package io.gravitee.am.service.impl;

import io.gravitee.am.dataplane.api.repository.PasswordHistoryRepository;
import io.gravitee.am.model.Domain;
import io.gravitee.am.model.PasswordHistory;
import io.gravitee.am.model.PasswordPolicy;
import io.gravitee.am.model.Reference;
import io.gravitee.am.model.User;
import io.gravitee.am.plugins.dataplane.core.DataPlaneRegistry;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.authentication.crypto.password.PasswordEncoder;
import io.gravitee.am.service.exception.PasswordHistoryException;
import io.gravitee.am.service.exception.TechnicalManagementException;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.UserAuditBuilder;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import jakarta.inject.Named;
import java.util.Comparator;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/service/impl/PasswordHistoryService.class */
public class PasswordHistoryService {
    private static final Logger LOGGER = LoggerFactory.getLogger(PasswordHistoryService.class);
    private final AuditService auditService;
    private final PasswordEncoder passwordEncoder;
    private final DataPlaneRegistry dataPlaneRegistry;

    @Autowired
    public PasswordHistoryService(@Lazy DataPlaneRegistry dataPlaneRegistry, AuditService auditService, @Named("argon2IdEncoder") PasswordEncoder passwordEncoder) {
        this.dataPlaneRegistry = dataPlaneRegistry;
        this.auditService = auditService;
        this.passwordEncoder = passwordEncoder;
    }

    public Maybe<PasswordHistory> addPasswordToHistory(Domain domain, User user, String str, io.gravitee.am.identityprovider.api.User user2, PasswordPolicy passwordPolicy) {
        LOGGER.debug("Adding password history entry for user {}", user);
        if (str == null || passwordPolicy == null || Objects.isNull(passwordPolicy.getPasswordHistoryEnabled()) || Boolean.FALSE.equals(passwordPolicy.getPasswordHistoryEnabled())) {
            LOGGER.debug("Password history not added for user {} due to null password or settings, or because paswword history is disabled.", user.getUsername());
            return Maybe.empty();
        }
        PasswordHistoryRepository passwordHistoryRepository = this.dataPlaneRegistry.getPasswordHistoryRepository(domain);
        return passwordHistoryRepository.findUserHistory(domain.asReference(), user.getId()).toList().flatMap(list -> {
            if (passwordAlreadyUsed(str, list)) {
                return Single.error(() -> {
                    return PasswordHistoryException.passwordAlreadyInHistory(passwordPolicy);
                });
            }
            if (list.size() < passwordPolicy.getOldPasswords().shortValue()) {
                return passwordHistoryRepository.create(getPasswordHistory(domain.asReference(), user, str));
            }
            list.sort(Comparator.comparing((v0) -> {
                return v0.getCreatedAt();
            }));
            return passwordHistoryRepository.delete(((PasswordHistory) list.get(0)).getId()).andThen(passwordHistoryRepository.create(getPasswordHistory(domain.asReference(), user, str)));
        }).doOnSuccess(passwordHistory -> {
            this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).user(user).principal(user2)).type("PASSWORD_HISTORY_CREATED"));
        }).doOnError(th -> {
            this.auditService.report(((UserAuditBuilder) ((UserAuditBuilder) ((UserAuditBuilder) AuditBuilder.builder(UserAuditBuilder.class)).user(user).principal(user2)).type("PASSWORD_HISTORY_CREATED")).throwable(th));
        }).toMaybe();
    }

    public Single<Boolean> passwordAlreadyUsed(Domain domain, String str, String str2, PasswordPolicy passwordPolicy) {
        LOGGER.debug("Checking password history for user {}", str);
        return (passwordPolicy == null || Objects.isNull(passwordPolicy.getPasswordHistoryEnabled()) || Boolean.FALSE.equals(passwordPolicy.getPasswordHistoryEnabled())) ? Single.just(false) : this.dataPlaneRegistry.getPasswordHistoryRepository(domain).findUserHistory(domain.asReference(), str).toList().flatMap(list -> {
            return Single.just(Boolean.valueOf(passwordAlreadyUsed(str2, list)));
        });
    }

    public Flowable<PasswordHistory> findUserHistory(Domain domain, String str) {
        return this.dataPlaneRegistry.getPasswordHistoryRepository(domain).findUserHistory(domain.asReference(), str);
    }

    public Flowable<PasswordHistory> findByReference(Domain domain) {
        LOGGER.debug("Find password histories by domain id {}", domain.getId());
        return this.dataPlaneRegistry.getPasswordHistoryRepository(domain).findByReference(domain.asReference()).onErrorResumeNext(th -> {
            LOGGER.error("Error finding password histories by domain id {}", domain.getId(), th);
            return Flowable.error(new TechnicalManagementException(String.format("Error finding password histories by domain id %s", domain.getId()), th));
        });
    }

    public Completable deleteByReference(Domain domain) {
        return this.dataPlaneRegistry.getPasswordHistoryRepository(domain).deleteByReference(domain.asReference());
    }

    public Completable deleteByUser(Domain domain, String str) {
        return this.dataPlaneRegistry.getPasswordHistoryRepository(domain).deleteByUserId(str);
    }

    private boolean passwordAlreadyUsed(String str, List<PasswordHistory> list) {
        return list.stream().anyMatch(passwordHistory -> {
            return this.passwordEncoder.matches(str, passwordHistory.getPassword());
        });
    }

    private PasswordHistory getPasswordHistory(Reference reference, User user, CharSequence charSequence) {
        PasswordHistory passwordHistory = new PasswordHistory();
        passwordHistory.setUserId(user.getId());
        passwordHistory.setPassword(this.passwordEncoder.encode(charSequence));
        passwordHistory.setCreatedAt(new Date());
        passwordHistory.setReferenceType(reference.type());
        passwordHistory.setReferenceId(reference.id());
        return passwordHistory;
    }
}
