package io.inverno.mod.security.authentication.user;

import io.inverno.mod.security.authentication.AuthenticationException;
import io.inverno.mod.security.authentication.LoginCredentials;
import io.inverno.mod.security.authentication.password.PBKDF2Password;
import io.inverno.mod.security.authentication.password.Password;
import io.inverno.mod.security.authentication.password.PasswordException;
import io.inverno.mod.security.authentication.password.PasswordPolicy;
import io.inverno.mod.security.authentication.password.PasswordPolicyException;
import io.inverno.mod.security.authentication.password.RawPassword;
import io.inverno.mod.security.authentication.password.SimplePasswordPolicy;
import io.inverno.mod.security.authentication.user.User;
import io.inverno.mod.security.identity.Identity;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/inverno/mod/security/authentication/user/InMemoryUserRepository.class */
public class InMemoryUserRepository<A extends Identity, B extends User<A>> implements UserRepository<A, B> {
    private static final PBKDF2Password.Encoder DEFAULT_PASSWORD_ENCODER = new PBKDF2Password.Encoder();
    private final Map<String, B> users;
    private final PasswordPolicy<B, ?> passwordPolicy;
    private final Password.Encoder<?, ?> passwordEncoder;

    /* loaded from: input_file:io/inverno/mod/security/authentication/user/InMemoryUserRepository$Builder.class */
    public static class Builder<A extends Identity, B extends User<A>> {
        private Set<B> users;
        private PasswordPolicy<B, ?> passwordPolicy;
        private Password.Encoder<?, ?> passwordEncoder;

        private Builder() {
        }

        public Builder<A, B> user(B b) {
            if (b != null) {
                this.users.add(b);
            }
            return this;
        }

        public Builder<A, B> users(Collection<B> collection) {
            if (collection != null) {
                if (this.users == null) {
                    this.users = new HashSet();
                }
                this.users.addAll(collection);
            }
            return this;
        }

        public Builder<A, B> passwordPolicy(PasswordPolicy<B, ?> passwordPolicy) {
            this.passwordPolicy = passwordPolicy;
            return this;
        }

        public Builder<A, B> passwordEncoder(Password.Encoder<?, ?> encoder) {
            this.passwordEncoder = encoder;
            return this;
        }

        public InMemoryUserRepository<A, B> build() {
            return new InMemoryUserRepository<>(this.users, this.passwordEncoder, this.passwordPolicy);
        }
    }

    public InMemoryUserRepository() {
        this(List.of(), DEFAULT_PASSWORD_ENCODER, new SimplePasswordPolicy());
    }

    public InMemoryUserRepository(Collection<B> collection) {
        this(collection, DEFAULT_PASSWORD_ENCODER, new SimplePasswordPolicy());
    }

    public InMemoryUserRepository(Collection<B> collection, Password.Encoder<?, ?> encoder, PasswordPolicy<B, ?> passwordPolicy) throws UserRepositoryException {
        this.users = new ConcurrentHashMap();
        this.passwordEncoder = encoder != null ? encoder : DEFAULT_PASSWORD_ENCODER;
        this.passwordPolicy = passwordPolicy != null ? passwordPolicy : new SimplePasswordPolicy<>();
        if (collection != null) {
            collection.forEach(user -> {
                createUser(user).block();
            });
        }
    }

    public static <A extends Identity, B extends User<A>> Builder<A, B> of() {
        return new Builder<>();
    }

    public static <A extends Identity, B extends User<A>> Builder<A, B> of(Collection<B> collection) {
        return new Builder().users(collection);
    }

    public Password.Encoder<?, ?> getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public PasswordPolicy<B, ?> getPasswordPolicy() {
        return this.passwordPolicy;
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> createUser(B b) throws UserRepositoryException {
        Objects.requireNonNull(b);
        if (b.getPassword() instanceof RawPassword) {
            return Mono.fromSupplier(() -> {
                if (this.users.get(b.getUsername()) != null) {
                    throw new UserRepositoryException("User already exists: " + b.getUsername());
                }
                this.passwordPolicy.verify(b, b.getPassword().getValue());
                b.setPassword(this.passwordEncoder.encode(b.getPassword().getValue()));
                this.users.put(b.getUsername(), b);
                return b;
            });
        }
        throw new UserRepositoryException("User password must be a raw password");
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> updateUser(B b) {
        Objects.requireNonNull(b);
        return Mono.fromSupplier(() -> {
            B b2 = this.users.get(b.getUsername());
            if (b2 == null) {
                return null;
            }
            b.setPassword(b2.getPassword());
            b.setGroups(b2.getGroups());
            b.setLocked(b2.isLocked());
            this.users.put(b.getUsername(), b);
            return b;
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> getUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return Mono.fromSupplier(() -> {
            return this.users.get(str);
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Flux<B> listUsers() throws UserRepositoryException {
        return Flux.fromStream(() -> {
            return this.users.values().stream();
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> lockUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return Mono.fromSupplier(() -> {
            B b = this.users.get(str);
            if (b == null) {
                return null;
            }
            b.setLocked(true);
            this.users.put(b.getUsername(), b);
            return b;
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> unlockUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return Mono.fromSupplier(() -> {
            B b = this.users.get(str);
            if (b == null) {
                return null;
            }
            b.setLocked(false);
            this.users.put(b.getUsername(), b);
            return b;
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> changePassword(LoginCredentials loginCredentials, String str) throws AuthenticationException, PasswordPolicyException, PasswordException, UserRepositoryException {
        Objects.requireNonNull(loginCredentials);
        Objects.requireNonNull(str);
        return Mono.fromSupplier(() -> {
            B b = this.users.get(loginCredentials.getUsername());
            if (b == null) {
                return null;
            }
            if (!b.getPassword().matches(loginCredentials.getPassword())) {
                throw new AuthenticationException("Invalid credentials");
            }
            this.passwordPolicy.verify(b, str);
            b.setPassword(this.passwordEncoder.encode(str));
            this.users.put(b.getUsername(), b);
            return b;
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> addUserToGroups(String str, String... strArr) throws UserRepositoryException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(strArr);
        return Mono.fromSupplier(() -> {
            B b = this.users.get(str);
            if (b == null) {
                return null;
            }
            HashSet hashSet = new HashSet(b.getGroups());
            hashSet.addAll(Arrays.asList(strArr));
            b.setGroups(hashSet);
            this.users.put(b.getUsername(), b);
            return b;
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> removeUserFromGroups(String str, String... strArr) throws UserRepositoryException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(strArr);
        return Mono.fromSupplier(() -> {
            B b = this.users.get(str);
            if (b == null) {
                return null;
            }
            HashSet hashSet = new HashSet(b.getGroups());
            hashSet.removeAll((Collection) Arrays.stream(strArr).collect(Collectors.toSet()));
            b.setGroups(hashSet);
            this.users.put(b.getUsername(), b);
            return b;
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> deleteUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return Mono.fromSupplier(() -> {
            return this.users.remove(str);
        });
    }

    @Override // io.inverno.mod.security.authentication.CredentialsResolver
    public Mono<B> resolveCredentials(String str) throws SecurityException {
        Objects.requireNonNull(str);
        return getUser(str);
    }
}
