package org.keycloak.policy;

import org.jboss.logging.Logger;
import org.keycloak.credential.CredentialModel;
import org.keycloak.credential.hash.PasswordHashProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:org/keycloak/policy/HistoryPasswordPolicyProvider.class */
public class HistoryPasswordPolicyProvider implements PasswordPolicyProvider {
    private static final Logger logger = Logger.getLogger(HistoryPasswordPolicyProvider.class);
    private static final String ERROR_MESSAGE = "invalidPasswordHistoryMessage";
    private KeycloakSession session;

    public HistoryPasswordPolicyProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public PolicyError validate(String str, String str2) {
        return null;
    }

    public PolicyError validate(RealmModel realmModel, UserModel userModel, String str) {
        int intValue = ((Integer) this.session.getContext().getRealm().getPasswordPolicy().getPolicyConfig("passwordHistory")).intValue();
        if (intValue == -1) {
            return null;
        }
        for (CredentialModel credentialModel : this.session.userCredentialManager().getStoredCredentialsByType(realmModel, userModel, "password")) {
            PasswordHashProvider provider = this.session.getProvider(PasswordHashProvider.class, credentialModel.getAlgorithm());
            if (provider != null && provider.verify(str, credentialModel)) {
                return new PolicyError(ERROR_MESSAGE, new Object[]{Integer.valueOf(intValue)});
            }
        }
        for (CredentialModel credentialModel2 : this.session.userCredentialManager().getStoredCredentialsByType(realmModel, userModel, "password-history")) {
            if (this.session.getProvider(PasswordHashProvider.class, credentialModel2.getAlgorithm()).verify(str, credentialModel2)) {
                return new PolicyError(ERROR_MESSAGE, new Object[]{Integer.valueOf(intValue)});
            }
        }
        return null;
    }

    public Object parseConfig(String str) {
        return parseInteger(str, HistoryPasswordPolicyProviderFactory.DEFAULT_VALUE);
    }

    public void close() {
    }
}
