package org.keycloak.policy;

import java.util.stream.Stream;
import org.jboss.logging.Logger;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.hash.PasswordHashProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.credential.PasswordCredentialModel;

/* loaded from: input_file:org/keycloak/policy/HistoryPasswordPolicyProvider.class */
public class HistoryPasswordPolicyProvider implements PasswordPolicyProvider {
    private static final Logger logger = Logger.getLogger(HistoryPasswordPolicyProvider.class);
    private static final String ERROR_MESSAGE = "invalidPasswordHistoryMessage";
    private KeycloakSession session;

    public HistoryPasswordPolicyProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public PolicyError validate(String str, String str2) {
        return null;
    }

    public PolicyError validate(RealmModel realmModel, UserModel userModel, String str) {
        int intValue = ((Integer) this.session.getContext().getRealm().getPasswordPolicy().getPolicyConfig("passwordHistory")).intValue();
        if (intValue == -1) {
            return null;
        }
        if (this.session.userCredentialManager().getStoredCredentialsByTypeStream(realmModel, userModel, "password").map(PasswordCredentialModel::createFromCredentialModel).anyMatch(passwordCredentialModel -> {
            PasswordHashProvider provider = this.session.getProvider(PasswordHashProvider.class, passwordCredentialModel.getPasswordCredentialData().getAlgorithm());
            return provider != null && provider.verify(str, passwordCredentialModel);
        })) {
            return new PolicyError(ERROR_MESSAGE, new Object[]{Integer.valueOf(intValue)});
        }
        if (intValue <= 0 || !getRecent(this.session.userCredentialManager().getStoredCredentialsByTypeStream(realmModel, userModel, "password-history"), intValue - 1).map(PasswordCredentialModel::createFromCredentialModel).anyMatch(passwordCredentialModel2 -> {
            return this.session.getProvider(PasswordHashProvider.class, passwordCredentialModel2.getPasswordCredentialData().getAlgorithm()).verify(str, passwordCredentialModel2);
        })) {
            return null;
        }
        return new PolicyError(ERROR_MESSAGE, new Object[]{Integer.valueOf(intValue)});
    }

    private Stream<CredentialModel> getRecent(Stream<CredentialModel> stream, int i) {
        return stream.sorted(CredentialModel.comparingByStartDateDesc()).limit(i);
    }

    public Object parseConfig(String str) {
        return parseInteger(str, HistoryPasswordPolicyProviderFactory.DEFAULT_VALUE);
    }

    public void close() {
    }
}
