package org.picketlink.idm.credential.handler;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.picketlink.common.util.Base64;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.credential.X509CertificateCredentials;
import org.picketlink.idm.credential.handler.annotations.SupportsCredentials;
import org.picketlink.idm.credential.storage.CredentialStorage;
import org.picketlink.idm.credential.storage.X509CertificateStorage;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;

@SupportsCredentials(credentialClass = {X509CertificateCredentials.class, X509Certificate.class}, credentialStorage = X509CertificateStorage.class)
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-api-2.5.3.Beta3.jar:org/picketlink/idm/credential/handler/X509CertificateCredentialHandler.class */
public class X509CertificateCredentialHandler<S, V, U> extends AbstractCredentialHandler<CredentialStore<?>, X509CertificateCredentials, X509Certificate> {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public X509CertificateStorage getCredentialStorage(IdentityContext identityContext, Account account, X509CertificateCredentials x509CertificateCredentials, CredentialStore<?> credentialStore) {
        return (X509CertificateStorage) credentialStore.retrieveCurrentCredential(identityContext, account, X509CertificateStorage.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public boolean validateCredential(CredentialStorage credentialStorage, X509CertificateCredentials x509CertificateCredentials) {
        X509CertificateStorage x509CertificateStorage = (X509CertificateStorage) credentialStorage;
        if (x509CertificateCredentials.isTrusted()) {
            return true;
        }
        try {
            return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(x509CertificateStorage.getBase64Cert())))).equals(x509CertificateCredentials.getCertificate());
        } catch (Exception e) {
            throw new IdentityManagementException("Error while checking user's certificate.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public Account getAccount(IdentityContext identityContext, X509CertificateCredentials x509CertificateCredentials) {
        return getAccount(identityContext, x509CertificateCredentials.getUsername());
    }

    @Override // org.picketlink.idm.credential.handler.CredentialHandler
    public void update(IdentityContext identityContext, Account account, X509Certificate x509Certificate, CredentialStore<?> credentialStore, Date date, Date date2) {
        X509CertificateStorage x509CertificateStorage = new X509CertificateStorage(x509Certificate);
        if (date != null) {
            x509CertificateStorage.setEffectiveDate(date);
        }
        x509CertificateStorage.setExpiryDate(date2);
        credentialStore.storeCredential(identityContext, account, x509CertificateStorage);
    }
}
