package org.picketlink.idm.credential.handler;

import java.security.SecureRandom;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.picketlink.common.random.DefaultSecureRandomProvider;
import org.picketlink.common.random.SecureRandomProvider;
import org.picketlink.common.util.StringUtil;
import org.picketlink.idm.IDMMessages;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.config.SecurityConfigurationException;
import org.picketlink.idm.credential.AbstractBaseCredentials;
import org.picketlink.idm.credential.Password;
import org.picketlink.idm.credential.UsernamePasswordCredentials;
import org.picketlink.idm.credential.encoder.PasswordEncoder;
import org.picketlink.idm.credential.encoder.SHAPasswordEncoder;
import org.picketlink.idm.credential.handler.annotations.SupportsCredentials;
import org.picketlink.idm.credential.storage.CredentialStorage;
import org.picketlink.idm.credential.storage.EncodedPasswordStorage;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;

@SupportsCredentials(credentialClass = {UsernamePasswordCredentials.class, Password.class}, credentialStorage = EncodedPasswordStorage.class)
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-api.jar:org/picketlink/idm/credential/handler/PasswordCredentialHandler.class */
public class PasswordCredentialHandler<S extends CredentialStore<?>, V extends UsernamePasswordCredentials, U extends Password> extends AbstractCredentialHandler<S, V, U> {
    private static final String DEFAULT_SALT_ALGORITHM = "SHA1PRNG";
    public static final String PASSWORD_ENCODER = "PASSWORD_ENCODER";
    public static final String SECURE_RANDOM_PROVIDER = "SECURE_RANDOM_PROVIDER";
    public static final String RENEW_RANDOM_NUMBER_GENERATOR_INTERVAL = "RENEW_RANDOM_NUMBER_GENERATOR_INTERVAL";
    public static final String ALGORITHM_RANDOM_NUMBER = "ALGORITHM_RANDOM_NUMBER";
    public static final String KEY_LENGTH_RANDOM_NUMBER = "KEY_LENGTH_RANDOM_NUMBER";
    private PasswordEncoder passwordEncoder = new SHAPasswordEncoder(512);
    private final Lock lock = new ReentrantLock();
    private Integer renewRandomNumberGeneratorInterval = -1;
    private AtomicLong lastRenewTime = new AtomicLong();
    private SecureRandomProvider secureRandomProvider;
    private SecureRandom secureRandom;

    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler, org.picketlink.idm.credential.handler.CredentialHandler
    public void setup(S s) {
        super.setup((PasswordCredentialHandler<S, V, U>) s);
        Map<String, Object> credentialHandlerProperties = s.getConfig().getCredentialHandlerProperties();
        if (credentialHandlerProperties != null) {
            Object obj = credentialHandlerProperties.get(PASSWORD_ENCODER);
            if (obj != null) {
                if (!PasswordEncoder.class.isInstance(obj)) {
                    throw new SecurityConfigurationException("The password encoder [" + obj + "] must be an instance of " + PasswordEncoder.class.getName());
                }
                this.passwordEncoder = (PasswordEncoder) obj;
            }
            Object obj2 = credentialHandlerProperties.get(RENEW_RANDOM_NUMBER_GENERATOR_INTERVAL);
            if (obj2 != null) {
                this.renewRandomNumberGeneratorInterval = Integer.valueOf(obj2.toString());
            }
            Object obj3 = credentialHandlerProperties.get(SECURE_RANDOM_PROVIDER);
            if (obj3 != null) {
                this.secureRandomProvider = (SecureRandomProvider) obj3;
            } else {
                Object obj4 = credentialHandlerProperties.get(ALGORITHM_RANDOM_NUMBER);
                if (obj4 == null) {
                    obj4 = "SHA1PRNG";
                }
                Object obj5 = credentialHandlerProperties.get(KEY_LENGTH_RANDOM_NUMBER);
                if (obj5 == null) {
                    obj5 = 0;
                }
                this.secureRandomProvider = new DefaultSecureRandomProvider(obj4.toString(), Integer.valueOf(obj5.toString()).intValue());
            }
        }
        this.secureRandom = createSecureRandom();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public Account getAccount(IdentityContext identityContext, V v) {
        return getAccount(identityContext, v.getUsername());
    }

    protected CredentialStorage getCredentialStorage(IdentityContext identityContext, Account account, V v, S s) {
        return s.retrieveCurrentCredential(identityContext, account, EncodedPasswordStorage.class);
    }

    protected boolean validateCredential(IdentityContext identityContext, CredentialStorage credentialStorage, V v, S s) {
        EncodedPasswordStorage encodedPasswordStorage = (EncodedPasswordStorage) credentialStorage;
        if (encodedPasswordStorage == null) {
            return false;
        }
        return this.passwordEncoder.verify(saltPassword(new String(v.getPassword().getValue()), encodedPasswordStorage.getSalt()), encodedPasswordStorage.getEncodedHash());
    }

    public CredentialStorage createCredentialStorage(IdentityContext identityContext, Account account, U u, S s, Date date, Date date2) {
        EncodedPasswordStorage encodedPasswordStorage = new EncodedPasswordStorage();
        if (u.getValue() == null || StringUtil.isNullOrEmpty(u.getValue().toString())) {
            throw IDMMessages.MESSAGES.credentialInvalidPassword();
        }
        String str = new String(u.getValue());
        String generateSalt = generateSalt();
        encodedPasswordStorage.setSalt(generateSalt);
        encodedPasswordStorage.setEncodedHash(this.passwordEncoder.encode(saltPassword(str, generateSalt)));
        if (date != null) {
            encodedPasswordStorage.setEffectiveDate(date);
        }
        encodedPasswordStorage.setExpiryDate(date2);
        return encodedPasswordStorage;
    }

    protected SecureRandomProvider getSecureRandomProvider() {
        return this.secureRandomProvider;
    }

    private String saltPassword(String str, String str2) {
        return str2 + str;
    }

    protected String generateSalt() {
        return String.valueOf(getSecureRandom().nextLong());
    }

    private void renewSecureRandom() {
        if (isSecureRandomOutDated() && this.lock.tryLock()) {
            try {
                this.lastRenewTime.set(new Date().getTime());
                this.secureRandom = createSecureRandom();
            } finally {
                this.lock.unlock();
            }
        }
    }

    private SecureRandom createSecureRandom() {
        try {
            return getSecureRandomProvider().getSecureRandom();
        } catch (Exception e) {
            throw new IdentityManagementException("Error getting SecureRandom instance from provider [" + this.secureRandomProvider + "].", e);
        }
    }

    private SecureRandom getSecureRandom() {
        renewSecureRandom();
        return this.secureRandom;
    }

    private boolean isSecureRandomOutDated() {
        if (this.renewRandomNumberGeneratorInterval.intValue() == -1) {
            return false;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date(this.lastRenewTime.get()));
        calendar.add(14, this.renewRandomNumberGeneratorInterval.intValue());
        return calendar.getTime().compareTo(new Date()) <= 0;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    protected /* bridge */ /* synthetic */ CredentialStorage getCredentialStorage(IdentityContext identityContext, Account account, AbstractBaseCredentials abstractBaseCredentials, CredentialStore credentialStore) {
        return getCredentialStorage(identityContext, account, (Account) abstractBaseCredentials, (UsernamePasswordCredentials) credentialStore);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    protected /* bridge */ /* synthetic */ boolean validateCredential(IdentityContext identityContext, CredentialStorage credentialStorage, AbstractBaseCredentials abstractBaseCredentials, CredentialStore credentialStore) {
        return validateCredential(identityContext, credentialStorage, (CredentialStorage) abstractBaseCredentials, (UsernamePasswordCredentials) credentialStore);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public /* bridge */ /* synthetic */ CredentialStorage createCredentialStorage(IdentityContext identityContext, Account account, Object obj, CredentialStore credentialStore, Date date, Date date2) {
        return createCredentialStorage(identityContext, account, (Account) obj, (Password) credentialStore, date, date2);
    }
}
