package org.apache.jetspeed.security.spi.impl;

import java.sql.Timestamp;
import java.util.Date;
import java.util.List;
import org.apache.jetspeed.security.CredentialPasswordEncoder;
import org.apache.jetspeed.security.CredentialPasswordValidator;
import org.apache.jetspeed.security.InvalidPasswordException;
import org.apache.jetspeed.security.PasswordCredential;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.spi.AlgorithmUpgradeCredentialPasswordEncoder;
import org.apache.jetspeed.security.spi.PasswordCredentialInterceptor;
import org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager;

/* loaded from: input_file:tomcat-portal.zip:webapps/jetspeed/WEB-INF/lib/jetspeed-security-2.2.0.jar:org/apache/jetspeed/security/spi/impl/UserPasswordCredentialPolicyManagerImpl.class */
public class UserPasswordCredentialPolicyManagerImpl implements UserPasswordCredentialPolicyManager {
    private CredentialPasswordEncoder encoder;
    private CredentialPasswordValidator validator;
    private PasswordCredentialInterceptor[] interceptors;

    public UserPasswordCredentialPolicyManagerImpl() {
        this.interceptors = new PasswordCredentialInterceptor[0];
    }

    public UserPasswordCredentialPolicyManagerImpl(CredentialPasswordEncoder credentialPasswordEncoder, CredentialPasswordValidator credentialPasswordValidator, List<?> list) {
        this.encoder = credentialPasswordEncoder;
        this.validator = credentialPasswordValidator;
        if (list != null) {
            this.interceptors = (PasswordCredentialInterceptor[]) list.toArray(new PasswordCredentialInterceptor[list.size()]);
        } else {
            this.interceptors = new PasswordCredentialInterceptor[0];
        }
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager
    public CredentialPasswordEncoder getCredentialPasswordEncoder() {
        return this.encoder;
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager
    public CredentialPasswordValidator getCredentialPasswordValidator() {
        return this.validator;
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager
    public boolean onLoad(PasswordCredential passwordCredential, String str) throws SecurityException {
        boolean z = false;
        for (PasswordCredentialInterceptor passwordCredentialInterceptor : this.interceptors) {
            if (passwordCredentialInterceptor.afterLoad(str, passwordCredential, this.encoder, this.validator)) {
                z = true;
            }
        }
        return z;
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager
    public boolean authenticate(PasswordCredential passwordCredential, String str, String str2) throws SecurityException {
        boolean z = false;
        if (this.encoder != null && passwordCredential.isEncoded()) {
            z = passwordCredential.getPassword().equals(this.encoder instanceof AlgorithmUpgradeCredentialPasswordEncoder ? ((AlgorithmUpgradeCredentialPasswordEncoder) this.encoder).encode(passwordCredential, str2) : this.encoder.encode(str, str2));
        }
        boolean z2 = false;
        for (PasswordCredentialInterceptor passwordCredentialInterceptor : this.interceptors) {
            if (passwordCredentialInterceptor.afterAuthenticated(passwordCredential, z)) {
                z2 = true;
            }
        }
        if (z2 && (!passwordCredential.isEnabled() || passwordCredential.isExpired())) {
            z = false;
        }
        if (z) {
            passwordCredential.setAuthenticationFailures(0);
            if (this.encoder != null && (this.encoder instanceof AlgorithmUpgradeCredentialPasswordEncoder)) {
                ((AlgorithmUpgradeCredentialPasswordEncoder) this.encoder).recodeIfNeeded(passwordCredential, str2);
                passwordCredential.clearNewPasswordSet();
            }
            passwordCredential.setPreviousAuthenticationDate(passwordCredential.getLastAuthenticationDate());
            passwordCredential.setLastAuthenticationDate(new Timestamp(new Date().getTime()));
            z2 = true;
        } else {
            passwordCredential.setAuthenticationFailures(passwordCredential.getAuthenticationFailures() + 1);
        }
        return z2;
    }

    @Override // org.apache.jetspeed.security.spi.UserPasswordCredentialPolicyManager
    public void onStore(PasswordCredential passwordCredential) throws SecurityException {
        String password;
        if (passwordCredential.isNewPasswordSet()) {
            boolean z = false;
            if (passwordCredential.getNewPassword() != null) {
                if (passwordCredential.getOldPassword() != null) {
                    z = true;
                    String oldPassword = passwordCredential.getOldPassword();
                    if (passwordCredential.isEncoded() && this.encoder != null) {
                        oldPassword = this.encoder instanceof AlgorithmUpgradeCredentialPasswordEncoder ? ((AlgorithmUpgradeCredentialPasswordEncoder) this.encoder).encode(passwordCredential, oldPassword) : this.encoder.encode(passwordCredential.getUserName(), oldPassword);
                    }
                    if (passwordCredential.getPassword() == null || !passwordCredential.getPassword().equals(oldPassword)) {
                        throw new InvalidPasswordException();
                    }
                }
                if (this.validator != null) {
                    this.validator.validate(passwordCredential.getNewPassword());
                }
                password = passwordCredential.getNewPassword();
                if (this.encoder != null) {
                    password = this.encoder.encode(passwordCredential.getUserName(), password);
                }
            } else {
                password = passwordCredential.getPassword();
                if (this.encoder != null && !passwordCredential.isEncoded()) {
                    password = this.encoder.encode(passwordCredential.getUserName(), password);
                }
            }
            if (!passwordCredential.isNew()) {
                passwordCredential.revertNewPasswordSet();
                for (PasswordCredentialInterceptor passwordCredentialInterceptor : this.interceptors) {
                    passwordCredentialInterceptor.beforeSetPassword(passwordCredential, password, z);
                }
                passwordCredential.setUpdateRequired(false);
            }
            passwordCredential.setPassword(password, this.encoder != null);
            passwordCredential.clearNewPasswordSet();
            if (z) {
                passwordCredential.setPreviousAuthenticationDate(passwordCredential.getLastAuthenticationDate());
                passwordCredential.setLastAuthenticationDate(new Timestamp(new Date().getTime()));
            } else if (this.encoder != null && (this.encoder instanceof AlgorithmUpgradeCredentialPasswordEncoder)) {
                passwordCredential.setPreviousAuthenticationDate(new Timestamp(new Date().getTime()));
                passwordCredential.setLastAuthenticationDate(null);
            }
        }
        if (passwordCredential.isNew()) {
            for (PasswordCredentialInterceptor passwordCredentialInterceptor2 : this.interceptors) {
                passwordCredentialInterceptor2.beforeCreate(passwordCredential);
            }
        }
    }
}
