package org.picketlink.idm.credential.handler;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import org.ajax4jsf.javascript.ScriptStringBase;
import org.picketlink.idm.IdentityManagementException;
import org.picketlink.idm.config.SecurityConfigurationException;
import org.picketlink.idm.credential.Token;
import org.picketlink.idm.credential.TokenCredential;
import org.picketlink.idm.credential.handler.annotations.SupportsCredentials;
import org.picketlink.idm.credential.storage.CredentialStorage;
import org.picketlink.idm.credential.storage.TokenCredentialStorage;
import org.picketlink.idm.model.Account;
import org.picketlink.idm.spi.CredentialStore;
import org.picketlink.idm.spi.IdentityContext;

@SupportsCredentials(credentialClass = {TokenCredential.class, Token.class}, credentialStorage = TokenCredentialStorage.class)
/* loaded from: input_file:WEB-INF/lib/picketlink-idm-api.jar:org/picketlink/idm/credential/handler/TokenCredentialHandler.class */
public class TokenCredentialHandler<S extends CredentialStore<?>, V extends TokenCredential, U extends Token> extends AbstractCredentialHandler<S, V, U> {
    public static final String TOKEN_PROVIDER = "TOKEN_PROVIDER";
    private final List<Token.Provider> tokenProvider = new ArrayList();

    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler, org.picketlink.idm.credential.handler.CredentialHandler
    public void setup(S s) {
        super.setup((TokenCredentialHandler<S, V, U>) s);
        Object obj = s.getConfig().getCredentialHandlerProperties().get(TOKEN_PROVIDER);
        if (obj != null) {
            try {
                if (Token.Provider.class.isInstance(obj)) {
                    this.tokenProvider.add((Token.Provider) obj);
                } else if (obj.getClass().isArray()) {
                    this.tokenProvider.addAll(Arrays.asList((Token.Provider[]) obj));
                } else if (List.class.isInstance(obj)) {
                    this.tokenProvider.addAll((List) obj);
                }
            } catch (ClassCastException e) {
                throw new SecurityConfigurationException("Token provider is not a " + Token.Provider.class.getName() + " instance. You provided " + obj);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public boolean validateCredential(IdentityContext identityContext, CredentialStorage credentialStorage, V v) {
        return getTokenProvider(v.getToken()).validate(v.getToken());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public Account getAccount(IdentityContext identityContext, V v) {
        Token token = v.getToken();
        return getTokenProvider(token).getAccount(token);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.picketlink.idm.credential.handler.AbstractCredentialHandler
    public CredentialStorage getCredentialStorage(IdentityContext identityContext, Account account, V v, S s) {
        return s.retrieveCurrentCredential(identityContext, account, TokenCredentialStorage.class);
    }

    @Override // org.picketlink.idm.credential.handler.CredentialHandler
    public void update(IdentityContext identityContext, Account account, U u, S s, Date date, Date date2) {
        TokenCredentialStorage tokenStorage = getTokenProvider(u).getTokenStorage(account, u);
        if (tokenStorage == null) {
            tokenStorage = new TokenCredentialStorage();
            tokenStorage.setType(u.getType());
            tokenStorage.setValue(u.getToken());
        }
        if (date != null) {
            tokenStorage.setEffectiveDate(date);
        }
        if (tokenStorage.getExpiryDate() == null) {
            tokenStorage.setExpiryDate(date2);
        }
        if (tokenStorage.getType() == null) {
            throw new IdentityManagementException("TokenCredentialStorage can not have a null type.");
        }
        s.storeCredential(identityContext, account, tokenStorage);
    }

    private Token.Provider getTokenProvider(Token token) {
        if (this.tokenProvider.isEmpty()) {
            throw new SecurityConfigurationException("You must provide one or more(Array or List) " + Token.Provider.class.getName() + " instances using the following credential property: " + TokenCredentialHandler.class.getName() + ".TOKEN_PROVIDER");
        }
        for (Token.Provider provider : this.tokenProvider) {
            if (provider.supports(token)) {
                return provider;
            }
        }
        throw new SecurityConfigurationException("There is no " + Token.Provider.class.getName() + " that supports this token [" + token + ScriptStringBase.RIGHT_SQUARE_BRACKET);
    }
}
