package org.apache.jetspeed.security.spi.impl;

import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jetspeed.security.AlgorithmUpgradePasswordEncodingService;
import org.apache.jetspeed.security.InvalidNewPasswordException;
import org.apache.jetspeed.security.InvalidPasswordException;
import org.apache.jetspeed.security.PasswordAlreadyUsedException;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.om.InternalCredential;
import org.apache.jetspeed.security.om.InternalUserPrincipal;
import org.apache.jetspeed.security.om.impl.InternalCredentialImpl;
import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
import org.apache.jetspeed.security.spi.CredentialHandler;
import org.apache.jetspeed.security.spi.InternalPasswordCredentialInterceptor;
import org.apache.jetspeed.security.spi.PasswordCredentialProvider;
import org.apache.jetspeed.security.spi.SecurityAccess;

/* loaded from: input_file:portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-security-2.1.3.jar:org/apache/jetspeed/security/spi/impl/DefaultCredentialHandler.class */
public class DefaultCredentialHandler implements CredentialHandler {
    private static final Log log;
    private SecurityAccess securityAccess;
    private PasswordCredentialProvider pcProvider;
    private InternalPasswordCredentialInterceptor ipcInterceptor;
    static Class class$org$apache$jetspeed$security$spi$impl$DefaultCredentialHandler;

    public DefaultCredentialHandler(SecurityAccess securityAccess, PasswordCredentialProvider passwordCredentialProvider, InternalPasswordCredentialInterceptor internalPasswordCredentialInterceptor) {
        this.securityAccess = securityAccess;
        this.pcProvider = passwordCredentialProvider;
        this.ipcInterceptor = internalPasswordCredentialInterceptor;
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public Set getPrivateCredentials(String str) {
        InternalCredential passwordCredential;
        HashSet hashSet = new HashSet();
        InternalUserPrincipal internalUserPrincipal = this.securityAccess.getInternalUserPrincipal(str, false);
        if (null != internalUserPrincipal && (passwordCredential = getPasswordCredential(internalUserPrincipal, str)) != null) {
            try {
                hashSet.add(this.pcProvider.create(str, passwordCredential));
            } catch (SecurityException e) {
                if (log.isErrorEnabled()) {
                    log.error(new StringBuffer().append("Failure creating a PasswordCredential for InternalCredential ").append(passwordCredential).toString(), e);
                }
            }
        }
        return hashSet;
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public Set getPublicCredentials(String str) {
        return new HashSet();
    }

    private InternalCredential getPasswordCredential(InternalUserPrincipal internalUserPrincipal, String str) {
        r8 = null;
        Collection<InternalCredential> credentials = internalUserPrincipal.getCredentials();
        if (credentials != null) {
            for (InternalCredential internalCredential : credentials) {
                if (internalCredential.getType() == 0 && null != internalCredential.getClassname() && internalCredential.getClassname().equals(this.pcProvider.getPasswordCredentialClass().getName())) {
                    try {
                        if (this.ipcInterceptor != null && this.ipcInterceptor.afterLoad(this.pcProvider, str, internalCredential)) {
                            this.securityAccess.setInternalUserPrincipal(internalUserPrincipal, internalUserPrincipal.isMappingOnly());
                        }
                        break;
                    } catch (SecurityException e) {
                        if (log.isErrorEnabled()) {
                            log.error(new StringBuffer().append("Failure loading InternalCredential ").append(internalCredential).toString(), e);
                        }
                    }
                }
                internalCredential = null;
            }
        }
        return internalCredential;
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public void setPassword(String str, String str2, String str3) throws SecurityException {
        setPassword(str, str2, str3, false);
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public void importPassword(String str, String str2) throws SecurityException {
        setPassword(str, null, str2, true);
    }

    protected void setPassword(String str, String str2, String str3, boolean z) throws SecurityException {
        InternalUserPrincipal internalUserPrincipal = this.securityAccess.getInternalUserPrincipal(str, false);
        if (null == internalUserPrincipal) {
            throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(str));
        }
        Collection credentials = internalUserPrincipal.getCredentials();
        if (null == credentials) {
            credentials = new ArrayList();
        }
        InternalCredential passwordCredential = getPasswordCredential(internalUserPrincipal, str);
        if (null != str2 && passwordCredential != null && passwordCredential.getValue() != null && passwordCredential.isEncoded() && this.pcProvider.getEncoder() != null) {
            str2 = this.pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder ? ((AlgorithmUpgradeCredentialPasswordEncoder) this.pcProvider.getEncoder()).encode(str, str2, passwordCredential) : this.pcProvider.getEncoder().encode(str, str2);
        }
        if (str2 != null && (passwordCredential == null || passwordCredential.getValue() == null || !passwordCredential.getValue().equals(str2))) {
            throw new InvalidPasswordException();
        }
        if (!z && this.pcProvider.getValidator() != null) {
            try {
                this.pcProvider.getValidator().validate(str3);
            } catch (InvalidPasswordException e) {
                throw new InvalidNewPasswordException();
            }
        }
        boolean z2 = false;
        if (this.pcProvider.getEncoder() != null) {
            if (!z) {
                str3 = this.pcProvider.getEncoder().encode(str, str3);
            }
            z2 = true;
        }
        boolean z3 = passwordCredential == null;
        if (z3) {
            passwordCredential = new InternalCredentialImpl(internalUserPrincipal.getPrincipalId(), str3, 0, this.pcProvider.getPasswordCredentialClass().getName());
            passwordCredential.setEncoded(z2);
            credentials.add(passwordCredential);
        } else if (str2 != null && str2.equals(str3)) {
            throw new PasswordAlreadyUsedException();
        }
        if (this.ipcInterceptor != null) {
            if (z3) {
                this.ipcInterceptor.beforeCreate(internalUserPrincipal, credentials, str, passwordCredential, str3);
            } else {
                this.ipcInterceptor.beforeSetPassword(internalUserPrincipal, credentials, str, passwordCredential, str3, str2 != null);
            }
        }
        if (!z3) {
            passwordCredential.setValue(str3);
            passwordCredential.setEncoded(z2);
            passwordCredential.setUpdateRequired(false);
        }
        long time = new Date().getTime();
        if (str2 != null) {
            passwordCredential.setPreviousAuthenticationDate(passwordCredential.getLastAuthenticationDate());
            passwordCredential.setLastAuthenticationDate(new Timestamp(time));
        } else if (z2 && (this.pcProvider.getEncoder() instanceof AlgorithmUpgradePasswordEncodingService)) {
            passwordCredential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
            passwordCredential.setLastAuthenticationDate(null);
        }
        passwordCredential.setModifiedDate(new Timestamp(time));
        internalUserPrincipal.setModifiedDate(new Timestamp(time));
        internalUserPrincipal.setCredentials(credentials);
        this.securityAccess.setInternalUserPrincipal(internalUserPrincipal, false);
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public void setPasswordEnabled(String str, boolean z) throws SecurityException {
        InternalUserPrincipal internalUserPrincipal = this.securityAccess.getInternalUserPrincipal(str, false);
        if (null == internalUserPrincipal) {
            throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(str));
        }
        InternalCredential passwordCredential = getPasswordCredential(internalUserPrincipal, str);
        if (passwordCredential == null || passwordCredential.isExpired() || passwordCredential.isEnabled() == z) {
            return;
        }
        long time = new Date().getTime();
        passwordCredential.setEnabled(z);
        passwordCredential.setAuthenticationFailures(0);
        passwordCredential.setModifiedDate(new Timestamp(time));
        internalUserPrincipal.setModifiedDate(new Timestamp(time));
        this.securityAccess.setInternalUserPrincipal(internalUserPrincipal, false);
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public void setPasswordUpdateRequired(String str, boolean z) throws SecurityException {
        InternalUserPrincipal internalUserPrincipal = this.securityAccess.getInternalUserPrincipal(str, false);
        if (null == internalUserPrincipal) {
            throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(str));
        }
        InternalCredential passwordCredential = getPasswordCredential(internalUserPrincipal, str);
        if (passwordCredential == null || passwordCredential.isExpired() || passwordCredential.isUpdateRequired() == z) {
            return;
        }
        if (!z && !passwordCredential.isEncoded() && this.pcProvider.getValidator() != null) {
            this.pcProvider.getValidator().validate(passwordCredential.getValue());
        }
        passwordCredential.setUpdateRequired(z);
        long time = new Date().getTime();
        passwordCredential.setModifiedDate(new Timestamp(time));
        passwordCredential.setPreviousAuthenticationDate(new Timestamp(time));
        passwordCredential.setModifiedDate(new Timestamp(time));
        internalUserPrincipal.setModifiedDate(new Timestamp(time));
        this.securityAccess.setInternalUserPrincipal(internalUserPrincipal, false);
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public void setPasswordExpiration(String str, java.sql.Date date) throws SecurityException {
        InternalUserPrincipal internalUserPrincipal = this.securityAccess.getInternalUserPrincipal(str, false);
        if (null == internalUserPrincipal) {
            throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(str));
        }
        InternalCredential passwordCredential = getPasswordCredential(internalUserPrincipal, str);
        if (passwordCredential != null) {
            long time = new Date().getTime();
            if (date == null || !new java.sql.Date(time).after(date)) {
                passwordCredential.setExpired(false);
            } else {
                passwordCredential.setExpired(true);
            }
            passwordCredential.setExpirationDate(date);
            passwordCredential.setModifiedDate(new Timestamp(time));
            internalUserPrincipal.setModifiedDate(new Timestamp(time));
            this.securityAccess.setInternalUserPrincipal(internalUserPrincipal, false);
        }
    }

    @Override // org.apache.jetspeed.security.spi.CredentialHandler
    public boolean authenticate(String str, String str2) throws SecurityException {
        boolean z = false;
        InternalUserPrincipal internalUserPrincipal = this.securityAccess.getInternalUserPrincipal(str, false);
        if (null == internalUserPrincipal) {
            throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(str));
        }
        InternalCredential passwordCredential = getPasswordCredential(internalUserPrincipal, str);
        if (passwordCredential != null && passwordCredential.isEnabled() && !passwordCredential.isExpired()) {
            String str3 = str2;
            if (this.pcProvider.getEncoder() != null && passwordCredential.isEncoded()) {
                str3 = this.pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder ? ((AlgorithmUpgradeCredentialPasswordEncoder) this.pcProvider.getEncoder()).encode(str, str2, passwordCredential) : this.pcProvider.getEncoder().encode(str, str2);
            }
            z = passwordCredential.getValue().equals(str3);
            boolean z2 = false;
            if (this.ipcInterceptor != null) {
                z2 = this.ipcInterceptor.afterAuthenticated(internalUserPrincipal, str, passwordCredential, z);
                if (z2 && (!passwordCredential.isEnabled() || passwordCredential.isExpired())) {
                    z = false;
                }
            }
            long time = new Date().getTime();
            if (z) {
                passwordCredential.setAuthenticationFailures(0);
                if (this.pcProvider.getEncoder() != null && (this.pcProvider.getEncoder() instanceof AlgorithmUpgradeCredentialPasswordEncoder)) {
                    ((AlgorithmUpgradeCredentialPasswordEncoder) this.pcProvider.getEncoder()).recodeIfNeeded(str, str2, passwordCredential);
                }
                passwordCredential.setPreviousAuthenticationDate(passwordCredential.getLastAuthenticationDate());
                passwordCredential.setLastAuthenticationDate(new Timestamp(time));
                z2 = true;
            }
            if (z2) {
                passwordCredential.setModifiedDate(new Timestamp(time));
                internalUserPrincipal.setModifiedDate(new Timestamp(time));
                this.securityAccess.setInternalUserPrincipal(internalUserPrincipal, false);
            }
        }
        return z;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$jetspeed$security$spi$impl$DefaultCredentialHandler == null) {
            cls = class$("org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler");
            class$org$apache$jetspeed$security$spi$impl$DefaultCredentialHandler = cls;
        } else {
            cls = class$org$apache$jetspeed$security$spi$impl$DefaultCredentialHandler;
        }
        log = LogFactory.getLog(cls);
    }
}
