package com.evolveum.midpoint.model.impl.lens.projector.credentials;

import com.evolveum.midpoint.common.LocalizationService;
import com.evolveum.midpoint.model.common.stringpolicy.FocusValuePolicyOriginResolver;
import com.evolveum.midpoint.model.common.stringpolicy.ObjectValuePolicyEvaluator;
import com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor;
import com.evolveum.midpoint.model.impl.ModelObjectResolver;
import com.evolveum.midpoint.model.impl.lens.LensContext;
import com.evolveum.midpoint.model.impl.lens.LensFocusContext;
import com.evolveum.midpoint.model.impl.lens.OperationalDataManager;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismPropertyValue;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.delta.PartiallyResolvedDelta;
import com.evolveum.midpoint.prism.path.ItemName;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.LocalizableMessageBuilder;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.PolicyViolationException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractCredentialType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordHistoryEntryType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.commons.lang3.ObjectUtils;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:WEB-INF/lib/model-impl-4.3.3-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/credentials/CredentialPolicyEvaluator.class */
public abstract class CredentialPolicyEvaluator<R extends AbstractCredentialType, P extends CredentialPolicyType, F extends FocusType> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) CredentialPolicyEvaluator.class);
    private static final ItemPath CREDENTIAL_RELATIVE_VALUE_PATH = PasswordType.F_VALUE;
    private final PrismContext prismContext;
    private final Protector protector;
    private final LocalizationService localizationService;
    private final OperationalDataManager metadataManager;
    private final ValuePolicyProcessor valuePolicyProcessor;
    private final ModelObjectResolver resolver;
    private final LensContext<F> context;
    private final XMLGregorianCalendar now;
    private final Task task;
    private final OperationResult result;
    private ObjectValuePolicyEvaluator objectValuePolicyEvaluator;
    private P credentialPolicy;

    /* loaded from: input_file:WEB-INF/lib/model-impl-4.3.3-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/lens/projector/credentials/CredentialPolicyEvaluator$Builder.class */
    public static abstract class Builder<F extends FocusType> {
        private PrismContext prismContext;
        private Protector protector;
        private LocalizationService localizationService;
        private OperationalDataManager metadataManager;
        private ValuePolicyProcessor valuePolicyProcessor;
        private ModelObjectResolver resolver;
        private LensContext<F> context;
        private XMLGregorianCalendar now;
        private Task task;
        private OperationResult result;

        public Builder<F> prismContext(PrismContext prismContext) {
            this.prismContext = prismContext;
            return this;
        }

        public Builder<F> protector(Protector protector) {
            this.protector = protector;
            return this;
        }

        public Builder<F> localizationService(LocalizationService localizationService) {
            this.localizationService = localizationService;
            return this;
        }

        public Builder<F> metadataManager(OperationalDataManager operationalDataManager) {
            this.metadataManager = operationalDataManager;
            return this;
        }

        public Builder<F> valuePolicyProcessor(ValuePolicyProcessor valuePolicyProcessor) {
            this.valuePolicyProcessor = valuePolicyProcessor;
            return this;
        }

        public Builder<F> resolver(ModelObjectResolver modelObjectResolver) {
            this.resolver = modelObjectResolver;
            return this;
        }

        public Builder<F> context(LensContext<F> lensContext) {
            this.context = lensContext;
            return this;
        }

        public Builder<F> now(XMLGregorianCalendar xMLGregorianCalendar) {
            this.now = xMLGregorianCalendar;
            return this;
        }

        public Builder<F> task(Task task) {
            this.task = task;
            return this;
        }

        public Builder<F> result(OperationResult operationResult) {
            this.result = operationResult;
            return this;
        }

        public abstract CredentialPolicyEvaluator<?, ?, F> build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialPolicyEvaluator(Builder<F> builder) {
        this.prismContext = ((Builder) builder).prismContext;
        this.protector = ((Builder) builder).protector;
        this.localizationService = ((Builder) builder).localizationService;
        this.metadataManager = ((Builder) builder).metadataManager;
        this.valuePolicyProcessor = ((Builder) builder).valuePolicyProcessor;
        this.resolver = ((Builder) builder).resolver;
        this.context = ((Builder) builder).context;
        this.now = ((Builder) builder).now;
        this.task = ((Builder) builder).task;
        this.result = ((Builder) builder).result;
    }

    protected abstract ItemPath getCredentialsContainerPath();

    private ItemPath getCredentialRelativeValuePath() {
        return CREDENTIAL_RELATIVE_VALUE_PATH;
    }

    private ItemPath getCredentialValuePath() {
        return getCredentialsContainerPath().append(getCredentialRelativeValuePath());
    }

    protected abstract String getCredentialHumanReadableName();

    protected abstract String getCredentialHumanReadableKey();

    protected boolean supportsHistory() {
        return false;
    }

    private P getCredentialPolicy() throws SchemaException {
        if (this.credentialPolicy == null) {
            this.credentialPolicy = determineEffectiveCredentialPolicy();
        }
        return this.credentialPolicy;
    }

    protected abstract P determineEffectiveCredentialPolicy() throws SchemaException;

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityPolicyType getSecurityPolicy() {
        return this.context.getFocusContext().getSecurityPolicy();
    }

    private ObjectValuePolicyEvaluator getObjectValuePolicyEvaluator() throws SchemaException {
        if (this.objectValuePolicyEvaluator == null) {
            PrismObject<F> objectAny = this.context.getFocusContext().getObjectAny();
            this.objectValuePolicyEvaluator = new ObjectValuePolicyEvaluator.Builder().now(this.now).originResolver(new FocusValuePolicyOriginResolver(objectAny, this.resolver)).protector(this.protector).securityPolicy(getSecurityPolicy()).shortDesc(getCredentialHumanReadableName() + " for " + objectAny).task(this.task).valueItemPath(getCredentialValuePath()).valuePolicyProcessor(this.valuePolicyProcessor).oldCredential(getOldCredential()).build();
        }
        return this.objectValuePolicyEvaluator;
    }

    public void process() throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
        LensFocusContext<F> focusContext = this.context.getFocusContext();
        if (focusContext.isAdd()) {
            processAdd(focusContext);
        } else if (focusContext.isModify()) {
            processModify(focusContext);
        } else if (focusContext.isDelete()) {
            LOGGER.trace("Skipping processing {} policies. Focus will be deleted.", getCredentialHumanReadableName());
        }
    }

    private void processAdd(LensFocusContext<F> lensFocusContext) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (lensFocusContext.wasAddExecuted()) {
            LOGGER.trace("Skipping processing {} policies. Focus addition was already executed.", getCredentialHumanReadableName());
            return;
        }
        PrismContainer<R> findContainer = lensFocusContext.getObjectNew().findContainer(getCredentialsContainerPath());
        if (findContainer != null) {
            Iterator it = findContainer.getValues().iterator();
            while (it.hasNext()) {
                processCredentialContainerValue((PrismContainerValue) it.next());
            }
        }
        validateMinOccurs(findContainer);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void processModify(LensFocusContext<F> lensFocusContext) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
        boolean z = false;
        boolean z2 = false;
        ObjectDelta<F> currentDelta = lensFocusContext.getCurrentDelta();
        ItemDelta findContainerDelta = currentDelta != null ? currentDelta.findContainerDelta(getCredentialsContainerPath()) : null;
        if (findContainerDelta != null) {
            if (findContainerDelta.isAdd()) {
                Iterator it = findContainerDelta.getValuesToAdd().iterator();
                while (it.hasNext()) {
                    z = true;
                    processCredentialContainerValue((PrismContainerValue) it.next());
                }
            }
            if (findContainerDelta.isReplace()) {
                Iterator it2 = findContainerDelta.getValuesToReplace().iterator();
                while (it2.hasNext()) {
                    z = true;
                    processCredentialContainerValue((PrismContainerValue) it2.next());
                }
                z2 = true;
            }
            if (findContainerDelta.isDelete()) {
                z2 = true;
            }
        } else if (hasValueDelta(currentDelta, getCredentialsContainerPath())) {
            z = isCredentialValueChanged(currentDelta);
            z2 = true;
            processValueDelta(currentDelta);
            if (z || !SecurityUtil.isHistoryAllowExistingPasswordReuse(getCredentialPolicy())) {
                addMetadataDelta();
            } else {
                LOGGER.trace("Skipping Metadata delta.");
            }
        }
        if (z2) {
            validateMinOccurs(getObjectNew(lensFocusContext).findContainer(getCredentialsContainerPath()));
        }
        if (z) {
            addHistoryDeltas();
        }
    }

    private boolean isCredentialValueChanged(ObjectDelta<F> objectDelta) {
        ProtectedStringType protectedStringType = null;
        ItemDelta findPropertyDelta = objectDelta.findPropertyDelta(getCredentialValuePath());
        if (findPropertyDelta != null && findPropertyDelta.getValuesToReplace() != null) {
            Iterator it = findPropertyDelta.getValuesToReplace().iterator();
            if (it.hasNext()) {
                protectedStringType = (ProtectedStringType) ((PrismPropertyValue) it.next()).getValue();
            }
        }
        if (protectedStringType == null && findPropertyDelta != null && findPropertyDelta.getValuesToAdd() != null) {
            Iterator it2 = findPropertyDelta.getValuesToAdd().iterator();
            if (it2.hasNext()) {
                protectedStringType = (ProtectedStringType) ((PrismPropertyValue) it2.next()).getValue();
            }
        }
        if (getOldCredential() == null) {
            return protectedStringType != null;
        }
        if (!(getOldCredential() instanceof PasswordType)) {
            return true;
        }
        ProtectedStringType value = ((PasswordType) getOldCredential()).getValue();
        if (protectedStringType == null) {
            return value != null;
        }
        try {
            return !this.protector.compareCleartext(value, protectedStringType);
        } catch (EncryptionException | SchemaException e) {
            throw new SystemException("Failed to compare passwords: " + e.getMessage(), e);
        }
    }

    @NotNull
    private PrismObject<F> getObjectNew(LensFocusContext<F> lensFocusContext) throws SchemaException {
        PrismObject<F> objectNew = lensFocusContext.getObjectNew();
        if (objectNew != null) {
            return objectNew;
        }
        lensFocusContext.recompute();
        PrismObject<F> objectNew2 = lensFocusContext.getObjectNew();
        if (objectNew2 != null) {
            return objectNew2;
        }
        throw new IllegalStateException("Unexpected null objectNew in " + lensFocusContext);
    }

    private void processCredentialContainerValue(PrismContainerValue<R> prismContainerValue) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, PolicyViolationException, CommunicationException, ConfigurationException, SecurityViolationException {
        addMissingMetadata(prismContainerValue);
        validateCredentialContainerValues(prismContainerValue);
    }

    private void validateMinOccurs(PrismContainer<R> prismContainer) throws SchemaException, PolicyViolationException {
        processValidationResult(getObjectValuePolicyEvaluator().validateMinOccurs(getValuesCount(prismContainer), this.result));
    }

    private int getValuesCount(PrismContainer<R> prismContainer) {
        return MiscUtil.nonNullValues(Item.getAllValues(prismContainer, getCredentialRelativeValuePath())).size();
    }

    private void processValueDelta(ObjectDelta<F> objectDelta) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        ItemDelta findPropertyDelta = objectDelta.findPropertyDelta(getCredentialValuePath());
        if (findPropertyDelta == null) {
            LOGGER.trace("Skipping processing {} policies. Focus delta does not contain value change.", getCredentialHumanReadableName());
        } else {
            processPropertyValueCollection(findPropertyDelta.getValuesToAdd());
            processPropertyValueCollection(findPropertyDelta.getValuesToReplace());
        }
    }

    private void processPropertyValueCollection(Collection<PrismPropertyValue<ProtectedStringType>> collection) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        if (collection == null) {
            return;
        }
        Iterator<PrismPropertyValue<ProtectedStringType>> it = collection.iterator();
        while (it.hasNext()) {
            validateProtectedStringValue(it.next().getValue());
        }
    }

    protected void validateCredentialContainerValues(PrismContainerValue<R> prismContainerValue) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        Item findProperty = prismContainerValue.findProperty(getCredentialRelativeValuePath());
        if (findProperty != null) {
            Iterator it = findProperty.getValues().iterator();
            while (it.hasNext()) {
                validateProtectedStringValue((ProtectedStringType) ((PrismPropertyValue) it.next()).getValue());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateProtectedStringValue(ProtectedStringType protectedStringType) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException {
        processValidationResult(getObjectValuePolicyEvaluator().validateProtectedStringValue(protectedStringType, this.result));
    }

    private void processValidationResult(OperationResult operationResult) throws PolicyViolationException {
        if (operationResult.isAcceptable()) {
            return;
        }
        throw ((PolicyViolationException) this.localizationService.translate((LocalizationService) new PolicyViolationException(new LocalizableMessageBuilder().key("PolicyViolationException.message.credentials." + getCredentialHumanReadableKey()).arg(operationResult.getUserFriendlyMessage()).build())));
    }

    private void addMetadataDelta() throws SchemaException {
        Iterator<ItemDelta<?, ?>> it = this.metadataManager.createModifyMetadataDeltas(this.context, getCurrentCredentialMetadata(), getCredentialsContainerPath().append(AbstractCredentialType.F_METADATA), this.context.getFocusClass(), this.now, this.task).iterator();
        while (it.hasNext()) {
            this.context.getFocusContext().swallowToSecondaryDelta(it.next());
        }
    }

    private void addMissingMetadata(PrismContainerValue<R> prismContainerValue) throws SchemaException {
        if (!hasValueChange(prismContainerValue) || hasMetadata(prismContainerValue)) {
            return;
        }
        this.context.getFocusContext().swallowToSecondaryDelta(this.prismContext.deltaFactory().container().createModificationAdd(getCredentialsContainerPath().append(AbstractCredentialType.F_METADATA), FocusType.class, (Class) this.metadataManager.createCreateMetadata(this.context, this.now, this.task)));
    }

    private boolean hasValueDelta(ObjectDelta<F> objectDelta, ItemPath itemPath) {
        if (objectDelta == null) {
            return false;
        }
        Iterator it = objectDelta.findPartial(itemPath).iterator();
        while (it.hasNext()) {
            PartiallyResolvedDelta partiallyResolvedDelta = (PartiallyResolvedDelta) it.next();
            LOGGER.trace("Residual delta:\n{}", partiallyResolvedDelta.debugDumpLazily());
            ItemPath residualPath = partiallyResolvedDelta.getResidualPath();
            if (!ItemPath.isEmpty(residualPath)) {
                LOGGER.trace("PATH: {}", residualPath);
                ItemName firstName = residualPath.firstName();
                LOGGER.trace("NAME: {}", firstName);
                if (isValueElement(firstName)) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean hasValueChange(PrismContainerValue<R> prismContainerValue) {
        Iterator<Item<?, ?>> it = prismContainerValue.getItems().iterator();
        while (it.hasNext()) {
            if (isValueElement(it.next().getElementName())) {
                return true;
            }
        }
        return false;
    }

    private boolean isValueElement(ItemName itemName) {
        return (AbstractCredentialType.F_FAILED_LOGINS.matches(itemName) || AbstractCredentialType.F_LAST_FAILED_LOGIN.matches(itemName) || AbstractCredentialType.F_LAST_SUCCESSFUL_LOGIN.matches(itemName) || AbstractCredentialType.F_METADATA.matches(itemName) || AbstractCredentialType.F_PREVIOUS_SUCCESSFUL_LOGIN.matches(itemName)) ? false : true;
    }

    private boolean hasMetadata(PrismContainerValue<R> prismContainerValue) {
        Iterator<Item<?, ?>> it = prismContainerValue.getItems().iterator();
        while (it.hasNext()) {
            if (AbstractCredentialType.F_METADATA.matches(it.next().getElementName())) {
                return true;
            }
        }
        return false;
    }

    private AbstractCredentialType getOldCredential() {
        PrismContainer<R> oldCredentialContainer = getOldCredentialContainer();
        if (oldCredentialContainer != null) {
            return oldCredentialContainer.getRealValue();
        }
        return null;
    }

    private MetadataType getCurrentCredentialMetadata() {
        AbstractCredentialType currentCredential = getCurrentCredential();
        if (currentCredential != null) {
            return currentCredential.getMetadata();
        }
        return null;
    }

    private AbstractCredentialType getCurrentCredential() {
        PrismContainer<R> currentCredentialContainer = getCurrentCredentialContainer();
        if (currentCredentialContainer != null) {
            return currentCredentialContainer.getRealValue();
        }
        return null;
    }

    private PrismContainer<R> getOldCredentialContainer() {
        PrismObject<F> objectOld = this.context.getFocusContext().getObjectOld();
        if (objectOld != null) {
            return (PrismContainer<R>) objectOld.findContainer(getCredentialsContainerPath());
        }
        return null;
    }

    private PrismContainer<R> getCurrentCredentialContainer() {
        PrismObject<F> objectCurrent = this.context.getFocusContext().getObjectCurrent();
        if (objectCurrent != null) {
            return (PrismContainer<R>) objectCurrent.findContainer(getCredentialsContainerPath());
        }
        return null;
    }

    private void addHistoryDeltas() throws SchemaException {
        PrismContainer<R> oldCredentialContainer;
        if (!supportsHistory() || (oldCredentialContainer = getOldCredentialContainer()) == null) {
            return;
        }
        int credentialHistoryLength = SecurityUtil.getCredentialHistoryLength(getCredentialPolicy());
        createDeleteHistoryDeltasIfNeeded(credentialHistoryLength, credentialHistoryLength > 1 ? createAddHistoryDelta(oldCredentialContainer) : 0, oldCredentialContainer);
    }

    private int createAddHistoryDelta(PrismContainer<R> prismContainer) throws SchemaException {
        ProtectedStringType protectedStringType;
        MetadataType metadata = prismContainer.getRealValue().getMetadata();
        Item findProperty = prismContainer.findProperty(getCredentialRelativeValuePath());
        if (findProperty == null || (protectedStringType = (ProtectedStringType) findProperty.getRealValue()) == null) {
            return 0;
        }
        ProtectedStringType m3665clone = protectedStringType.m3665clone();
        prepareProtectedStringForStorage(m3665clone, (CredentialsStorageTypeType) ObjectUtils.defaultIfNull(SecurityUtil.getCredentialStorageTypeType(getCredentialPolicy().getHistoryStorageMethod()), CredentialsStorageTypeType.HASHING));
        PasswordHistoryEntryType passwordHistoryEntryType = (PasswordHistoryEntryType) prismContainer.getDefinition().findContainerDefinition(PasswordType.F_HISTORY_ENTRY).instantiate().createNewValue().asContainerable();
        passwordHistoryEntryType.setValue(m3665clone);
        passwordHistoryEntryType.setMetadata(metadata != null ? metadata.m2738clone() : null);
        passwordHistoryEntryType.setChangeTimestamp(this.now);
        this.context.getFocusContext().swallowToSecondaryDelta(this.prismContext.deltaFactory().container().createModificationAdd(SchemaConstants.PATH_CREDENTIALS_PASSWORD_HISTORY_ENTRY, FocusType.class, (Class) passwordHistoryEntryType.m2870clone()));
        return 1;
    }

    private void createDeleteHistoryDeltasIfNeeded(int i, int i2, PrismContainer<R> prismContainer) throws SchemaException {
        Item findOrCreateContainer = prismContainer.findOrCreateContainer(PasswordType.F_HISTORY_ENTRY);
        List values = findOrCreateContainer.getValues();
        if (values.isEmpty()) {
            return;
        }
        int size = (findOrCreateContainer.size() - i) + i2 + 1;
        Iterator it = values.iterator();
        for (int i3 = 0; it.hasNext() && i3 < size; i3++) {
            this.context.getFocusContext().swallowToSecondaryDelta(this.prismContext.deltaFactory().container().createModificationDelete(SchemaConstants.PATH_CREDENTIALS_PASSWORD_HISTORY_ENTRY, FocusType.class, ((PrismContainerValue) it.next()).mo825clone()));
        }
    }

    private void prepareProtectedStringForStorage(ProtectedStringType protectedStringType, CredentialsStorageTypeType credentialsStorageTypeType) throws SchemaException {
        try {
            switch (credentialsStorageTypeType) {
                case ENCRYPTION:
                    if (!protectedStringType.isEncrypted()) {
                        if (!protectedStringType.isHashed()) {
                            this.protector.encrypt(protectedStringType);
                            break;
                        } else {
                            throw new SchemaException("Cannot store hashed value in an encrypted form");
                        }
                    } else {
                        break;
                    }
                case HASHING:
                    if (!protectedStringType.isHashed()) {
                        this.protector.hash(protectedStringType);
                        break;
                    } else {
                        break;
                    }
                case NONE:
                    throw new SchemaException("Cannot store value on NONE storage form");
                default:
                    throw new SchemaException("Unknown storage type: " + credentialsStorageTypeType);
            }
        } catch (EncryptionException e) {
            throw new SystemException(e.getMessage(), e);
        }
    }
}
