package org.picketlink.idm.credential.handler;

import java.util.ArrayList;
import java.util.List;
import org.picketlink.common.properties.Property;
import org.picketlink.common.properties.query.AnnotatedPropertyCriteria;
import org.picketlink.common.properties.query.PropertyQueries;
import org.picketlink.idm.IDMLog;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.credential.AbstractBaseCredentials;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.storage.CredentialStorage;
import org.picketlink.idm.credential.util.CredentialUtils;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.model.AttributedType;
import org.picketlink.idm.model.IdentityType;
import org.picketlink.idm.model.annotation.StereotypeProperty;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.idm.spi.IdentityContext;
import org.picketlink.idm.spi.IdentityStore;

/* loaded from: input_file:org/picketlink/idm/credential/handler/AbstractCredentialHandler.class */
public abstract class AbstractCredentialHandler<S extends IdentityStore<?>, V extends AbstractBaseCredentials, U> implements CredentialHandler<S, V, U> {
    private List<Class<? extends Account>> defaultAccountTypes;

    @Override // org.picketlink.idm.credential.handler.CredentialHandler
    public void setup(S s) {
        configureDefaultSupportedAccountTypes(s);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public Account getAccount(IdentityContext identityContext, String str) {
        IdentityManager identityManager = getIdentityManager(identityContext);
        for (Class<? extends Account> cls : getDefaultAccountTypes()) {
            IdentityQuery createIdentityQuery = identityManager.createIdentityQuery(cls);
            createIdentityQuery.setParameter(Account.PARTITION, identityContext.getPartition());
            String name = getDefaultLoginNameProperty(cls).getName();
            if (isDebugEnabled()) {
                IDMLog.CREDENTIAL_LOGGER.credentialRetrievingAccount(str, cls, name);
            }
            createIdentityQuery.setParameter(AttributedType.QUERY_ATTRIBUTE.byName(name), str);
            List resultList = createIdentityQuery.getResultList();
            if (resultList.size() == 1) {
                IdentityType identityType = (IdentityType) resultList.get(0);
                if (Account.class.isInstance(identityType)) {
                    return (Account) identityType;
                }
                throw IDMMessages.MESSAGES.credentialInvalidAccountType(identityType.getClass());
            }
            if (resultList.size() > 1) {
                IDMLog.CREDENTIAL_LOGGER.errorf("Multiple Account objects found with the same login name [%s] for type [%s]: [%s]", name, cls, resultList);
                throw IDMMessages.MESSAGES.credentialMultipleAccountsFoundForType(name, cls);
            }
        }
        return null;
    }

    public void validate(IdentityContext identityContext, V v, S s) {
        v.setStatus(Credentials.Status.IN_PROGRESS);
        if (isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Starting validation for credentials [%s][%s] using identity store [%s] and credential handler [%s].", new Object[]{v.getClass(), v, s, this});
        }
        Account account = getAccount(identityContext, (IdentityContext) v);
        if (account != null) {
            if (isDebugEnabled()) {
                IDMLog.CREDENTIAL_LOGGER.debugf("Found account [%s] from credentials [%s].", account, v);
            }
            if (account.isEnabled()) {
                if (isDebugEnabled()) {
                    IDMLog.CREDENTIAL_LOGGER.debugf("Account [%s] is ENABLED.", account, v);
                }
                CredentialStorage credentialStorage = getCredentialStorage(identityContext, account, v, s);
                if (isDebugEnabled()) {
                    IDMLog.CREDENTIAL_LOGGER.debugf("Current credential storage for account [%s] is [%s].", account, credentialStorage);
                }
                if (validateCredential(identityContext, credentialStorage, v)) {
                    if (credentialStorage != null && CredentialUtils.isCredentialExpired(credentialStorage)) {
                        v.setStatus(Credentials.Status.EXPIRED);
                    } else if (Credentials.Status.IN_PROGRESS.equals(v.getStatus())) {
                        v.setStatus(Credentials.Status.VALID);
                    }
                }
            } else {
                if (isDebugEnabled()) {
                    IDMLog.CREDENTIAL_LOGGER.debugf("Account [%s] is DISABLED.", account, v);
                }
                v.setStatus(Credentials.Status.ACCOUNT_DISABLED);
            }
        } else if (isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Account NOT FOUND for credentials [%s][%s].", v.getClass(), v);
        }
        v.setValidatedAccount(null);
        if (Credentials.Status.VALID.equals(v.getStatus())) {
            v.setValidatedAccount(account);
        } else if (Credentials.Status.IN_PROGRESS.equals(v.getStatus())) {
            v.setStatus(Credentials.Status.INVALID);
        }
        if (isDebugEnabled()) {
            IDMLog.CREDENTIAL_LOGGER.debugf("Finishing validation for credential [%s][%s] validated using identity store [%s] and credential handler [%s]. Status [%s]. Validated Account [%s]", new Object[]{v.getClass(), v, s, this, v.getStatus(), v.getValidatedAccount()});
        }
    }

    protected abstract boolean validateCredential(IdentityContext identityContext, CredentialStorage credentialStorage, V v);

    protected abstract Account getAccount(IdentityContext identityContext, V v);

    protected abstract CredentialStorage getCredentialStorage(IdentityContext identityContext, Account account, V v, S s);

    protected IdentityManager getIdentityManager(IdentityContext identityContext) {
        IdentityManager identityManager = (IdentityManager) identityContext.getParameter(IdentityManager.IDENTITY_MANAGER_CTX_PARAMETER);
        if (identityManager == null) {
            throw new IdentityManagementException("IdentityManager not set into context.");
        }
        return identityManager;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void configureDefaultSupportedAccountTypes(S s) {
        this.defaultAccountTypes = new ArrayList();
        for (Class<? extends AttributedType> cls : s.getConfig().getSupportedTypes().keySet()) {
            if (!Account.class.equals(cls) && Account.class.isAssignableFrom(cls)) {
                this.defaultAccountTypes.add(cls);
            }
        }
        if (this.defaultAccountTypes.isEmpty()) {
            throw IDMMessages.MESSAGES.credentialNoAccountTypeProvided();
        }
    }

    private List<Class<? extends Account>> getDefaultAccountTypes() {
        if (this.defaultAccountTypes.isEmpty()) {
            throw new IdentityManagementException("No default Account types defined.");
        }
        return this.defaultAccountTypes;
    }

    protected boolean isDebugEnabled() {
        return IDMLog.CREDENTIAL_LOGGER.isDebugEnabled();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Property getDefaultLoginNameProperty(Class<? extends Account> cls) {
        for (Property property : PropertyQueries.createQuery(cls).addCriteria(new AnnotatedPropertyCriteria(StereotypeProperty.class)).getResultList()) {
            if (StereotypeProperty.Property.IDENTITY_USER_NAME.equals(((StereotypeProperty) property.getAnnotatedElement().getAnnotation(StereotypeProperty.class)).value())) {
                return property;
            }
        }
        throw IDMMessages.MESSAGES.credentialUnknownUserNameProperty(cls);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.credential.handler.CredentialHandler
    public /* bridge */ /* synthetic */ void validate(IdentityContext identityContext, Credentials credentials, IdentityStore identityStore) {
        validate(identityContext, (IdentityContext) credentials, (AbstractBaseCredentials) identityStore);
    }
}
