(String.valueOf(plainTextPassword.getValue())));
            return;
        }
        SHASaltedPasswordEncoder sHASaltedPasswordEncoder = new SHASaltedPasswordEncoder(512);
        SHASaltedPasswordHash sHASaltedPasswordHash = new SHASaltedPasswordHash();
        sHASaltedPasswordHash.setEncodedHash(sHASaltedPasswordEncoder.encodePassword(getSalt(agent, identityStore), new String(plainTextPassword.getValue())));
        identityStore.storeCredential(agent, sHASaltedPasswordHash);
    }
}
