package org.picketlink.idm.jpa.internal;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.PlainTextPassword;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.credential.spi.CredentialHandler;
import org.picketlink.idm.credential.spi.annotations.SupportsCredentials;
import org.picketlink.idm.credential.spi.annotations.SupportsStores;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.model.Attribute;
import org.picketlink.idm.password.internal.SHASaltedPasswordEncoder;
import org.picketlink.idm.password.internal.SHASaltedPasswordHash;
import org.picketlink.idm.spi.IdentityStore;

@SupportsStores({JPAIdentityStore.class})
@SupportsCredentials({UsernamePasswordCredentials.class, PlainTextPassword.class})
/* loaded from: input_file:org/picketlink/idm/jpa/internal/JPAPlainTextPasswordCredentialHandler.class */
public class JPAPlainTextPasswordCredentialHandler implements CredentialHandler {
    private static final String PASSWORD_SALT_USER_ATTRIBUTE = "passwordSalt";

    public void validate(Credentials credentials, IdentityStore identityStore) {
        if (!UsernamePasswordCredentials.class.isInstance(credentials)) {
            throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler.");
        }
        if (!JPAIdentityStore.class.isInstance(identityStore)) {
            throw new IllegalArgumentException("IdentityStore class [" + identityStore.getClass() + "] not supported by this handler.");
        }
        UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
        JPAIdentityStore jPAIdentityStore = (JPAIdentityStore) identityStore;
        Agent agent = jPAIdentityStore.getAgent(usernamePasswordCredentials.getUsername());
        if (agent == null) {
            usernamePasswordCredentials.setStatus(Credentials.Status.INVALID);
            return;
        }
        SHASaltedPasswordHash sHASaltedPasswordHash = (SHASaltedPasswordHash) jPAIdentityStore.retrieveCredential(agent, SHASaltedPasswordHash.class);
        if (sHASaltedPasswordHash == null) {
            usernamePasswordCredentials.setStatus(Credentials.Status.INVALID);
            return;
        }
        if (sHASaltedPasswordHash.getEncodedHash().equals(new SHASaltedPasswordEncoder(512).encodePassword(getSalt(agent, identityStore), new String(usernamePasswordCredentials.getPassword().getValue())))) {
            usernamePasswordCredentials.setStatus(Credentials.Status.VALID);
            usernamePasswordCredentials.setValidatedAgent(agent);
        }
    }

    private String getSalt(Agent agent, IdentityStore identityStore) {
        String str = (String) agent.getAttribute(PASSWORD_SALT_USER_ATTRIBUTE).getValue();
        if (str == null) {
            try {
                SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
                secureRandom.setSeed(1024L);
                str = String.valueOf(secureRandom.nextLong());
                agent.setAttribute(new Attribute(PASSWORD_SALT_USER_ATTRIBUTE, str));
                identityStore.update(agent);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Error getting SecureRandom instance: SHA1PRNG", e);
            }
        }
        return str;
    }

    public void update(Agent agent, Object obj, IdentityStore identityStore) {
        if (!PlainTextPassword.class.isInstance(obj)) {
            throw new IllegalArgumentException("Credential class [" + obj.getClass().getName() + "] not supported by this handler.");
        }
        if (!JPAIdentityStore.class.isInstance(identityStore)) {
            throw new IllegalArgumentException("IdentityStore class [" + identityStore.getClass() + "] not supported by this handler.");
        }
        SHASaltedPasswordEncoder sHASaltedPasswordEncoder = new SHASaltedPasswordEncoder(512);
        SHASaltedPasswordHash sHASaltedPasswordHash = new SHASaltedPasswordHash();
        sHASaltedPasswordHash.setEncodedHash(sHASaltedPasswordEncoder.encodePassword(getSalt(agent, identityStore), new String(((PlainTextPassword) obj).getValue())));
        ((JPAIdentityStore) identityStore).storeCredential(agent, sHASaltedPasswordHash);
    }
}
