package org.keycloak.policy;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import org.keycloak.hash.PasswordHashManager;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:org/keycloak/policy/HistoryPasswordPolicyProvider.class */
public class HistoryPasswordPolicyProvider implements PasswordPolicyProvider {
    private static final String ERROR_MESSAGE = "invalidPasswordHistoryMessage";
    private KeycloakSession session;

    public HistoryPasswordPolicyProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    @Override // org.keycloak.policy.PasswordPolicyProvider
    public PolicyError validate(String str, String str2) {
        return null;
    }

    @Override // org.keycloak.policy.PasswordPolicyProvider
    public PolicyError validate(UserModel userModel, String str) {
        PasswordPolicy passwordPolicy = this.session.getContext().getRealm().getPasswordPolicy();
        int intValue = ((Integer) passwordPolicy.getPolicyConfig(HistoryPasswordPolicyProviderFactory.ID)).intValue();
        if (intValue == -1) {
            return null;
        }
        UserCredentialValueModel credentialValueModel = getCredentialValueModel(userModel, UserCredentialModel.PASSWORD);
        if (credentialValueModel != null && PasswordHashManager.verify(this.session, passwordPolicy, str, credentialValueModel)) {
            return new PolicyError(ERROR_MESSAGE, Integer.valueOf(intValue));
        }
        Iterator<UserCredentialValueModel> it = getCredentialValueModels(userModel, intValue - 1, UserCredentialModel.PASSWORD_HISTORY).iterator();
        while (it.hasNext()) {
            if (PasswordHashManager.verify(this.session, passwordPolicy, str, it.next())) {
                return new PolicyError(ERROR_MESSAGE, Integer.valueOf(intValue));
            }
        }
        return null;
    }

    private UserCredentialValueModel getCredentialValueModel(UserModel userModel, String str) {
        for (UserCredentialValueModel userCredentialValueModel : userModel.getCredentialsDirectly()) {
            if (userCredentialValueModel.getType().equals(str)) {
                return userCredentialValueModel;
            }
        }
        return null;
    }

    private List<UserCredentialValueModel> getCredentialValueModels(UserModel userModel, int i, String str) {
        ArrayList arrayList = new ArrayList();
        for (UserCredentialValueModel userCredentialValueModel : userModel.getCredentialsDirectly()) {
            if (userCredentialValueModel.getType().equals(str)) {
                arrayList.add(userCredentialValueModel);
            }
        }
        Collections.sort(arrayList, new Comparator<UserCredentialValueModel>() { // from class: org.keycloak.policy.HistoryPasswordPolicyProvider.1
            @Override // java.util.Comparator
            public int compare(UserCredentialValueModel userCredentialValueModel2, UserCredentialValueModel userCredentialValueModel3) {
                if (userCredentialValueModel2.getCreatedDate().longValue() > userCredentialValueModel3.getCreatedDate().longValue()) {
                    return -1;
                }
                return userCredentialValueModel2.getCreatedDate().longValue() < userCredentialValueModel3.getCreatedDate().longValue() ? 1 : 0;
            }
        });
        return arrayList.size() > i ? arrayList.subList(0, i) : arrayList;
    }

    @Override // org.keycloak.policy.PasswordPolicyProvider
    public Object parseConfig(String str) {
        return Integer.valueOf(str != null ? Integer.parseInt(str) : HistoryPasswordPolicyProviderFactory.DEFAULT_VALUE.intValue());
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }
}
