package org.picketlink.idm.credential.handler;

import ch.qos.logback.core.pattern.color.ANSIConstants;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.picketlink.common.util.StringUtil;
import org.picketlink.idm.credential.Credentials;
import org.picketlink.idm.credential.TOTPCredential;
import org.picketlink.idm.credential.TOTPCredentials;
import org.picketlink.idm.credential.handler.annotations.SupportsCredentials;
import org.picketlink.idm.credential.storage.OTPCredentialStorage;
import org.picketlink.idm.credential.util.CredentialUtils;
import org.picketlink.idm.credential.util.TimeBasedOTP;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;

@SupportsCredentials(credentialClass = {TOTPCredentials.class, TOTPCredential.class}, credentialStorage = OTPCredentialStorage.class)
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-api-2.6.0.Final.jar:org/picketlink/idm/credential/handler/TOTPCredentialHandler.class */
public class TOTPCredentialHandler extends PasswordCredentialHandler<CredentialStore<?>, TOTPCredentials, TOTPCredential> {
    public static final String ALGORITHM = "ALGORITHM";
    public static final String INTERVAL_SECONDS = "INTERVAL_SECONDS";
    public static final String NUMBER_DIGITS = "NUMBER_DIGITS";
    public static final String DELAY_WINDOW = "DELAY_WINDOW";
    public static final String DEFAULT_DEVICE = "DEFAULT_DEVICE";
    private TimeBasedOTP totp;

    @Override // org.picketlink.idm.credential.handler.PasswordCredentialHandler, org.picketlink.idm.credential.handler.AbstractCredentialHandler, org.picketlink.idm.credential.handler.CredentialHandler
    public void setup(CredentialStore<?> credentialStore) {
        super.setup((TOTPCredentialHandler) credentialStore);
        String configurationProperty = getConfigurationProperty(credentialStore, ALGORITHM, "HmacSHA1");
        String configurationProperty2 = getConfigurationProperty(credentialStore, INTERVAL_SECONDS, ANSIConstants.BLACK_FG);
        this.totp = new TimeBasedOTP(configurationProperty, Integer.parseInt(getConfigurationProperty(credentialStore, NUMBER_DIGITS, "6")), Integer.valueOf(configurationProperty2).intValue(), Integer.valueOf(getConfigurationProperty(credentialStore, DELAY_WINDOW, SchemaSymbols.ATTVAL_TRUE_1)).intValue());
    }

    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler, org.picketlink.idm.credential.handler.CredentialHandler
    public void validate(IdentityContext identityContext, TOTPCredentials tOTPCredentials, CredentialStore<?> credentialStore) {
        super.validate(identityContext, (IdentityContext) tOTPCredentials, (TOTPCredentials) credentialStore);
        if ((Credentials.Status.VALID.equals(tOTPCredentials.getStatus()) || Credentials.Status.EXPIRED.equals(tOTPCredentials.getStatus())) && !isValid(identityContext, tOTPCredentials, credentialStore)) {
            tOTPCredentials.setStatus(Credentials.Status.INVALID);
            tOTPCredentials.setValidatedAccount(null);
        }
    }

    @Override // org.picketlink.idm.credential.handler.PasswordCredentialHandler, org.picketlink.idm.credential.handler.CredentialHandler
    public void update(IdentityContext identityContext, Account account, TOTPCredential tOTPCredential, CredentialStore<?> credentialStore, Date date, Date date2) {
        if (tOTPCredential.getValue() != null && tOTPCredential.getValue().length > 0) {
            super.update(identityContext, account, (Account) tOTPCredential, (TOTPCredential) credentialStore, date, date2);
        }
        OTPCredentialStorage oTPCredentialStorage = new OTPCredentialStorage();
        if (date != null) {
            oTPCredentialStorage.setEffectiveDate(date);
        }
        oTPCredentialStorage.setExpiryDate(date2);
        oTPCredentialStorage.setSecretKey(tOTPCredential.getSecret());
        oTPCredentialStorage.setDevice(getDevice(tOTPCredential.getDevice()));
        credentialStore.storeCredential(identityContext, account, oTPCredentialStorage);
    }

    private boolean isValid(IdentityContext identityContext, TOTPCredentials tOTPCredentials, CredentialStore<?> credentialStore) {
        Iterator<OTPCredentialStorage> it = getCredentialStorages(identityContext, tOTPCredentials, credentialStore).iterator();
        while (it.hasNext()) {
            String secretKey = it.next().getSecretKey();
            if (this.totp.validate(tOTPCredentials.getToken(), secretKey.getBytes())) {
                return true;
            }
        }
        return false;
    }

    private List<OTPCredentialStorage> getCredentialStorages(IdentityContext identityContext, TOTPCredentials tOTPCredentials, CredentialStore<?> credentialStore) {
        List retrieveCredentials = credentialStore.retrieveCredentials(identityContext, getAccount(identityContext, tOTPCredentials.getUsername()), OTPCredentialStorage.class);
        Iterator it = new ArrayList(retrieveCredentials).iterator();
        while (it.hasNext()) {
            OTPCredentialStorage oTPCredentialStorage = (OTPCredentialStorage) it.next();
            if (!CredentialUtils.isCurrentCredential(oTPCredentialStorage) || !isDeviceStorage(tOTPCredentials.getDevice(), oTPCredentialStorage)) {
                retrieveCredentials.remove(oTPCredentialStorage);
            }
        }
        return retrieveCredentials;
    }

    private boolean isDeviceStorage(String str, OTPCredentialStorage oTPCredentialStorage) {
        return str == null || str.equals(oTPCredentialStorage.getDevice());
    }

    private String getDevice(String str) {
        if (StringUtil.isNullOrEmpty(str)) {
            str = DEFAULT_DEVICE;
        }
        return str;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [org.picketlink.idm.config.IdentityStoreConfiguration] */
    private String getConfigurationProperty(CredentialStore<?> credentialStore, String str, String str2) {
        Object obj = credentialStore.getConfig().getCredentialHandlerProperties().get(str);
        return obj != null ? String.valueOf(obj) : str2;
    }
}
