package net.unit8.bouncr.api.resource;

import enkan.security.bouncr.UserPermissionPrincipal;
import enkan.util.BeanBuilder;
import enkan.util.jpa.EntityTransactionManager;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.Optional;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import kotowari.restful.Decision;
import kotowari.restful.DecisionPoint;
import kotowari.restful.component.BeansValidator;
import kotowari.restful.data.Problem;
import kotowari.restful.data.RestContext;
import kotowari.restful.resource.AllowedMethods;
import net.unit8.bouncr.api.boundary.BouncrProblem;
import net.unit8.bouncr.api.boundary.PasswordCredentialCreateRequest;
import net.unit8.bouncr.api.boundary.PasswordCredentialUpdateRequest;
import net.unit8.bouncr.api.logging.ActionRecord;
import net.unit8.bouncr.api.service.PasswordPolicyService;
import net.unit8.bouncr.component.BouncrConfiguration;
import net.unit8.bouncr.component.config.HookPoint;
import net.unit8.bouncr.entity.ActionType;
import net.unit8.bouncr.entity.PasswordCredential;
import net.unit8.bouncr.entity.User;
import net.unit8.bouncr.util.PasswordUtils;
import net.unit8.bouncr.util.RandomUtils;

@AllowedMethods({"POST", "PUT", "DELETE"})
/* loaded from: input_file:net/unit8/bouncr/api/resource/PasswordCredentialResource.class */
public class PasswordCredentialResource {

    @Inject
    private BouncrConfiguration config;

    @Inject
    private BeansValidator validator;

    @Decision(value = DecisionPoint.MALFORMED, method = {"POST"})
    public Problem validateCreateRequest(PasswordCredentialCreateRequest passwordCredentialCreateRequest, RestContext restContext, EntityManager entityManager) {
        if (passwordCredentialCreateRequest == null) {
            return (Problem) BeanBuilder.builder(Problem.valueOf(400, "request is empty")).set((v0, v1) -> {
                v0.setType(v1);
            }, BouncrProblem.MALFORMED.problemUri()).build();
        }
        PasswordPolicyService passwordPolicyService = new PasswordPolicyService(this.config.getPasswordPolicy(), entityManager);
        Problem problem = (Problem) BeanBuilder.builder(Problem.fromViolations(this.validator.validate(passwordCredentialCreateRequest))).set((v0, v1) -> {
            v0.setType(v1);
        }, BouncrProblem.MALFORMED.problemUri()).build();
        Optional.ofNullable(passwordPolicyService.validateCreatePassword(passwordCredentialCreateRequest)).ifPresent(violation -> {
            problem.getViolations().add(violation);
        });
        if (problem.getViolations().isEmpty()) {
            restContext.putValue(passwordCredentialCreateRequest);
        }
        if (problem.getViolations().isEmpty()) {
            return null;
        }
        return problem;
    }

    @Decision(value = DecisionPoint.MALFORMED, method = {"PUT"})
    public Problem validateUpdateRequest(PasswordCredentialUpdateRequest passwordCredentialUpdateRequest, RestContext restContext, EntityManager entityManager) {
        if (passwordCredentialUpdateRequest == null) {
            return (Problem) BeanBuilder.builder(Problem.valueOf(400, "request is empty")).set((v0, v1) -> {
                v0.setType(v1);
            }, BouncrProblem.MALFORMED.problemUri()).build();
        }
        PasswordPolicyService passwordPolicyService = new PasswordPolicyService(this.config.getPasswordPolicy(), entityManager);
        Problem problem = (Problem) BeanBuilder.builder(Problem.fromViolations(this.validator.validate(passwordCredentialUpdateRequest))).set((v0, v1) -> {
            v0.setType(v1);
        }, BouncrProblem.MALFORMED.problemUri()).build();
        Optional.ofNullable(passwordPolicyService.validateUpdatePassword(passwordCredentialUpdateRequest)).ifPresent(violation -> {
            problem.getViolations().add(violation);
        });
        if (problem.getViolations().isEmpty()) {
            restContext.putValue(passwordCredentialUpdateRequest);
        }
        if (problem.getViolations().isEmpty()) {
            return null;
        }
        return problem;
    }

    @Decision(value = DecisionPoint.AUTHORIZED, method = {"POST", "DELETE"})
    public boolean isAuthorized(UserPermissionPrincipal userPermissionPrincipal) {
        return userPermissionPrincipal != null;
    }

    @Decision(value = DecisionPoint.ALLOWED, method = {"POST"})
    public boolean isPostAllowed(UserPermissionPrincipal userPermissionPrincipal, PasswordCredentialCreateRequest passwordCredentialCreateRequest) {
        if (userPermissionPrincipal.hasPermission("any_user:create") || userPermissionPrincipal.hasPermission("user:create")) {
            return true;
        }
        return userPermissionPrincipal.getName().equals(passwordCredentialCreateRequest.getAccount());
    }

    @Decision(value = DecisionPoint.ALLOWED, method = {"POST"})
    public boolean isDeleteAllowed(UserPermissionPrincipal userPermissionPrincipal, PasswordCredentialCreateRequest passwordCredentialCreateRequest) {
        if (userPermissionPrincipal.hasPermission("any_user:create") || userPermissionPrincipal.hasPermission("user:create")) {
            return true;
        }
        return userPermissionPrincipal.getName().equals(passwordCredentialCreateRequest.getAccount());
    }

    private Optional<User> findUserByAccount(String str, EntityManager entityManager) {
        CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(User.class);
        createQuery.where(criteriaBuilder.equal(createQuery.from(User.class).get("account"), str));
        return entityManager.createQuery(createQuery).getResultStream().findAny();
    }

    @Decision(value = DecisionPoint.PROCESSABLE, method = {"POST"})
    public boolean userProcessableInPost(PasswordCredentialCreateRequest passwordCredentialCreateRequest, RestContext restContext, EntityManager entityManager) {
        return findUserByAccount(passwordCredentialCreateRequest.getAccount(), entityManager).map(user -> {
            restContext.putValue(user);
            return user;
        }).isPresent();
    }

    @Decision(value = DecisionPoint.PROCESSABLE, method = {"PUT"})
    public boolean userProcessableInPut(PasswordCredentialUpdateRequest passwordCredentialUpdateRequest, RestContext restContext, EntityManager entityManager) {
        return findUserByAccount(passwordCredentialUpdateRequest.getAccount(), entityManager).map(user -> {
            restContext.putValue(user);
            return user;
        }).filter(user2 -> {
            return user2.getPasswordCredential() != null;
        }).filter(user3 -> {
            return Arrays.equals(user3.getPasswordCredential().getPassword(), PasswordUtils.pbkdf2(passwordCredentialUpdateRequest.getOldPassword(), user3.getPasswordCredential().getSalt(), 100));
        }).isPresent();
    }

    @Decision(DecisionPoint.POST)
    public PasswordCredential create(PasswordCredentialCreateRequest passwordCredentialCreateRequest, User user, UserPermissionPrincipal userPermissionPrincipal, ActionRecord actionRecord, RestContext restContext, EntityManager entityManager) {
        String generateRandomString = RandomUtils.generateRandomString(16, this.config.getSecureRandom());
        PasswordCredential passwordCredential = (PasswordCredential) BeanBuilder.builder(new PasswordCredential()).set((v0, v1) -> {
            v0.setUser(v1);
        }, user).set((v0, v1) -> {
            v0.setSalt(v1);
        }, generateRandomString).set((v0, v1) -> {
            v0.setInitial(v1);
        }, Boolean.valueOf(passwordCredentialCreateRequest.isInitial())).set((v0, v1) -> {
            v0.setPassword(v1);
        }, PasswordUtils.pbkdf2(passwordCredentialCreateRequest.getPassword(), generateRandomString, 100)).set((v0, v1) -> {
            v0.setCreatedAt(v1);
        }, LocalDateTime.now()).build();
        new EntityTransactionManager(entityManager).required(() -> {
            entityManager.persist(passwordCredential);
            restContext.putValue(passwordCredential);
            this.config.getHookRepo().runHook(HookPoint.AFTER_CREATE_PASSWORD_CREDENTIAL, restContext);
        });
        actionRecord.setActionType(ActionType.PASSWORD_CREATED);
        actionRecord.setActor(userPermissionPrincipal.getName());
        actionRecord.setDescription(user.getAccount());
        entityManager.detach(passwordCredential);
        return passwordCredential;
    }

    @Decision(DecisionPoint.PUT)
    public PasswordCredential update(PasswordCredentialUpdateRequest passwordCredentialUpdateRequest, User user, UserPermissionPrincipal userPermissionPrincipal, ActionRecord actionRecord, RestContext restContext, EntityManager entityManager) {
        PasswordCredential passwordCredential = user.getPasswordCredential();
        String generateRandomString = RandomUtils.generateRandomString(16, this.config.getSecureRandom());
        new EntityTransactionManager(entityManager).required(() -> {
            passwordCredential.setSalt(generateRandomString);
            passwordCredential.setPassword(PasswordUtils.pbkdf2(passwordCredentialUpdateRequest.getNewPassword(), generateRandomString, 100));
            passwordCredential.setInitial(false);
            passwordCredential.setCreatedAt(LocalDateTime.now());
            entityManager.merge(passwordCredential);
            restContext.putValue(passwordCredential);
            this.config.getHookRepo().runHook(HookPoint.AFTER_UPDATE_PASSWORD_CREDENTIAL, restContext);
        });
        entityManager.detach(passwordCredential);
        actionRecord.setActionType(ActionType.PASSWORD_CHANGED);
        actionRecord.setActor((String) Optional.ofNullable(userPermissionPrincipal).map((v0) -> {
            return v0.getName();
        }).orElse(user.getAccount()));
        actionRecord.setDescription(user.getAccount());
        return passwordCredential;
    }

    @Decision(DecisionPoint.DELETE)
    public Void delete(UserPermissionPrincipal userPermissionPrincipal, ActionRecord actionRecord, RestContext restContext, EntityManager entityManager) {
        CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
        CriteriaQuery createQuery = criteriaBuilder.createQuery(PasswordCredential.class);
        createQuery.where(criteriaBuilder.equal(createQuery.from(PasswordCredential.class).join("user").get("name"), userPermissionPrincipal.getName()));
        EntityTransactionManager entityTransactionManager = new EntityTransactionManager(entityManager);
        entityManager.createQuery(createQuery).getResultStream().findAny().ifPresent(passwordCredential -> {
            entityTransactionManager.required(() -> {
                entityManager.remove(passwordCredential);
                this.config.getHookRepo().runHook(HookPoint.AFTER_DELETE_PASSWORD_CREDENTIAL, restContext);
            });
        });
        actionRecord.setActionType(ActionType.PASSWORD_DELETED);
        actionRecord.setActor(userPermissionPrincipal.getName());
        return null;
    }
}
