package org.picketlink.idm.credential.internal;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.spi.CredentialHandler;
import org.picketlink.idm.credential.spi.annotations.SupportsCredentials;
import org.picketlink.idm.internal.util.Base64;
import org.picketlink.idm.model.Agent;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityStore;

@SupportsCredentials({X509CertificateCredentials.class, X509Cert.class})
/* loaded from: input_file:org/picketlink/idm/credential/internal/X509CertificateCredentialHandler.class */
public class X509CertificateCredentialHandler implements CredentialHandler {
    public void validate(Credentials credentials, IdentityStore<?> identityStore) {
        X509CertificateStorage x509CertificateStorage;
        if (!CredentialStore.class.isInstance(identityStore)) {
            throw new IdentityManagementException("Provided IdentityStore [" + identityStore + "] is not an instance of CredentialStore.");
        }
        if (!X509CertificateCredentials.class.isInstance(credentials)) {
            throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler.");
        }
        X509CertificateCredentials x509CertificateCredentials = (X509CertificateCredentials) credentials;
        Agent agent = identityStore.getAgent(x509CertificateCredentials.getUsername());
        x509CertificateCredentials.setStatus(Credentials.Status.INVALID);
        if (agent == null || (x509CertificateStorage = (X509CertificateStorage) ((CredentialStore) identityStore).retrieveCurrentCredential(agent, X509CertificateStorage.class)) == null) {
            return;
        }
        try {
            if (((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(x509CertificateStorage.getBase64Cert())))).equals(x509CertificateCredentials.getCertificate().getValue())) {
                x509CertificateCredentials.setStatus(Credentials.Status.VALID);
            }
        } catch (Exception e) {
            throw new IdentityManagementException("Error while checking user's certificate.", e);
        }
    }

    public void update(Agent agent, Object obj, IdentityStore<?> identityStore, Date date, Date date2) {
        if (!CredentialStore.class.isInstance(identityStore)) {
            throw new IdentityManagementException("Provided IdentityStore [" + identityStore + "] is not an instance of CredentialStore.");
        }
        if (!X509Cert.class.isInstance(obj)) {
            throw new IllegalArgumentException("Credential class [" + obj.getClass().getName() + "] not supported by this handler.");
        }
        ((CredentialStore) identityStore).storeCredential(agent, new X509CertificateStorage((X509Cert) obj));
    }
}
