package org.picketlink.idm.credential.internal;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Map;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.config.SecurityConfigurationException;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.credential.spi.CredentialHandler;
import org.picketlink.idm.credential.spi.annotations.SupportsCredentials;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.password.PasswordEncoder;
import org.picketlink.idm.password.internal.EncodedPasswordStorage;
import org.picketlink.idm.password.internal.SHAPasswordEncoder;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.SecurityContext;

@SupportsCredentials({UsernamePasswordCredentials.class, Password.class})
/* loaded from: input_file:org/picketlink/idm/credential/internal/PasswordCredentialHandler.class */
public class PasswordCredentialHandler<S extends CredentialStore<?>, V extends UsernamePasswordCredentials, U extends Password> implements CredentialHandler<S, V, U> {
    private static final String DEFAULT_SALT_ALGORITHM = "SHA1PRNG";
    public static final String PASSWORD_ENCODER = "PASSWORD_ENCODER";
    private PasswordEncoder passwordEncoder = new SHAPasswordEncoder(512);

    @Override // 
    public void setup(S s) {
        Object obj;
        Map credentialHandlerProperties = s.getConfig().getCredentialHandlerProperties();
        if (credentialHandlerProperties == null || (obj = credentialHandlerProperties.get(PASSWORD_ENCODER)) == null) {
            return;
        }
        if (!PasswordEncoder.class.isInstance(obj)) {
            throw new SecurityConfigurationException("The password encoder [" + obj + "] must be an instance of " + PasswordEncoder.class.getName());
        }
        this.passwordEncoder = (PasswordEncoder) obj;
    }

    @Override // 
    public void validate(SecurityContext securityContext, V v, S s) {
        if (!UsernamePasswordCredentials.class.isInstance(v)) {
            throw IDMMessages.MESSAGES.credentialUnsupportedType(v.getClass(), this);
        }
        v.setStatus(Credentials.Status.INVALID);
        Agent agent = s.getAgent(securityContext, v.getUsername());
        if (agent != null) {
            if (!agent.isEnabled()) {
                v.setStatus(Credentials.Status.AGENT_DISABLED);
                return;
            }
            EncodedPasswordStorage encodedPasswordStorage = (EncodedPasswordStorage) s.retrieveCurrentCredential(securityContext, agent, EncodedPasswordStorage.class);
            if (encodedPasswordStorage != null) {
                if (CredentialUtils.isCredentialExpired(encodedPasswordStorage)) {
                    v.setStatus(Credentials.Status.EXPIRED);
                    return;
                }
                if (encodedPasswordStorage.getEncodedHash().equals(this.passwordEncoder.encode(saltPassword(new String(v.getPassword().getValue()), encodedPasswordStorage.getSalt())))) {
                    v.setStatus(Credentials.Status.VALID);
                    v.setValidatedAgent(agent);
                }
            }
        }
    }

    @Override // 
    public void update(SecurityContext securityContext, Agent agent, U u, S s, Date date, Date date2) {
        EncodedPasswordStorage encodedPasswordStorage = new EncodedPasswordStorage();
        String str = new String(u.getValue());
        String generateSalt = generateSalt();
        encodedPasswordStorage.setSalt(generateSalt);
        encodedPasswordStorage.setEncodedHash(this.passwordEncoder.encode(saltPassword(str, generateSalt)));
        encodedPasswordStorage.setEffectiveDate(date);
        if (date2 != null) {
            encodedPasswordStorage.setExpiryDate(date2);
        }
        s.storeCredential(securityContext, agent, encodedPasswordStorage);
    }

    private String saltPassword(String str, String str2) {
        return str2 + str;
    }

    private String generateSalt() {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance(DEFAULT_SALT_ALGORITHM);
            secureRandom.setSeed(1024L);
            return String.valueOf(secureRandom.nextLong());
        } catch (NoSuchAlgorithmException e) {
            throw new IdentityManagementException("Error getting SecureRandom instance: SHA1PRNG", e);
        }
    }
}
