package org.picketlink.idm.credential.internal;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Date;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.spi.CredentialHandler;
import org.picketlink.idm.credential.spi.annotations.SupportsCredentials;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.password.internal.SHASaltedPasswordEncoder;
import org.picketlink.idm.password.internal.SHASaltedPasswordStorage;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityStore;

@SupportsCredentials({UsernamePasswordCredentials.class, Password.class})
/* loaded from: input_file:org/picketlink/idm/credential/internal/PasswordCredentialHandler.class */
public class PasswordCredentialHandler implements CredentialHandler {
    public void validate(Credentials credentials, IdentityStore<?> identityStore) {
        SHASaltedPasswordStorage sHASaltedPasswordStorage;
        CredentialStore validateCredentialStore = validateCredentialStore(identityStore);
        if (!UsernamePasswordCredentials.class.isInstance(credentials)) {
            throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler.");
        }
        UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
        usernamePasswordCredentials.setStatus(Credentials.Status.INVALID);
        Agent agent = identityStore.getAgent(usernamePasswordCredentials.getUsername());
        if (agent == null || (sHASaltedPasswordStorage = (SHASaltedPasswordStorage) validateCredentialStore.retrieveCurrentCredential(agent, SHASaltedPasswordStorage.class)) == null) {
            return;
        }
        if (CredentialUtils.isCredentialExpired(sHASaltedPasswordStorage)) {
            usernamePasswordCredentials.setStatus(Credentials.Status.EXPIRED);
        } else if (sHASaltedPasswordStorage.getEncodedHash().equals(new SHASaltedPasswordEncoder(512).encodePassword(sHASaltedPasswordStorage.getSalt(), new String(usernamePasswordCredentials.getPassword().getValue())))) {
            usernamePasswordCredentials.setStatus(Credentials.Status.VALID);
            usernamePasswordCredentials.setValidatedAgent(agent);
        }
    }

    public void update(Agent agent, Object obj, IdentityStore<?> identityStore, Date date, Date date2) {
        CredentialStore validateCredentialStore = validateCredentialStore(identityStore);
        if (!Password.class.isInstance(obj)) {
            throw new IllegalArgumentException("Credential class [" + obj.getClass().getName() + "] not supported by this handler.");
        }
        SHASaltedPasswordEncoder sHASaltedPasswordEncoder = new SHASaltedPasswordEncoder(512);
        SHASaltedPasswordStorage sHASaltedPasswordStorage = new SHASaltedPasswordStorage();
        sHASaltedPasswordStorage.setSalt(generateSalt());
        sHASaltedPasswordStorage.setEncodedHash(sHASaltedPasswordEncoder.encodePassword(sHASaltedPasswordStorage.getSalt(), new String(((Password) obj).getValue())));
        sHASaltedPasswordStorage.setEffectiveDate(date);
        if (date2 != null) {
            sHASaltedPasswordStorage.setExpiryDate(date2);
        }
        validateCredentialStore.storeCredential(agent, sHASaltedPasswordStorage);
    }

    private String generateSalt() {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(1024L);
            return String.valueOf(secureRandom.nextLong());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Error getting SecureRandom instance: SHA1PRNG", e);
        }
    }

    private CredentialStore validateCredentialStore(IdentityStore<?> identityStore) {
        if (CredentialStore.class.isInstance(identityStore)) {
            return (CredentialStore) identityStore;
        }
        throw new IdentityManagementException("Provided IdentityStore [" + identityStore.getClass().getName() + "] is not an instance of CredentialStore.");
    }
}
