package org.picketlink.idm.impl.credential;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.picketlink.idm.api.Attribute;
import org.picketlink.idm.api.AttributesManager;
import org.picketlink.idm.api.SecureRandomProvider;
import org.picketlink.idm.common.exception.IdentityException;

/* loaded from: input_file:org/picketlink/idm/impl/credential/DatabaseReadingSaltEncoder.class */
public class DatabaseReadingSaltEncoder extends AbstractHashingWithSaltEncoder {
    public static final String PASSWORD_SALT_USER_ATTRIBUTE = "passwordSalt";
    private static final String OPTION_CREDENTIAL_ENCODER_SECURE_RANDOM_ALGORITHM = "credentialEncoder.secureRandomAlgorithm";
    private static final String OPTION_DEFAULT_SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    public static final String OPTION_SECURE_RANDOM_PROVIDER_REGISTRY_NAME = "credentialEncoder.secureRandom.providerRegistryName";
    public static final String DEFAULT_SECURE_RANDOM_PROVIDER_REGISTRY_NAME = "secureRandomProvider";
    private SecureRandomProvider registeredSecureRandomProvider;
    private String secureRandomAlgorithm;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.impl.credential.HashingEncoder, org.picketlink.idm.impl.credential.AbstractCredentialEncoder
    public void afterInitialize() {
        super.afterInitialize();
        String encoderProperty = getEncoderProperty(OPTION_SECURE_RANDOM_PROVIDER_REGISTRY_NAME);
        if (encoderProperty == null) {
            encoderProperty = DEFAULT_SECURE_RANDOM_PROVIDER_REGISTRY_NAME;
        }
        try {
            if (getConfigurationRegistry() != null) {
                this.registeredSecureRandomProvider = (SecureRandomProvider) getConfigurationRegistry().getObject(encoderProperty);
                this.log.info("Registered SecureRandomProvider will be used for random generating of password salts");
                return;
            }
        } catch (IdentityException e) {
            this.log.fine("SecureRandomProvider not registered. We will always create new SecureRandom");
        }
        this.secureRandomAlgorithm = getEncoderProperty(OPTION_CREDENTIAL_ENCODER_SECURE_RANDOM_ALGORITHM);
        if (this.secureRandomAlgorithm == null) {
            this.secureRandomAlgorithm = OPTION_DEFAULT_SECURE_RANDOM_ALGORITHM;
        }
        this.log.info("Algorithm " + this.secureRandomAlgorithm + " will be used for random generating of password salts");
    }

    @Override // org.picketlink.idm.impl.credential.AbstractHashingWithSaltEncoder
    protected String getSalt(String str) {
        try {
            AttributesManager attributesManager = getIdentitySession().getAttributesManager();
            Attribute attribute = attributesManager.getAttribute(str, PASSWORD_SALT_USER_ATTRIBUTE);
            if (attribute != null) {
                return (String) attribute.getValue();
            }
            String valueOf = String.valueOf(getSecureRandomInstance().nextLong());
            attributesManager.addAttribute(str, PASSWORD_SALT_USER_ATTRIBUTE, valueOf);
            this.log.fine("Salt has been randomly generated for user " + str);
            return valueOf;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected SecureRandom getSecureRandomInstance() throws NoSuchAlgorithmException {
        return this.registeredSecureRandomProvider != null ? this.registeredSecureRandomProvider.getSecureRandom() : SecureRandom.getInstance(this.secureRandomAlgorithm);
    }
}
