package io.inverno.mod.security.authentication.user;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.inverno.mod.redis.RedisClient;
import io.inverno.mod.security.authentication.AuthenticationException;
import io.inverno.mod.security.authentication.LoginCredentials;
import io.inverno.mod.security.authentication.password.PBKDF2Password;
import io.inverno.mod.security.authentication.password.Password;
import io.inverno.mod.security.authentication.password.PasswordException;
import io.inverno.mod.security.authentication.password.PasswordPolicy;
import io.inverno.mod.security.authentication.password.PasswordPolicyException;
import io.inverno.mod.security.authentication.password.RawPassword;
import io.inverno.mod.security.authentication.password.SimplePasswordPolicy;
import io.inverno.mod.security.authentication.user.User;
import io.inverno.mod.security.identity.Identity;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:io/inverno/mod/security/authentication/user/RedisUserRepository.class */
public class RedisUserRepository<A extends Identity, B extends User<A>> implements UserRepository<A, B> {
    private static final String DEFAULT_KEY_PREFIX = "SEC";
    private static final PBKDF2Password.Encoder DEFAULT_PASSWORD_ENCODER = new PBKDF2Password.Encoder();
    private final RedisClient<String, String> redisClient;
    private final ObjectMapper mapper;
    private final PasswordPolicy<B, ?> passwordPolicy;
    private final Password.Encoder<?, ?> passwordEncoder;
    private String keyPrefix;
    private String userKeyPrefix;
    private String groupKeyPrefix;

    public RedisUserRepository(RedisClient<String, String> redisClient, ObjectMapper objectMapper) {
        this(redisClient, objectMapper, DEFAULT_PASSWORD_ENCODER, new SimplePasswordPolicy());
    }

    public RedisUserRepository(RedisClient<String, String> redisClient, ObjectMapper objectMapper, PasswordPolicy<B, ?> passwordPolicy) {
        this(redisClient, objectMapper, DEFAULT_PASSWORD_ENCODER, passwordPolicy);
    }

    public RedisUserRepository(RedisClient<String, String> redisClient, ObjectMapper objectMapper, Password.Encoder<?, ?> encoder) {
        this(redisClient, objectMapper, encoder, new SimplePasswordPolicy());
    }

    public RedisUserRepository(RedisClient<String, String> redisClient, ObjectMapper objectMapper, Password.Encoder<?, ?> encoder, PasswordPolicy<B, ?> passwordPolicy) {
        this.redisClient = redisClient;
        this.mapper = objectMapper;
        this.passwordPolicy = passwordPolicy;
        this.passwordEncoder = encoder;
        setKeyPrefix(DEFAULT_KEY_PREFIX);
    }

    public Password.Encoder<?, ?> getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public PasswordPolicy<B, ?> getPasswordPolicy() {
        return this.passwordPolicy;
    }

    public final String getKeyPrefix() {
        return this.keyPrefix;
    }

    public final void setKeyPrefix(String str) {
        this.keyPrefix = StringUtils.isNotBlank(str) ? str : DEFAULT_KEY_PREFIX;
        this.userKeyPrefix = this.keyPrefix + ":USER:";
        this.groupKeyPrefix = this.keyPrefix + ":GROUP:";
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> createUser(B b) throws UserRepositoryException {
        Objects.requireNonNull(b);
        if (b.getPassword() instanceof RawPassword) {
            return Mono.from(this.redisClient.connection(redisOperations -> {
                try {
                    this.passwordPolicy.verify(b, b.getPassword().getValue());
                    b.setPassword(this.passwordEncoder.encode(b.getPassword().getValue()));
                    return redisOperations.set().nx().build(this.userKeyPrefix + b.getUsername(), this.mapper.writeValueAsString(b)).switchIfEmpty(Mono.error(() -> {
                        return new UserRepositoryException("User already exists: " + b.getUsername());
                    })).flatMapMany(str -> {
                        if (str.equals("OK")) {
                            return !b.getGroups().isEmpty() ? Flux.fromIterable(b.getGroups()).flatMap(str -> {
                                return redisOperations.sadd(this.groupKeyPrefix + str, b.getUsername());
                            }) : Mono.empty();
                        }
                        throw new UserRepositoryException("Error setting user: " + b.getUsername());
                    }).then(Mono.just(b));
                } catch (JsonProcessingException e) {
                    throw new UserRepositoryException((Throwable) e);
                }
            }));
        }
        throw new UserRepositoryException("User password must be a raw password");
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> updateUser(B b) throws UserRepositoryException {
        Objects.requireNonNull(b);
        return getUser(b.getUsername()).flatMap(user -> {
            b.setPassword(user.getPassword());
            b.setGroups(user.getGroups());
            b.setLocked(user.isLocked());
            try {
                return this.redisClient.set(this.userKeyPrefix + b.getUsername(), this.mapper.writeValueAsString(b)).map(str -> {
                    if (str.equals("OK")) {
                        return b;
                    }
                    throw new UserRepositoryException("Error setting user: " + b.getUsername());
                });
            } catch (JsonProcessingException e) {
                throw new UserRepositoryException((Throwable) e);
            }
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> getUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return this.redisClient.get(this.userKeyPrefix + str).map(str2 -> {
            try {
                return (User) this.mapper.readValue(str2, User.class);
            } catch (JsonProcessingException e) {
                throw new UserRepositoryException("Malformed user: " + str, e);
            }
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Flux<B> listUsers() throws UserRepositoryException {
        String str = this.userKeyPrefix + "*";
        return Flux.from(this.redisClient.connection(redisOperations -> {
            return redisOperations.scan().pattern(str).count(100L).build("0").expand(keyScanResult -> {
                return keyScanResult.isFinished() ? Mono.empty() : redisOperations.scan().pattern(str).count(100L).build(keyScanResult.getCursor());
            }).flatMapIterable(keyScanResult2 -> {
                return keyScanResult2.getKeys();
            }).flatMap(str2 -> {
                return redisOperations.get(str2).map(str2 -> {
                    try {
                        return (User) this.mapper.readValue(str2, User.class);
                    } catch (JsonProcessingException e) {
                        throw new UserRepositoryException("Malformed user: " + str2, e);
                    }
                });
            });
        }));
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> changePassword(LoginCredentials loginCredentials, String str) throws AuthenticationException, PasswordPolicyException, PasswordException, UserRepositoryException {
        Objects.requireNonNull(loginCredentials);
        Objects.requireNonNull(str);
        return getUser(loginCredentials.getUsername()).flatMap(user -> {
            if (!user.getPassword().matches(loginCredentials.getPassword())) {
                throw new AuthenticationException("Invalid credentials");
            }
            this.passwordPolicy.verify(user, str);
            user.setPassword(this.passwordEncoder.encode(str));
            try {
                return this.redisClient.set(this.userKeyPrefix + loginCredentials.getUsername(), this.mapper.writeValueAsString(user)).map(str2 -> {
                    if (str2.equals("OK")) {
                        return user;
                    }
                    throw new UserRepositoryException("Error setting user: " + loginCredentials.getUsername());
                });
            } catch (JsonProcessingException e) {
                throw new UserRepositoryException((Throwable) e);
            }
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> lockUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return getUser(str).flatMap(user -> {
            user.setLocked(true);
            try {
                return this.redisClient.set(this.userKeyPrefix + str, this.mapper.writeValueAsString(user)).map(str2 -> {
                    if (str2.equals("OK")) {
                        return user;
                    }
                    throw new UserRepositoryException("Error setting user: " + str);
                });
            } catch (JsonProcessingException e) {
                throw new UserRepositoryException((Throwable) e);
            }
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> unlockUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return getUser(str).flatMap(user -> {
            user.setLocked(false);
            try {
                return this.redisClient.set(this.userKeyPrefix + str, this.mapper.writeValueAsString(user)).map(str2 -> {
                    if (str2.equals("OK")) {
                        return user;
                    }
                    throw new UserRepositoryException("Error setting user: " + str);
                });
            } catch (JsonProcessingException e) {
                throw new UserRepositoryException((Throwable) e);
            }
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> addUserToGroups(String str, String... strArr) throws UserRepositoryException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(strArr);
        return getUser(str).flatMap(user -> {
            HashSet hashSet = new HashSet(user.getGroups());
            Stream stream = Arrays.stream(strArr);
            Objects.requireNonNull(hashSet);
            Set set = (Set) stream.filter((v1) -> {
                return r1.add(v1);
            }).collect(Collectors.toSet());
            if (hashSet.size() == user.getGroups().size()) {
                return Mono.just(user);
            }
            user.setGroups(hashSet);
            return Mono.from(this.redisClient.connection(redisOperations -> {
                try {
                    return redisOperations.set().xx().build(this.userKeyPrefix + str, this.mapper.writeValueAsString(user)).switchIfEmpty(Mono.error(() -> {
                        return new UserRepositoryException("User already exists: " + str);
                    })).flatMapMany(str2 -> {
                        if (str2.equals("OK")) {
                            return Flux.fromIterable(set).flatMap(str2 -> {
                                return redisOperations.sadd(this.groupKeyPrefix + str2, str);
                            });
                        }
                        throw new UserRepositoryException("Error setting user: " + str);
                    }).then(Mono.just(user));
                } catch (JsonProcessingException e) {
                    throw new UserRepositoryException((Throwable) e);
                }
            }));
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> removeUserFromGroups(String str, String... strArr) throws UserRepositoryException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(strArr);
        return getUser(str).flatMap(user -> {
            HashSet hashSet = new HashSet(user.getGroups());
            Stream stream = Arrays.stream(strArr);
            Objects.requireNonNull(hashSet);
            Set set = (Set) stream.filter((v1) -> {
                return r1.remove(v1);
            }).collect(Collectors.toSet());
            if (hashSet.size() == user.getGroups().size()) {
                return Mono.just(user);
            }
            user.setGroups(hashSet);
            return Mono.from(this.redisClient.connection(redisOperations -> {
                try {
                    return redisOperations.set().xx().build(this.userKeyPrefix + str, this.mapper.writeValueAsString(user)).switchIfEmpty(Mono.error(() -> {
                        return new UserRepositoryException("User already exists: " + str);
                    })).flatMapMany(str2 -> {
                        if (str2.equals("OK")) {
                            return Flux.fromIterable(set).flatMap(str2 -> {
                                return redisOperations.srem(this.groupKeyPrefix + str2, str);
                            });
                        }
                        throw new UserRepositoryException("Error setting user: " + str);
                    }).then(Mono.just(user));
                } catch (JsonProcessingException e) {
                    throw new UserRepositoryException((Throwable) e);
                }
            }));
        });
    }

    @Override // io.inverno.mod.security.authentication.user.UserRepository
    public Mono<B> deleteUser(String str) throws UserRepositoryException {
        Objects.requireNonNull(str);
        return getUser(str).flatMap(user -> {
            return Mono.from(this.redisClient.connection(redisOperations -> {
                return Flux.fromIterable(user.getGroups()).flatMap(str2 -> {
                    return redisOperations.srem(this.groupKeyPrefix + str2, str);
                }).then(redisOperations.del(this.userKeyPrefix + str)).thenReturn(user);
            }));
        });
    }

    @Override // io.inverno.mod.security.authentication.CredentialsResolver
    public Mono<B> resolveCredentials(String str) throws SecurityException {
        return getUser(str);
    }
}
